From nobody Thu May 16 15:53:06 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1650989610742185.6949448671645; Tue, 26 Apr 2022 09:13:30 -0700 (PDT) Received: from localhost ([::1]:44696 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1njNof-0001oo-0v for importer@patchew.org; Tue, 26 Apr 2022 12:13:29 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:37716) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1njNcX-00040E-Uf for qemu-devel@nongnu.org; Tue, 26 Apr 2022 12:01:35 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]:53853) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1njNcU-0007Ph-AA for qemu-devel@nongnu.org; Tue, 26 Apr 2022 12:00:55 -0400 Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-327-5IJn1BxzMJ2w1i-Fx0lWIA-1; Tue, 26 Apr 2022 12:00:52 -0400 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com [10.11.54.8]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id CE830383218E for ; Tue, 26 Apr 2022 16:00:51 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.33.36.156]) by smtp.corp.redhat.com (Postfix) with ESMTP id 8FBDDC44AE9; Tue, 26 Apr 2022 16:00:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1650988853; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=e7ZLL2duNDIBgnMDgfLOn7+Q3hspKhbVvSlt5khlcgA=; b=gk7dIPFz+ZgBHdONXgku6/IorARGklUL/I973jsQuAUh4oXCIcgQCV2Pv43vMFiQxTCl2d peSd7U/Fp+kp90uY2Q00yNt82/rs0QDw1Cjdh0tZMAZDv/dhFVViFr+K6XXfVoZCRrZE3P G+hNSMvYOslRRYoMyiojgrm2fh4Gqso= X-MC-Unique: 5IJn1BxzMJ2w1i-Fx0lWIA-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PATCH v3 1/9] tests: fix encoding of IP addresses in x509 certs Date: Tue, 26 Apr 2022 17:00:40 +0100 Message-Id: <20220426160048.812266-2-berrange@redhat.com> In-Reply-To: <20220426160048.812266-1-berrange@redhat.com> References: <20220426160048.812266-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 2.85 on 10.11.54.8 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -28 X-Spam_score: -2.9 X-Spam_bar: -- X-Spam_report: (-2.9 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.082, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Laurent Vivier , Thomas Huth , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Juan Quintela , "Dr. David Alan Gilbert" , Peter Xu , Paolo Bonzini Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1650989611627100001 We need to encode just the address bytes, not the whole struct sockaddr data. Add a test case to validate that we're matching on SAN IP addresses correctly. Signed-off-by: Daniel P. Berrang=C3=A9 Reviewed-by: Dr. David Alan Gilbert --- tests/unit/crypto-tls-x509-helpers.c | 16 +++++++++++++--- tests/unit/test-crypto-tlssession.c | 11 +++++++++-- 2 files changed, 22 insertions(+), 5 deletions(-) diff --git a/tests/unit/crypto-tls-x509-helpers.c b/tests/unit/crypto-tls-x= 509-helpers.c index fc609b3fd4..e9937f60d8 100644 --- a/tests/unit/crypto-tls-x509-helpers.c +++ b/tests/unit/crypto-tls-x509-helpers.c @@ -168,9 +168,19 @@ test_tls_get_ipaddr(const char *addrstr, hints.ai_flags =3D AI_NUMERICHOST; g_assert(getaddrinfo(addrstr, NULL, &hints, &res) =3D=3D 0); =20 - *datalen =3D res->ai_addrlen; - *data =3D g_new(char, *datalen); - memcpy(*data, res->ai_addr, *datalen); + if (res->ai_family =3D=3D AF_INET) { + struct sockaddr_in *in =3D (struct sockaddr_in *)res->ai_addr; + *datalen =3D sizeof(in->sin_addr); + *data =3D g_new(char, *datalen); + memcpy(*data, &in->sin_addr, *datalen); + } else if (res->ai_family =3D=3D AF_INET6) { + struct sockaddr_in6 *in =3D (struct sockaddr_in6 *)res->ai_addr; + *datalen =3D sizeof(in->sin6_addr); + *data =3D g_new(char, *datalen); + memcpy(*data, &in->sin6_addr, *datalen); + } else { + g_assert_not_reached(); + } freeaddrinfo(res); } =20 diff --git a/tests/unit/test-crypto-tlssession.c b/tests/unit/test-crypto-t= lssession.c index 5f0da9192c..a6935d8497 100644 --- a/tests/unit/test-crypto-tlssession.c +++ b/tests/unit/test-crypto-tlssession.c @@ -512,12 +512,19 @@ int main(int argc, char **argv) false, true, "wiki.qemu.org", NULL); =20 TEST_SESS_REG(altname4, cacertreq.filename, + servercertalt1req.filename, clientcertreq.filename, + false, false, "192.168.122.1", NULL); + TEST_SESS_REG(altname5, cacertreq.filename, + servercertalt1req.filename, clientcertreq.filename, + false, false, "fec0::dead:beaf", NULL); + + TEST_SESS_REG(altname6, cacertreq.filename, servercertalt2req.filename, clientcertreq.filename, false, true, "qemu.org", NULL); - TEST_SESS_REG(altname5, cacertreq.filename, + TEST_SESS_REG(altname7, cacertreq.filename, servercertalt2req.filename, clientcertreq.filename, false, false, "www.qemu.org", NULL); - TEST_SESS_REG(altname6, cacertreq.filename, + TEST_SESS_REG(altname8, cacertreq.filename, servercertalt2req.filename, clientcertreq.filename, false, false, "wiki.qemu.org", NULL); =20 --=20 2.35.1 From nobody Thu May 16 15:53:06 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1650989846126527.7202144479216; Tue, 26 Apr 2022 09:17:26 -0700 (PDT) Received: from localhost ([::1]:54436 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1njNsT-0000Jo-4s for importer@patchew.org; Tue, 26 Apr 2022 12:17:25 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:37734) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1njNcZ-00040I-GC for qemu-devel@nongnu.org; Tue, 26 Apr 2022 12:01:35 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:30605) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1njNcW-0007Pr-Ds for qemu-devel@nongnu.org; Tue, 26 Apr 2022 12:00:57 -0400 Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-494-0fbZ7i4gPaO2leS6qCnuvQ-1; Tue, 26 Apr 2022 12:00:53 -0400 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com [10.11.54.8]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 562781E1AE47 for ; Tue, 26 Apr 2022 16:00:53 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.33.36.156]) by smtp.corp.redhat.com (Postfix) with ESMTP id 18601C202C8; Tue, 26 Apr 2022 16:00:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1650988855; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=gSwaVpsZW+CWVjxt7/jW3bRhoZy3B4MN4icq2tZscWc=; b=QgNWWw0E2NWvBAJ9KAYWv7vTPYEwR3RoB65SoIJb6E2y0NoWfYXL2w3js5/jNboX4NAxoi CsHxNiab/AfXmKyibD9ljuUAQfsp852TxHYcC1N4Ej9D7pLfrvR2euY/yNX2rg1/fNRjnb epA2GfMVMVxkmDuvLczXZWHGdD8YiGM= X-MC-Unique: 0fbZ7i4gPaO2leS6qCnuvQ-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PATCH v3 2/9] tests: add more helper macros for creating TLS x509 certs Date: Tue, 26 Apr 2022 17:00:41 +0100 Message-Id: <20220426160048.812266-3-berrange@redhat.com> In-Reply-To: <20220426160048.812266-1-berrange@redhat.com> References: <20220426160048.812266-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 2.85 on 10.11.54.8 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -28 X-Spam_score: -2.9 X-Spam_bar: -- X-Spam_report: (-2.9 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.082, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Laurent Vivier , Thomas Huth , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Juan Quintela , "Dr. David Alan Gilbert" , Peter Xu , Paolo Bonzini Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1650989848326100001 These macros are more suited to the general consumers of certs in the test suite, where we don't need to exercise every single possible permutation. Signed-off-by: Daniel P. Berrang=C3=A9 Reviewed-by: Eric Blake --- tests/unit/crypto-tls-x509-helpers.h | 53 ++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) diff --git a/tests/unit/crypto-tls-x509-helpers.h b/tests/unit/crypto-tls-x= 509-helpers.h index cf6329e653..247e7160eb 100644 --- a/tests/unit/crypto-tls-x509-helpers.h +++ b/tests/unit/crypto-tls-x509-helpers.h @@ -26,6 +26,9 @@ #include =20 =20 +#define QCRYPTO_TLS_TEST_CLIENT_NAME "ACME QEMU Client" +#define QCRYPTO_TLS_TEST_CLIENT_HOSTILE_NAME "ACME Hostile Client" + /* * This contains parameter about how to generate * certificates. @@ -118,6 +121,56 @@ void test_tls_cleanup(const char *keyfile); }; \ test_tls_generate_cert(&varname, NULL) =20 +# define TLS_ROOT_REQ_SIMPLE(varname, fname) \ + QCryptoTLSTestCertReq varname =3D { \ + .filename =3D fname, \ + .cn =3D "qemu-CA", \ + .basicConstraintsEnable =3D true, \ + .basicConstraintsCritical =3D true, \ + .basicConstraintsIsCA =3D true, \ + .keyUsageEnable =3D true, \ + .keyUsageCritical =3D true, \ + .keyUsageValue =3D GNUTLS_KEY_KEY_CERT_SIGN, \ + }; \ + test_tls_generate_cert(&varname, NULL) + +# define TLS_CERT_REQ_SIMPLE_CLIENT(varname, cavarname, cname, fname) \ + QCryptoTLSTestCertReq varname =3D { \ + .filename =3D fname, \ + .cn =3D cname, \ + .basicConstraintsEnable =3D true, \ + .basicConstraintsCritical =3D true, \ + .basicConstraintsIsCA =3D false, \ + .keyUsageEnable =3D true, \ + .keyUsageCritical =3D true, \ + .keyUsageValue =3D \ + GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT, \ + .keyPurposeEnable =3D true, \ + .keyPurposeCritical =3D true, \ + .keyPurposeOID1 =3D GNUTLS_KP_TLS_WWW_CLIENT, \ + }; \ + test_tls_generate_cert(&varname, cavarname.crt) + +# define TLS_CERT_REQ_SIMPLE_SERVER(varname, cavarname, fname, \ + hostname, ipaddr) \ + QCryptoTLSTestCertReq varname =3D { \ + .filename =3D fname, \ + .cn =3D hostname ? hostname : ipaddr, \ + .altname1 =3D hostname, \ + .ipaddr1 =3D ipaddr, \ + .basicConstraintsEnable =3D true, \ + .basicConstraintsCritical =3D true, \ + .basicConstraintsIsCA =3D false, \ + .keyUsageEnable =3D true, \ + .keyUsageCritical =3D true, \ + .keyUsageValue =3D \ + GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT, \ + .keyPurposeEnable =3D true, \ + .keyPurposeCritical =3D true, \ + .keyPurposeOID1 =3D GNUTLS_KP_TLS_WWW_SERVER, \ + }; \ + test_tls_generate_cert(&varname, cavarname.crt) + extern const asn1_static_node pkix_asn1_tab[]; =20 #endif --=20 2.35.1 From nobody Thu May 16 15:53:06 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1650989921624536.4985532802878; Tue, 26 Apr 2022 09:18:41 -0700 (PDT) Received: from localhost ([::1]:60614 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1njNtg-0004XF-FN for importer@patchew.org; Tue, 26 Apr 2022 12:18:40 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:37764) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1njNce-00040N-Ll for qemu-devel@nongnu.org; Tue, 26 Apr 2022 12:01:35 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]:39750) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1njNcX-0007Q4-4w for qemu-devel@nongnu.org; Tue, 26 Apr 2022 12:01:00 -0400 Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-31-QBjTXDhrOqikZd1kmU5Mrg-1; Tue, 26 Apr 2022 12:00:55 -0400 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com [10.11.54.8]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id C10E8383218B for ; Tue, 26 Apr 2022 16:00:54 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.33.36.156]) by smtp.corp.redhat.com (Postfix) with ESMTP id 8F297C202C8; Tue, 26 Apr 2022 16:00:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1650988856; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=EMM+mZuY9M2g1zRgo7iEj2dpQ6yQogB8/vvDCC8juPQ=; b=hcd47+X6BwSYOLucnHIGklwf2QOvC1icWrrGtYW3PYb4UEu738YmiLmazyrO2gypv3BpKw Pz8FVndugfckqMfNc1nnEFUACPH+OOVQ6Ve5SWO4M7zKge9XFmufps2bOEBqQG/Yg/S24Q 91KJPr+KW7IzW9j34czMt7OaUQnlKZk= X-MC-Unique: QBjTXDhrOqikZd1kmU5Mrg-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PATCH v3 3/9] tests: add migration tests of TLS with PSK credentials Date: Tue, 26 Apr 2022 17:00:42 +0100 Message-Id: <20220426160048.812266-4-berrange@redhat.com> In-Reply-To: <20220426160048.812266-1-berrange@redhat.com> References: <20220426160048.812266-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 2.85 on 10.11.54.8 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -28 X-Spam_score: -2.9 X-Spam_bar: -- X-Spam_report: (-2.9 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.082, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Laurent Vivier , Thomas Huth , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Juan Quintela , "Dr. David Alan Gilbert" , Peter Xu , Paolo Bonzini Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1650989924060100001 This validates that we correctly handle migration success and failure scenarios when using TLS with pre shared keys. Signed-off-by: Daniel P. Berrang=C3=A9 Reviewed-by: Eric Blake --- tests/qtest/meson.build | 7 +- tests/qtest/migration-test.c | 159 +++++++++++++++++++++++++++- tests/unit/crypto-tls-psk-helpers.c | 18 +++- tests/unit/crypto-tls-psk-helpers.h | 1 + 4 files changed, 177 insertions(+), 8 deletions(-) diff --git a/tests/qtest/meson.build b/tests/qtest/meson.build index 22e1361210..ec14559e73 100644 --- a/tests/qtest/meson.build +++ b/tests/qtest/meson.build @@ -271,13 +271,18 @@ endif =20 tpmemu_files =3D ['tpm-emu.c', 'tpm-util.c', 'tpm-tests.c'] =20 +migration_files =3D [files('migration-helpers.c')] +if gnutls.found() + migration_files +=3D [files('../unit/crypto-tls-psk-helpers.c'), gnutls] +endif + qtests =3D { 'bios-tables-test': [io, 'boot-sector.c', 'acpi-utils.c', 'tpm-emu.c'], 'cdrom-test': files('boot-sector.c'), 'dbus-vmstate-test': files('migration-helpers.c') + dbus_vmstate1, 'erst-test': files('erst-test.c'), 'ivshmem-test': [rt, '../../contrib/ivshmem-server/ivshmem-server.c'], - 'migration-test': files('migration-helpers.c'), + 'migration-test': migration_files, 'pxe-test': files('boot-sector.c'), 'qos-test': [chardev, io, qos_test_ss.apply(config_host, strict: false).= sources()], 'tpm-crb-swtpm-test': [io, tpmemu_files], diff --git a/tests/qtest/migration-test.c b/tests/qtest/migration-test.c index 2af36c16a3..f733aa352e 100644 --- a/tests/qtest/migration-test.c +++ b/tests/qtest/migration-test.c @@ -23,9 +23,13 @@ #include "qapi/qapi-visit-sockets.h" #include "qapi/qobject-input-visitor.h" #include "qapi/qobject-output-visitor.h" +#include "crypto/tlscredspsk.h" =20 #include "migration-helpers.h" #include "tests/migration/migration-test.h" +#ifdef CONFIG_GNUTLS +# include "tests/unit/crypto-tls-psk-helpers.h" +#endif /* CONFIG_GNUTLS */ =20 /* For dirty ring test; so far only x86_64 is supported */ #if defined(__linux__) && defined(HOST_X86_64) @@ -640,6 +644,100 @@ static void test_migrate_end(QTestState *from, QTestS= tate *to, bool test_dest) cleanup("dest_serial"); } =20 +#ifdef CONFIG_GNUTLS +struct TestMigrateTLSPSKData { + char *workdir; + char *workdiralt; + char *pskfile; + char *pskfilealt; +}; + +static void * +test_migrate_tls_psk_start_common(QTestState *from, + QTestState *to, + bool mismatch) +{ + struct TestMigrateTLSPSKData *data =3D + g_new0(struct TestMigrateTLSPSKData, 1); + QDict *rsp; + + data->workdir =3D g_strdup_printf("%s/tlscredspsk0", tmpfs); + data->pskfile =3D g_strdup_printf("%s/%s", data->workdir, + QCRYPTO_TLS_CREDS_PSKFILE); + mkdir(data->workdir, 0700); + test_tls_psk_init(data->pskfile); + + if (mismatch) { + data->workdiralt =3D g_strdup_printf("%s/tlscredspskalt0", tmpfs); + data->pskfilealt =3D g_strdup_printf("%s/%s", data->workdiralt, + QCRYPTO_TLS_CREDS_PSKFILE); + mkdir(data->workdiralt, 0700); + test_tls_psk_init_alt(data->pskfilealt); + } + + rsp =3D wait_command(from, + "{ 'execute': 'object-add'," + " 'arguments': { 'qom-type': 'tls-creds-psk'," + " 'id': 'tlscredspsk0'," + " 'endpoint': 'client'," + " 'dir': %s," + " 'username': 'qemu'} }", + data->workdir); + qobject_unref(rsp); + + rsp =3D wait_command(to, + "{ 'execute': 'object-add'," + " 'arguments': { 'qom-type': 'tls-creds-psk'," + " 'id': 'tlscredspsk0'," + " 'endpoint': 'server'," + " 'dir': %s } }", + mismatch ? data->workdiralt : data->workdir); + qobject_unref(rsp); + + migrate_set_parameter_str(from, "tls-creds", "tlscredspsk0"); + migrate_set_parameter_str(to, "tls-creds", "tlscredspsk0"); + + return data; +} + +static void * +test_migrate_tls_psk_start_match(QTestState *from, + QTestState *to) +{ + return test_migrate_tls_psk_start_common(from, to, false); +} + +static void * +test_migrate_tls_psk_start_mismatch(QTestState *from, + QTestState *to) +{ + return test_migrate_tls_psk_start_common(from, to, true); +} + +static void +test_migrate_tls_psk_finish(QTestState *from, + QTestState *to, + void *opaque) +{ + struct TestMigrateTLSPSKData *data =3D opaque; + + test_tls_psk_cleanup(data->pskfile); + if (data->pskfilealt) { + test_tls_psk_cleanup(data->pskfilealt); + } + rmdir(data->workdir); + if (data->workdiralt) { + rmdir(data->workdiralt); + } + + g_free(data->workdiralt); + g_free(data->pskfilealt); + g_free(data->workdir); + g_free(data->pskfile); + g_free(data); +} +#endif /* CONFIG_GNUTLS */ + static int migrate_postcopy_prepare(QTestState **from_ptr, QTestState **to_ptr, MigrateStart *args) @@ -911,7 +1009,7 @@ static void test_precopy_common(MigrateCommon *args) test_migrate_end(from, to, args->result =3D=3D MIG_TEST_SUCCEED); } =20 -static void test_precopy_unix(void) +static void test_precopy_unix_plain(void) { g_autofree char *uri =3D g_strdup_printf("unix:%s/migsocket", tmpfs); MigrateCommon args =3D { @@ -922,6 +1020,19 @@ static void test_precopy_unix(void) test_precopy_common(&args); } =20 +static void test_precopy_unix_tls_psk(void) +{ + g_autofree char *uri =3D g_strdup_printf("unix:%s/migsocket", tmpfs); + MigrateCommon args =3D { + .connect_uri =3D uri, + .listen_uri =3D uri, + .start_hook =3D test_migrate_tls_psk_start_match, + .finish_hook =3D test_migrate_tls_psk_finish, + }; + + test_precopy_common(&args); +} + static void test_precopy_unix_dirty_ring(void) { g_autofree char *uri =3D g_strdup_printf("unix:%s/migsocket", tmpfs); @@ -1026,7 +1137,7 @@ static void test_xbzrle_unix(void) test_xbzrle(uri); } =20 -static void test_precopy_tcp(void) +static void test_precopy_tcp_plain(void) { MigrateCommon args =3D { .listen_uri =3D "tcp:127.0.0.1:0", @@ -1035,6 +1146,34 @@ static void test_precopy_tcp(void) test_precopy_common(&args); } =20 +#ifdef CONFIG_GNUTLS +static void test_precopy_tcp_tls_psk_match(void) +{ + MigrateCommon args =3D { + .listen_uri =3D "tcp:127.0.0.1:0", + .start_hook =3D test_migrate_tls_psk_start_match, + .finish_hook =3D test_migrate_tls_psk_finish, + }; + + test_precopy_common(&args); +} + +static void test_precopy_tcp_tls_psk_mismatch(void) +{ + MigrateCommon args =3D { + .start =3D { + .hide_stderr =3D true, + }, + .listen_uri =3D "tcp:127.0.0.1:0", + .start_hook =3D test_migrate_tls_psk_start_mismatch, + .finish_hook =3D test_migrate_tls_psk_finish, + .result =3D MIG_TEST_FAIL, + }; + + test_precopy_common(&args); +} +#endif /* CONFIG_GNUTLS */ + static void *test_migrate_fd_start_hook(QTestState *from, QTestState *to) { @@ -1497,8 +1636,20 @@ int main(int argc, char **argv) qtest_add_func("/migration/postcopy/unix", test_postcopy); qtest_add_func("/migration/postcopy/recovery", test_postcopy_recovery); qtest_add_func("/migration/bad_dest", test_baddest); - qtest_add_func("/migration/precopy/unix", test_precopy_unix); - qtest_add_func("/migration/precopy/tcp", test_precopy_tcp); + qtest_add_func("/migration/precopy/unix/plain", test_precopy_unix_plai= n); +#ifdef CONFIG_GNUTLS + qtest_add_func("/migration/precopy/unix/tls/psk", + test_precopy_unix_tls_psk); +#endif /* CONFIG_GNUTLS */ + + qtest_add_func("/migration/precopy/tcp/plain", test_precopy_tcp_plain); +#ifdef CONFIG_GNUTLS + qtest_add_func("/migration/precopy/tcp/tls/psk/match", + test_precopy_tcp_tls_psk_match); + qtest_add_func("/migration/precopy/tcp/tls/psk/mismatch", + test_precopy_tcp_tls_psk_mismatch); +#endif /* CONFIG_GNUTLS */ + /* qtest_add_func("/migration/ignore_shared", test_ignore_shared); */ qtest_add_func("/migration/xbzrle/unix", test_xbzrle_unix); qtest_add_func("/migration/fd_proto", test_migrate_fd_proto); diff --git a/tests/unit/crypto-tls-psk-helpers.c b/tests/unit/crypto-tls-ps= k-helpers.c index 4bea7c6fa2..511e08cc9c 100644 --- a/tests/unit/crypto-tls-psk-helpers.c +++ b/tests/unit/crypto-tls-psk-helpers.c @@ -24,7 +24,8 @@ #include "crypto-tls-psk-helpers.h" #include "qemu/sockets.h" =20 -void test_tls_psk_init(const char *pskfile) +static void +test_tls_psk_init_common(const char *pskfile, const char *user, const char= *key) { FILE *fp; =20 @@ -33,11 +34,22 @@ void test_tls_psk_init(const char *pskfile) g_critical("Failed to create pskfile %s: %s", pskfile, strerror(er= rno)); abort(); } - /* Don't do this in real applications! Use psktool. */ - fprintf(fp, "qemu:009d5638c40fde0c\n"); + fprintf(fp, "%s:%s\n", user, key); fclose(fp); } =20 +void test_tls_psk_init(const char *pskfile) +{ + /* Don't hard code a key like this in real applications! Use psktool.= */ + test_tls_psk_init_common(pskfile, "qemu", "009d5638c40fde0c"); +} + +void test_tls_psk_init_alt(const char *pskfile) +{ + /* Don't hard code a key like this in real applications! Use psktool.= */ + test_tls_psk_init_common(pskfile, "qemu", "10ffa6a2c42f0388"); +} + void test_tls_psk_cleanup(const char *pskfile) { unlink(pskfile); diff --git a/tests/unit/crypto-tls-psk-helpers.h b/tests/unit/crypto-tls-ps= k-helpers.h index faa645c629..67f8bdda71 100644 --- a/tests/unit/crypto-tls-psk-helpers.h +++ b/tests/unit/crypto-tls-psk-helpers.h @@ -24,6 +24,7 @@ #include =20 void test_tls_psk_init(const char *keyfile); +void test_tls_psk_init_alt(const char *keyfile); void test_tls_psk_cleanup(const char *keyfile); =20 #endif --=20 2.35.1 From nobody Thu May 16 15:53:06 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 165098981504589.9076288992826; Tue, 26 Apr 2022 09:16:55 -0700 (PDT) Received: from localhost ([::1]:53408 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1njNry-00080l-0K for importer@patchew.org; Tue, 26 Apr 2022 12:16:54 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:37766) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1njNce-00040O-Lo for qemu-devel@nongnu.org; Tue, 26 Apr 2022 12:01:35 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]:22377) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1njNcZ-0007QD-8j for qemu-devel@nongnu.org; Tue, 26 Apr 2022 12:01:01 -0400 Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-179-8n_b2gH_PVGjuheBUlRiXw-1; Tue, 26 Apr 2022 12:00:56 -0400 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com [10.11.54.8]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 6EA9B811E83 for ; Tue, 26 Apr 2022 16:00:56 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.33.36.156]) by smtp.corp.redhat.com (Postfix) with ESMTP id 0825EC202C8; Tue, 26 Apr 2022 16:00:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1650988858; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=UKuGE+vvYikIZdJmsaAA9b2DG3DoubwwGn+b3R/ae70=; b=bHQB9Pzk0Ws95NJlH+Fv/PqzzoA83ab2H6rf/UcZhADhacxBdm4D/Co2FjfV5Pj2IGsiCH 1FU4a0bzsSecVxtWEr9c9Arz/1y0SSjTvf1msSKNAiftPTC5TDgYiD0k3litfO2pfx9YUJ 8noq9FUCZ/hjZm7MGgSplGnnAFlt0lY= X-MC-Unique: 8n_b2gH_PVGjuheBUlRiXw-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PATCH v3 4/9] tests: add migration tests of TLS with x509 credentials Date: Tue, 26 Apr 2022 17:00:43 +0100 Message-Id: <20220426160048.812266-5-berrange@redhat.com> In-Reply-To: <20220426160048.812266-1-berrange@redhat.com> References: <20220426160048.812266-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 2.85 on 10.11.54.8 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -28 X-Spam_score: -2.9 X-Spam_bar: -- X-Spam_report: (-2.9 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.082, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Laurent Vivier , Thomas Huth , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Juan Quintela , "Dr. David Alan Gilbert" , Peter Xu , Paolo Bonzini Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1650989815870100001 This validates that we correctly handle migration success and failure scenarios when using TLS with x509 certificates. There are quite a few different scenarios that matter in relation to hostname validation. Signed-off-by: Daniel P. Berrang=C3=A9 Reviewed-by: Eric Blake --- meson.build | 1 + tests/qtest/meson.build | 5 + tests/qtest/migration-test.c | 382 ++++++++++++++++++++++++++++++++++- 3 files changed, 386 insertions(+), 2 deletions(-) diff --git a/meson.build b/meson.build index d083c6b7bf..d1231b23ae 100644 --- a/meson.build +++ b/meson.build @@ -1565,6 +1565,7 @@ config_host_data.set('CONFIG_KEYUTILS', keyutils.foun= d()) config_host_data.set('CONFIG_GETTID', has_gettid) config_host_data.set('CONFIG_GNUTLS', gnutls.found()) config_host_data.set('CONFIG_GNUTLS_CRYPTO', gnutls_crypto.found()) +config_host_data.set('CONFIG_TASN1', tasn1.found()) config_host_data.set('CONFIG_GCRYPT', gcrypt.found()) config_host_data.set('CONFIG_NETTLE', nettle.found()) config_host_data.set('CONFIG_QEMU_PRIVATE_XTS', xts =3D=3D 'private') diff --git a/tests/qtest/meson.build b/tests/qtest/meson.build index ec14559e73..af7c31d611 100644 --- a/tests/qtest/meson.build +++ b/tests/qtest/meson.build @@ -274,6 +274,11 @@ tpmemu_files =3D ['tpm-emu.c', 'tpm-util.c', 'tpm-test= s.c'] migration_files =3D [files('migration-helpers.c')] if gnutls.found() migration_files +=3D [files('../unit/crypto-tls-psk-helpers.c'), gnutls] + + if tasn1.found() + migration_files +=3D [files('../unit/crypto-tls-x509-helpers.c', + '../unit/pkix_asn1_tab.c'), tasn1] + endif endif =20 qtests =3D { diff --git a/tests/qtest/migration-test.c b/tests/qtest/migration-test.c index f733aa352e..c730697f74 100644 --- a/tests/qtest/migration-test.c +++ b/tests/qtest/migration-test.c @@ -29,6 +29,9 @@ #include "tests/migration/migration-test.h" #ifdef CONFIG_GNUTLS # include "tests/unit/crypto-tls-psk-helpers.h" +# ifdef CONFIG_TASN1 +# include "tests/unit/crypto-tls-x509-helpers.h" +# endif /* CONFIG_TASN1 */ #endif /* CONFIG_GNUTLS */ =20 /* For dirty ring test; so far only x86_64 is supported */ @@ -736,6 +739,234 @@ test_migrate_tls_psk_finish(QTestState *from, g_free(data->pskfile); g_free(data); } + +#ifdef CONFIG_TASN1 +typedef struct { + char *workdir; + char *keyfile; + char *cacert; + char *servercert; + char *serverkey; + char *clientcert; + char *clientkey; +} TestMigrateTLSX509Data; + +typedef struct { + bool verifyclient; + bool clientcert; + bool hostileclient; + bool authzclient; + const char *certhostname; + const char *certipaddr; +} TestMigrateTLSX509; + +static void * +test_migrate_tls_x509_start_common(QTestState *from, + QTestState *to, + TestMigrateTLSX509 *args) +{ + TestMigrateTLSX509Data *data =3D g_new0(TestMigrateTLSX509Data, 1); + QDict *rsp; + + data->workdir =3D g_strdup_printf("%s/tlscredsx5090", tmpfs); + data->keyfile =3D g_strdup_printf("%s/key.pem", data->workdir); + + data->cacert =3D g_strdup_printf("%s/ca-cert.pem", data->workdir); + data->serverkey =3D g_strdup_printf("%s/server-key.pem", data->workdir= ); + data->servercert =3D g_strdup_printf("%s/server-cert.pem", data->workd= ir); + if (args->clientcert) { + data->clientkey =3D g_strdup_printf("%s/client-key.pem", data->wor= kdir); + data->clientcert =3D g_strdup_printf("%s/client-cert.pem", data->w= orkdir); + } + + mkdir(data->workdir, 0700); + + test_tls_init(data->keyfile); + g_assert(link(data->keyfile, data->serverkey) =3D=3D 0); + if (args->clientcert) { + g_assert(link(data->keyfile, data->clientkey) =3D=3D 0); + } + + TLS_ROOT_REQ_SIMPLE(cacertreq, data->cacert); + if (args->clientcert) { + TLS_CERT_REQ_SIMPLE_CLIENT(servercertreq, cacertreq, + args->hostileclient ? + QCRYPTO_TLS_TEST_CLIENT_HOSTILE_NAME : + QCRYPTO_TLS_TEST_CLIENT_NAME, + data->clientcert); + } + + TLS_CERT_REQ_SIMPLE_SERVER(clientcertreq, cacertreq, + data->servercert, + args->certhostname, + args->certipaddr); + + rsp =3D wait_command(from, + "{ 'execute': 'object-add'," + " 'arguments': { 'qom-type': 'tls-creds-x509'," + " 'id': 'tlscredsx509client0'," + " 'endpoint': 'client'," + " 'dir': %s," + " 'sanity-check': true," + " 'verify-peer': true} }", + data->workdir); + qobject_unref(rsp); + migrate_set_parameter_str(from, "tls-creds", "tlscredsx509client0"); + if (args->certhostname) { + migrate_set_parameter_str(from, "tls-hostname", args->certhostname= ); + } + + rsp =3D wait_command(to, + "{ 'execute': 'object-add'," + " 'arguments': { 'qom-type': 'tls-creds-x509'," + " 'id': 'tlscredsx509server0'," + " 'endpoint': 'server'," + " 'dir': %s," + " 'sanity-check': true," + " 'verify-peer': %i} }", + data->workdir, args->verifyclient); + qobject_unref(rsp); + migrate_set_parameter_str(to, "tls-creds", "tlscredsx509server0"); + + if (args->authzclient) { + rsp =3D wait_command(to, + "{ 'execute': 'object-add'," + " 'arguments': { 'qom-type': 'authz-simple'," + " 'id': 'tlsauthz0'," + " 'identity': %s} }", + "CN=3D" QCRYPTO_TLS_TEST_CLIENT_NAME); + migrate_set_parameter_str(to, "tls-authz", "tlsauthz0"); + } + + return data; +} + +/* + * The normal case: match server's cert hostname against + * whatever host we were telling QEMU to connect to (if any) + */ +static void * +test_migrate_tls_x509_start_default_host(QTestState *from, + QTestState *to) +{ + TestMigrateTLSX509 args =3D { + .verifyclient =3D true, + .clientcert =3D true, + .certipaddr =3D "127.0.0.1" + }; + return test_migrate_tls_x509_start_common(from, to, &args); +} + +/* + * The unusual case: the server's cert is different from + * the address we're telling QEMU to connect to (if any), + * so we must give QEMU an explicit hostname to validate + */ +static void * +test_migrate_tls_x509_start_override_host(QTestState *from, + QTestState *to) +{ + TestMigrateTLSX509 args =3D { + .verifyclient =3D true, + .clientcert =3D true, + .certhostname =3D "qemu.org", + }; + return test_migrate_tls_x509_start_common(from, to, &args); +} + +/* + * The unusual case: the server's cert is different from + * the address we're telling QEMU to connect to, and so we + * expect the client to reject the server + */ +static void * +test_migrate_tls_x509_start_mismatch_host(QTestState *from, + QTestState *to) +{ + TestMigrateTLSX509 args =3D { + .verifyclient =3D true, + .clientcert =3D true, + .certipaddr =3D "10.0.0.1", + }; + return test_migrate_tls_x509_start_common(from, to, &args); +} + +static void * +test_migrate_tls_x509_start_friendly_client(QTestState *from, + QTestState *to) +{ + TestMigrateTLSX509 args =3D { + .verifyclient =3D true, + .clientcert =3D true, + .authzclient =3D true, + .certipaddr =3D "127.0.0.1", + }; + return test_migrate_tls_x509_start_common(from, to, &args); +} + +static void * +test_migrate_tls_x509_start_hostile_client(QTestState *from, + QTestState *to) +{ + TestMigrateTLSX509 args =3D { + .verifyclient =3D true, + .clientcert =3D true, + .hostileclient =3D true, + .authzclient =3D true, + .certipaddr =3D "127.0.0.1", + }; + return test_migrate_tls_x509_start_common(from, to, &args); +} + +/* + * The case with no client certificate presented, + * and no server verification + */ +static void * +test_migrate_tls_x509_start_allow_anon_client(QTestState *from, + QTestState *to) +{ + TestMigrateTLSX509 args =3D { + .certipaddr =3D "127.0.0.1", + }; + return test_migrate_tls_x509_start_common(from, to, &args); +} + +/* + * The case with no client certificate presented, + * and server verification rejecting + */ +static void * +test_migrate_tls_x509_start_reject_anon_client(QTestState *from, + QTestState *to) +{ + TestMigrateTLSX509 args =3D { + .verifyclient =3D true, + .certipaddr =3D "127.0.0.1", + }; + return test_migrate_tls_x509_start_common(from, to, &args); +} + +static void +test_migrate_tls_x509_finish(QTestState *from, + QTestState *to, + void *opaque) +{ + TestMigrateTLSX509Data *data =3D opaque; + + test_tls_cleanup(data->keyfile); + unlink(data->cacert); + unlink(data->servercert); + unlink(data->serverkey); + unlink(data->clientcert); + unlink(data->clientkey); + rmdir(data->workdir); + + g_free(data->workdir); + g_free(data->keyfile); + g_free(data); +} +#endif /* CONFIG_TASN1 */ #endif /* CONFIG_GNUTLS */ =20 static int migrate_postcopy_prepare(QTestState **from_ptr, @@ -1020,6 +1251,21 @@ static void test_precopy_unix_plain(void) test_precopy_common(&args); } =20 +static void test_precopy_unix_dirty_ring(void) +{ + g_autofree char *uri =3D g_strdup_printf("unix:%s/migsocket", tmpfs); + MigrateCommon args =3D { + .start =3D { + .use_dirty_ring =3D true, + }, + .listen_uri =3D uri, + .connect_uri =3D uri, + }; + + test_precopy_common(&args); +} + +#ifdef CONFIG_GNUTLS static void test_precopy_unix_tls_psk(void) { g_autofree char *uri =3D g_strdup_printf("unix:%s/migsocket", tmpfs); @@ -1033,19 +1279,38 @@ static void test_precopy_unix_tls_psk(void) test_precopy_common(&args); } =20 -static void test_precopy_unix_dirty_ring(void) +#ifdef CONFIG_TASN1 +static void test_precopy_unix_tls_x509_default_host(void) { g_autofree char *uri =3D g_strdup_printf("unix:%s/migsocket", tmpfs); MigrateCommon args =3D { .start =3D { - .use_dirty_ring =3D true, + .hide_stderr =3D true, }, + .connect_uri =3D uri, .listen_uri =3D uri, + .start_hook =3D test_migrate_tls_x509_start_default_host, + .finish_hook =3D test_migrate_tls_x509_finish, + .result =3D MIG_TEST_FAIL_DEST_QUIT_ERR, + }; + + test_precopy_common(&args); +} + +static void test_precopy_unix_tls_x509_override_host(void) +{ + g_autofree char *uri =3D g_strdup_printf("unix:%s/migsocket", tmpfs); + MigrateCommon args =3D { .connect_uri =3D uri, + .listen_uri =3D uri, + .start_hook =3D test_migrate_tls_x509_start_override_host, + .finish_hook =3D test_migrate_tls_x509_finish, }; =20 test_precopy_common(&args); } +#endif /* CONFIG_TASN1 */ +#endif /* CONFIG_GNUTLS */ =20 #if 0 /* Currently upset on aarch64 TCG */ @@ -1172,6 +1437,97 @@ static void test_precopy_tcp_tls_psk_mismatch(void) =20 test_precopy_common(&args); } + +#ifdef CONFIG_TASN1 +static void test_precopy_tcp_tls_x509_default_host(void) +{ + MigrateCommon args =3D { + .listen_uri =3D "tcp:127.0.0.1:0", + .start_hook =3D test_migrate_tls_x509_start_default_host, + .finish_hook =3D test_migrate_tls_x509_finish, + }; + + test_precopy_common(&args); +} + +static void test_precopy_tcp_tls_x509_override_host(void) +{ + MigrateCommon args =3D { + .listen_uri =3D "tcp:127.0.0.1:0", + .start_hook =3D test_migrate_tls_x509_start_override_host, + .finish_hook =3D test_migrate_tls_x509_finish, + }; + + test_precopy_common(&args); +} + +static void test_precopy_tcp_tls_x509_mismatch_host(void) +{ + MigrateCommon args =3D { + .start =3D { + .hide_stderr =3D true, + }, + .listen_uri =3D "tcp:127.0.0.1:0", + .start_hook =3D test_migrate_tls_x509_start_mismatch_host, + .finish_hook =3D test_migrate_tls_x509_finish, + .result =3D MIG_TEST_FAIL_DEST_QUIT_ERR, + }; + + test_precopy_common(&args); +} + +static void test_precopy_tcp_tls_x509_friendly_client(void) +{ + MigrateCommon args =3D { + .listen_uri =3D "tcp:127.0.0.1:0", + .start_hook =3D test_migrate_tls_x509_start_friendly_client, + .finish_hook =3D test_migrate_tls_x509_finish, + }; + + test_precopy_common(&args); +} + +static void test_precopy_tcp_tls_x509_hostile_client(void) +{ + MigrateCommon args =3D { + .start =3D { + .hide_stderr =3D true, + }, + .listen_uri =3D "tcp:127.0.0.1:0", + .start_hook =3D test_migrate_tls_x509_start_hostile_client, + .finish_hook =3D test_migrate_tls_x509_finish, + .result =3D MIG_TEST_FAIL, + }; + + test_precopy_common(&args); +} + +static void test_precopy_tcp_tls_x509_allow_anon_client(void) +{ + MigrateCommon args =3D { + .listen_uri =3D "tcp:127.0.0.1:0", + .start_hook =3D test_migrate_tls_x509_start_allow_anon_client, + .finish_hook =3D test_migrate_tls_x509_finish, + }; + + test_precopy_common(&args); +} + +static void test_precopy_tcp_tls_x509_reject_anon_client(void) +{ + MigrateCommon args =3D { + .start =3D { + .hide_stderr =3D true, + }, + .listen_uri =3D "tcp:127.0.0.1:0", + .start_hook =3D test_migrate_tls_x509_start_reject_anon_client, + .finish_hook =3D test_migrate_tls_x509_finish, + .result =3D MIG_TEST_FAIL, + }; + + test_precopy_common(&args); +} +#endif /* CONFIG_TASN1 */ #endif /* CONFIG_GNUTLS */ =20 static void *test_migrate_fd_start_hook(QTestState *from, @@ -1640,6 +1996,12 @@ int main(int argc, char **argv) #ifdef CONFIG_GNUTLS qtest_add_func("/migration/precopy/unix/tls/psk", test_precopy_unix_tls_psk); +#ifdef CONFIG_TASN1 + qtest_add_func("/migration/precopy/unix/tls/x509/default-host", + test_precopy_unix_tls_x509_default_host); + qtest_add_func("/migration/precopy/unix/tls/x509/override-host", + test_precopy_unix_tls_x509_override_host); +#endif /* CONFIG_TASN1 */ #endif /* CONFIG_GNUTLS */ =20 qtest_add_func("/migration/precopy/tcp/plain", test_precopy_tcp_plain); @@ -1648,6 +2010,22 @@ int main(int argc, char **argv) test_precopy_tcp_tls_psk_match); qtest_add_func("/migration/precopy/tcp/tls/psk/mismatch", test_precopy_tcp_tls_psk_mismatch); +#ifdef CONFIG_TASN1 + qtest_add_func("/migration/precopy/tcp/tls/x509/default-host", + test_precopy_tcp_tls_x509_default_host); + qtest_add_func("/migration/precopy/tcp/tls/x509/override-host", + test_precopy_tcp_tls_x509_override_host); + qtest_add_func("/migration/precopy/tcp/tls/x509/mismatch-host", + test_precopy_tcp_tls_x509_mismatch_host); + qtest_add_func("/migration/precopy/tcp/tls/x509/friendly-client", + test_precopy_tcp_tls_x509_friendly_client); + qtest_add_func("/migration/precopy/tcp/tls/x509/hostile-client", + test_precopy_tcp_tls_x509_hostile_client); + qtest_add_func("/migration/precopy/tcp/tls/x509/allow-anon-client", + test_precopy_tcp_tls_x509_allow_anon_client); + qtest_add_func("/migration/precopy/tcp/tls/x509/reject-anon-client", + test_precopy_tcp_tls_x509_reject_anon_client); +#endif /* CONFIG_TASN1 */ #endif /* CONFIG_GNUTLS */ =20 /* qtest_add_func("/migration/ignore_shared", test_ignore_shared); */ --=20 2.35.1 From nobody Thu May 16 15:53:06 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 165098993091235.13365470501719; Tue, 26 Apr 2022 09:18:50 -0700 (PDT) Received: from localhost ([::1]:33094 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1njNtp-00050F-Sx for importer@patchew.org; Tue, 26 Apr 2022 12:18:49 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:37856) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1njNcn-00041O-VA for qemu-devel@nongnu.org; Tue, 26 Apr 2022 12:01:35 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:34691) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1njNce-0007QQ-Dl for qemu-devel@nongnu.org; Tue, 26 Apr 2022 12:01:10 -0400 Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-336-qdZc8iAzNzmnRz73SbPN-Q-1; Tue, 26 Apr 2022 12:00:58 -0400 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com [10.11.54.8]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id E7A523C0CD45 for ; Tue, 26 Apr 2022 16:00:57 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.33.36.156]) by smtp.corp.redhat.com (Postfix) with ESMTP id AA8ABC202C8; Tue, 26 Apr 2022 16:00:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1650988859; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=BEx+TESzz8AnqOx/b4x9WUfQy5ZvsHSctdOfuwp43cA=; b=UMwKx+Bn404zqLupYXLV+pn4itnh1KlgjRWPujUPbCFFtbfCZdTq39dMhVYY8j7tS0i0bd qJDE6BV1WaZHFsgAzIzQlAy2Usx54UQMV5a6ohADwsW3iSl3YbiYWXURb0+uSyUC2sTG9o MuNxeUbgnEQqZ9x6wVls4OS0GKrV3uM= X-MC-Unique: qdZc8iAzNzmnRz73SbPN-Q-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PATCH v3 5/9] tests: convert XBZRLE migration test to use common helper Date: Tue, 26 Apr 2022 17:00:44 +0100 Message-Id: <20220426160048.812266-6-berrange@redhat.com> In-Reply-To: <20220426160048.812266-1-berrange@redhat.com> References: <20220426160048.812266-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 2.85 on 10.11.54.8 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -28 X-Spam_score: -2.9 X-Spam_bar: -- X-Spam_report: (-2.9 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.082, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Laurent Vivier , Thomas Huth , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Juan Quintela , "Dr. David Alan Gilbert" , Peter Xu , Paolo Bonzini Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1650989932081100001 Most of the XBZRLE migration test logic is common with the rest of the precopy tests, so it can use the helper with just one small tweak. Reviewed-by: Peter Xu Signed-off-by: Daniel P. Berrang=C3=A9 --- tests/qtest/migration-test.c | 67 ++++++++++++++---------------------- 1 file changed, 25 insertions(+), 42 deletions(-) diff --git a/tests/qtest/migration-test.c b/tests/qtest/migration-test.c index c730697f74..043ae94089 100644 --- a/tests/qtest/migration-test.c +++ b/tests/qtest/migration-test.c @@ -1174,6 +1174,9 @@ typedef struct { /* This test should fail, dest qemu should fail with abnormal stat= us */ MIG_TEST_FAIL_DEST_QUIT_ERR, } result; + + /* Optional: set number of migration passes to wait for */ + unsigned int iterations; } MigrateCommon; =20 static void test_precopy_common(MigrateCommon *args) @@ -1219,7 +1222,13 @@ static void test_precopy_common(MigrateCommon *args) qtest_set_expected_status(to, 1); } } else { - wait_for_migration_pass(from); + if (args->iterations) { + while (args->iterations--) { + wait_for_migration_pass(from); + } + } else { + wait_for_migration_pass(from); + } =20 migrate_set_parameter_int(from, "downtime-limit", CONVERGE_DOWNTIM= E); =20 @@ -1349,57 +1358,31 @@ static void test_ignore_shared(void) } #endif =20 -static void test_xbzrle(const char *uri) +static void * +test_migrate_xbzrle_start(QTestState *from, + QTestState *to) { - MigrateStart args =3D {}; - QTestState *from, *to; - - if (test_migrate_start(&from, &to, uri, &args)) { - return; - } - - /* - * We want to pick a speed slow enough that the test completes - * quickly, but that it doesn't complete precopy even on a slow - * machine, so also set the downtime. - */ - /* 1 ms should make it not converge*/ - migrate_set_parameter_int(from, "downtime-limit", 1); - /* 1GB/s */ - migrate_set_parameter_int(from, "max-bandwidth", 1000000000); - migrate_set_parameter_int(from, "xbzrle-cache-size", 33554432); =20 migrate_set_capability(from, "xbzrle", true); migrate_set_capability(to, "xbzrle", true); - /* Wait for the first serial output from the source */ - wait_for_serial("src_serial"); =20 - migrate_qmp(from, uri, "{}"); - - wait_for_migration_pass(from); - /* Make sure we have 2 passes, so the xbzrle cache gets a workout */ - wait_for_migration_pass(from); - - /* 1000ms should converge */ - migrate_set_parameter_int(from, "downtime-limit", 1000); - - if (!got_stop) { - qtest_qmp_eventwait(from, "STOP"); - } - qtest_qmp_eventwait(to, "RESUME"); - - wait_for_serial("dest_serial"); - wait_for_migration_complete(from); - - test_migrate_end(from, to, true); + return NULL; } =20 -static void test_xbzrle_unix(void) +static void test_precopy_unix_xbzrle(void) { g_autofree char *uri =3D g_strdup_printf("unix:%s/migsocket", tmpfs); + MigrateCommon args =3D { + .connect_uri =3D uri, + .listen_uri =3D uri, + + .start_hook =3D test_migrate_xbzrle_start, =20 - test_xbzrle(uri); + .iterations =3D 2, + }; + + test_precopy_common(&args); } =20 static void test_precopy_tcp_plain(void) @@ -1993,6 +1976,7 @@ int main(int argc, char **argv) qtest_add_func("/migration/postcopy/recovery", test_postcopy_recovery); qtest_add_func("/migration/bad_dest", test_baddest); qtest_add_func("/migration/precopy/unix/plain", test_precopy_unix_plai= n); + qtest_add_func("/migration/precopy/unix/xbzrle", test_precopy_unix_xbz= rle); #ifdef CONFIG_GNUTLS qtest_add_func("/migration/precopy/unix/tls/psk", test_precopy_unix_tls_psk); @@ -2029,7 +2013,6 @@ int main(int argc, char **argv) #endif /* CONFIG_GNUTLS */ =20 /* qtest_add_func("/migration/ignore_shared", test_ignore_shared); */ - qtest_add_func("/migration/xbzrle/unix", test_xbzrle_unix); qtest_add_func("/migration/fd_proto", test_migrate_fd_proto); qtest_add_func("/migration/validate_uuid", test_validate_uuid); qtest_add_func("/migration/validate_uuid_error", test_validate_uuid_er= ror); --=20 2.35.1 From nobody Thu May 16 15:53:06 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1650990007480343.3880558448004; Tue, 26 Apr 2022 09:20:07 -0700 (PDT) Received: from localhost ([::1]:37034 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1njNv4-0007dk-CN for importer@patchew.org; Tue, 26 Apr 2022 12:20:06 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:37844) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1njNcn-00041K-Nh for qemu-devel@nongnu.org; Tue, 26 Apr 2022 12:01:35 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]:51631) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1njNce-0007QX-Dk for qemu-devel@nongnu.org; Tue, 26 Apr 2022 12:01:06 -0400 Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-673-GREKQlBCOVim9STb5BZgNQ-1; Tue, 26 Apr 2022 12:00:59 -0400 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com [10.11.54.8]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 646AD3832185 for ; Tue, 26 Apr 2022 16:00:59 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.33.36.156]) by smtp.corp.redhat.com (Postfix) with ESMTP id 2C13AC44CDF; Tue, 26 Apr 2022 16:00:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1650988861; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=nYe2DnYTg0tj/Gh9+jhfmjoUVW/+BRIpf+kspA3O2I0=; b=eZ8KGzDHPF3sTC5DOyKS93PIipR+vw2ViJDJMOLWnNOMp6iPPHF+hiyxsmuxcHeYY0ON9H vdFbPg0rMv1jvkoJomD0GCGy05GU56LoUN5SjX6QhjzbgFLk5Midgkdqkv19TQvs5qqH86 I1kikEx3YxdXRyeYf60DkdA5Zlic14s= X-MC-Unique: GREKQlBCOVim9STb5BZgNQ-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PATCH v3 6/9] tests: convert multifd migration tests to use common helper Date: Tue, 26 Apr 2022 17:00:45 +0100 Message-Id: <20220426160048.812266-7-berrange@redhat.com> In-Reply-To: <20220426160048.812266-1-berrange@redhat.com> References: <20220426160048.812266-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 2.85 on 10.11.54.8 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -28 X-Spam_score: -2.9 X-Spam_bar: -- X-Spam_report: (-2.9 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.082, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Laurent Vivier , Thomas Huth , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Juan Quintela , "Dr. David Alan Gilbert" , Peter Xu , Paolo Bonzini Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1650990008606100001 Most of the multifd migration test logic is common with the rest of the precopy tests, so it can use the helper without difficulty. The only exception of the multifd cancellation test which tries to run multiple migrations in a row. Reviewed-by: Peter Xu Signed-off-by: Daniel P. Berrang=C3=A9 --- tests/qtest/migration-test.c | 77 +++++++++++++++++++----------------- 1 file changed, 40 insertions(+), 37 deletions(-) diff --git a/tests/qtest/migration-test.c b/tests/qtest/migration-test.c index 043ae94089..c1b0b3aca4 100644 --- a/tests/qtest/migration-test.c +++ b/tests/qtest/migration-test.c @@ -1739,26 +1739,12 @@ static void test_migrate_auto_converge(void) test_migrate_end(from, to, true); } =20 -static void test_multifd_tcp(const char *method) +static void * +test_migrate_precopy_tcp_multifd_start_common(QTestState *from, + QTestState *to, + const char *method) { - MigrateStart args =3D {}; - QTestState *from, *to; QDict *rsp; - g_autofree char *uri =3D NULL; - - if (test_migrate_start(&from, &to, "defer", &args)) { - return; - } - - /* - * We want to pick a speed slow enough that the test completes - * quickly, but that it doesn't complete precopy even on a slow - * machine, so also set the downtime. - */ - /* 1 ms should make it not converge*/ - migrate_set_parameter_int(from, "downtime-limit", 1); - /* 1GB/s */ - migrate_set_parameter_int(from, "max-bandwidth", 1000000000); =20 migrate_set_parameter_int(from, "multifd-channels", 16); migrate_set_parameter_int(to, "multifd-channels", 16); @@ -1774,41 +1760,58 @@ static void test_multifd_tcp(const char *method) " 'arguments': { 'uri': 'tcp:127.0.0.1:0' }}"); qobject_unref(rsp); =20 - /* Wait for the first serial output from the source */ - wait_for_serial("src_serial"); - - uri =3D migrate_get_socket_address(to, "socket-address"); - - migrate_qmp(from, uri, "{}"); - - wait_for_migration_pass(from); + return NULL; +} =20 - migrate_set_parameter_int(from, "downtime-limit", CONVERGE_DOWNTIME); +static void * +test_migrate_precopy_tcp_multifd_start(QTestState *from, + QTestState *to) +{ + return test_migrate_precopy_tcp_multifd_start_common(from, to, "none"); +} =20 - if (!got_stop) { - qtest_qmp_eventwait(from, "STOP"); - } - qtest_qmp_eventwait(to, "RESUME"); +static void * +test_migrate_precopy_tcp_multifd_zlib_start(QTestState *from, + QTestState *to) +{ + return test_migrate_precopy_tcp_multifd_start_common(from, to, "zlib"); +} =20 - wait_for_serial("dest_serial"); - wait_for_migration_complete(from); - test_migrate_end(from, to, true); +#ifdef CONFIG_ZSTD +static void * +test_migrate_precopy_tcp_multifd_zstd_start(QTestState *from, + QTestState *to) +{ + return test_migrate_precopy_tcp_multifd_start_common(from, to, "zstd"); } +#endif /* CONFIG_ZSTD */ =20 static void test_multifd_tcp_none(void) { - test_multifd_tcp("none"); + MigrateCommon args =3D { + .listen_uri =3D "defer", + .start_hook =3D test_migrate_precopy_tcp_multifd_start, + }; + test_precopy_common(&args); } =20 static void test_multifd_tcp_zlib(void) { - test_multifd_tcp("zlib"); + MigrateCommon args =3D { + .listen_uri =3D "defer", + .start_hook =3D test_migrate_precopy_tcp_multifd_zlib_start, + }; + test_precopy_common(&args); } =20 #ifdef CONFIG_ZSTD static void test_multifd_tcp_zstd(void) { - test_multifd_tcp("zstd"); + MigrateCommon args =3D { + .listen_uri =3D "defer", + .start_hook =3D test_migrate_precopy_tcp_multifd_zstd_start, + }; + test_precopy_common(&args); } #endif =20 --=20 2.35.1 From nobody Thu May 16 15:53:06 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1650989494561625.1112308966212; Tue, 26 Apr 2022 09:11:34 -0700 (PDT) Received: from localhost ([::1]:42862 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1njNmn-0000Vn-A0 for importer@patchew.org; Tue, 26 Apr 2022 12:11:33 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:37846) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1njNcn-00041L-PO for qemu-devel@nongnu.org; Tue, 26 Apr 2022 12:01:35 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:30064) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1njNce-0007Qg-EB for qemu-devel@nongnu.org; Tue, 26 Apr 2022 12:01:06 -0400 Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-106-f-AUUgzWNmaBaQipkLHWxQ-1; Tue, 26 Apr 2022 12:01:01 -0400 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com [10.11.54.8]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id DC5351E1AE4C for ; Tue, 26 Apr 2022 16:01:00 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.33.36.156]) by smtp.corp.redhat.com (Postfix) with ESMTP id 9C26CC202C8; Tue, 26 Apr 2022 16:00:59 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1650988862; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=kSSj3+MpvOD5KvDsmk6yAcbQURn96dMy+WcXfNkv0x4=; b=HhGLaWyIWgwA5HhgTc4x6XSE+JeG2yOPfjyYYy31sAeWZFZiwBXOIcSiLOwedCzRtNPM/W EW/FlILgk5lojXeS5nh1VVJSltd74cLlZ2cie62RHGF5LGuHauZjAWSEJs1l+qM6H6uvIr ra2R8qSy7+XAvnrroxfi71CES/I8eco= X-MC-Unique: f-AUUgzWNmaBaQipkLHWxQ-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PATCH v3 7/9] tests: add multifd migration tests of TLS with PSK credentials Date: Tue, 26 Apr 2022 17:00:46 +0100 Message-Id: <20220426160048.812266-8-berrange@redhat.com> In-Reply-To: <20220426160048.812266-1-berrange@redhat.com> References: <20220426160048.812266-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 2.85 on 10.11.54.8 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -28 X-Spam_score: -2.9 X-Spam_bar: -- X-Spam_report: (-2.9 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.082, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Laurent Vivier , Thomas Huth , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Juan Quintela , "Dr. David Alan Gilbert" , Peter Xu , Paolo Bonzini Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1650989495914100001 This validates that we correctly handle multifd migration success and failure scenarios when using TLS with pre shared keys. Signed-off-by: Daniel P. Berrang=C3=A9 Reviewed-by: Eric Blake --- tests/qtest/migration-test.c | 60 +++++++++++++++++++++++++++++++++--- 1 file changed, 56 insertions(+), 4 deletions(-) diff --git a/tests/qtest/migration-test.c b/tests/qtest/migration-test.c index c1b0b3aca4..f47e4797e2 100644 --- a/tests/qtest/migration-test.c +++ b/tests/qtest/migration-test.c @@ -1815,6 +1815,48 @@ static void test_multifd_tcp_zstd(void) } #endif =20 +#ifdef CONFIG_GNUTLS +static void * +test_migrate_multifd_tcp_tls_psk_start_match(QTestState *from, + QTestState *to) +{ + test_migrate_precopy_tcp_multifd_start_common(from, to, "none"); + return test_migrate_tls_psk_start_match(from, to); +} + +static void * +test_migrate_multifd_tcp_tls_psk_start_mismatch(QTestState *from, + QTestState *to) +{ + test_migrate_precopy_tcp_multifd_start_common(from, to, "none"); + return test_migrate_tls_psk_start_mismatch(from, to); +} + +static void test_multifd_tcp_tls_psk_match(void) +{ + MigrateCommon args =3D { + .listen_uri =3D "defer", + .start_hook =3D test_migrate_multifd_tcp_tls_psk_start_match, + .finish_hook =3D test_migrate_tls_psk_finish, + }; + test_precopy_common(&args); +} + +static void test_multifd_tcp_tls_psk_mismatch(void) +{ + MigrateCommon args =3D { + .start =3D { + .hide_stderr =3D true, + }, + .listen_uri =3D "defer", + .start_hook =3D test_migrate_multifd_tcp_tls_psk_start_mismatch, + .finish_hook =3D test_migrate_tls_psk_finish, + .result =3D MIG_TEST_FAIL, + }; + test_precopy_common(&args); +} +#endif /* CONFIG_GNUTLS */ + /* * This test does: * source target @@ -2025,12 +2067,22 @@ int main(int argc, char **argv) test_validate_uuid_dst_not_set); =20 qtest_add_func("/migration/auto_converge", test_migrate_auto_converge); - qtest_add_func("/migration/multifd/tcp/none", test_multifd_tcp_none); - qtest_add_func("/migration/multifd/tcp/cancel", test_multifd_tcp_cance= l); - qtest_add_func("/migration/multifd/tcp/zlib", test_multifd_tcp_zlib); + qtest_add_func("/migration/multifd/tcp/plain/none", + test_multifd_tcp_none); + qtest_add_func("/migration/multifd/tcp/plain/cancel", + test_multifd_tcp_cancel); + qtest_add_func("/migration/multifd/tcp/plain/zlib", + test_multifd_tcp_zlib); #ifdef CONFIG_ZSTD - qtest_add_func("/migration/multifd/tcp/zstd", test_multifd_tcp_zstd); + qtest_add_func("/migration/multifd/tcp/plain/zstd", + test_multifd_tcp_zstd); #endif +#ifdef CONFIG_GNUTLS + qtest_add_func("/migration/multifd/tcp/tls/psk/match", + test_multifd_tcp_tls_psk_match); + qtest_add_func("/migration/multifd/tcp/tls/psk/mismatch", + test_multifd_tcp_tls_psk_mismatch); +#endif /* CONFIG_GNUTLS */ =20 if (kvm_dirty_ring_supported()) { qtest_add_func("/migration/dirty_ring", --=20 2.35.1 From nobody Thu May 16 15:53:06 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1650989648035736.8748709469736; Tue, 26 Apr 2022 09:14:08 -0700 (PDT) Received: from localhost ([::1]:45642 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1njNpH-0002X1-1X for importer@patchew.org; Tue, 26 Apr 2022 12:14:07 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:37852) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1njNcn-00041M-UJ for qemu-devel@nongnu.org; Tue, 26 Apr 2022 12:01:35 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:56785) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1njNcf-0007Qx-AZ for qemu-devel@nongnu.org; Tue, 26 Apr 2022 12:01:07 -0400 Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-586-0CRNiKohPSSn0Y54AO7n9Q-1; Tue, 26 Apr 2022 12:01:02 -0400 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com [10.11.54.8]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 5B60B2999B3E for ; Tue, 26 Apr 2022 16:01:02 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.33.36.156]) by smtp.corp.redhat.com (Postfix) with ESMTP id 227D2C44AE9; Tue, 26 Apr 2022 16:01:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1650988864; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=aCLughWEUI6x9L+xfZiedaWSK0/n2mEEsKOP0Pmfr20=; b=VcKPeApsuDp7clYllwnwkZHbVrJaDiEprMEngPc3deCl5AGtm11PmXtQPnLa6RLJOzkwgv 8RnhS+2XVSju8vc73I/k4cUfeuFwXKZeAJoT5kkeoSPAiw/fn69HJreRz8Jos0OL0m0AeP nK7GwO5sJbgSn/OcFzdE4Q4ybgOkNBo= X-MC-Unique: 0CRNiKohPSSn0Y54AO7n9Q-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PATCH v3 8/9] tests: add multifd migration tests of TLS with x509 credentials Date: Tue, 26 Apr 2022 17:00:47 +0100 Message-Id: <20220426160048.812266-9-berrange@redhat.com> In-Reply-To: <20220426160048.812266-1-berrange@redhat.com> References: <20220426160048.812266-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 2.85 on 10.11.54.8 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -28 X-Spam_score: -2.9 X-Spam_bar: -- X-Spam_report: (-2.9 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.082, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Laurent Vivier , Thomas Huth , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Juan Quintela , "Dr. David Alan Gilbert" , Peter Xu , Paolo Bonzini Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1650989649929100003 This validates that we correctly handle multifd migration success and failure scenarios when using TLS with x509 certificates. There are quite a few different scenarios that matter in relation to hostname validation, but we skip a couple as we can assume that the non-multifd coverage applies to some extent. Signed-off-by: Daniel P. Berrang=C3=A9 Reviewed-by: Eric Blake --- tests/qtest/migration-test.c | 127 +++++++++++++++++++++++++++++++++++ 1 file changed, 127 insertions(+) diff --git a/tests/qtest/migration-test.c b/tests/qtest/migration-test.c index f47e4797e2..5ea0b9360a 100644 --- a/tests/qtest/migration-test.c +++ b/tests/qtest/migration-test.c @@ -1832,6 +1832,48 @@ test_migrate_multifd_tcp_tls_psk_start_mismatch(QTes= tState *from, return test_migrate_tls_psk_start_mismatch(from, to); } =20 +#ifdef CONFIG_TASN1 +static void * +test_migrate_multifd_tls_x509_start_default_host(QTestState *from, + QTestState *to) +{ + test_migrate_precopy_tcp_multifd_start_common(from, to, "none"); + return test_migrate_tls_x509_start_default_host(from, to); +} + +static void * +test_migrate_multifd_tls_x509_start_override_host(QTestState *from, + QTestState *to) +{ + test_migrate_precopy_tcp_multifd_start_common(from, to, "none"); + return test_migrate_tls_x509_start_override_host(from, to); +} + +static void * +test_migrate_multifd_tls_x509_start_mismatch_host(QTestState *from, + QTestState *to) +{ + test_migrate_precopy_tcp_multifd_start_common(from, to, "none"); + return test_migrate_tls_x509_start_mismatch_host(from, to); +} + +static void * +test_migrate_multifd_tls_x509_start_allow_anon_client(QTestState *from, + QTestState *to) +{ + test_migrate_precopy_tcp_multifd_start_common(from, to, "none"); + return test_migrate_tls_x509_start_allow_anon_client(from, to); +} + +static void * +test_migrate_multifd_tls_x509_start_reject_anon_client(QTestState *from, + QTestState *to) +{ + test_migrate_precopy_tcp_multifd_start_common(from, to, "none"); + return test_migrate_tls_x509_start_reject_anon_client(from, to); +} +#endif /* CONFIG_TASN1 */ + static void test_multifd_tcp_tls_psk_match(void) { MigrateCommon args =3D { @@ -1855,6 +1897,79 @@ static void test_multifd_tcp_tls_psk_mismatch(void) }; test_precopy_common(&args); } + +#ifdef CONFIG_TASN1 +static void test_multifd_tcp_tls_x509_default_host(void) +{ + MigrateCommon args =3D { + .listen_uri =3D "defer", + .start_hook =3D test_migrate_multifd_tls_x509_start_default_host, + .finish_hook =3D test_migrate_tls_x509_finish, + }; + test_precopy_common(&args); +} + +static void test_multifd_tcp_tls_x509_override_host(void) +{ + MigrateCommon args =3D { + .listen_uri =3D "defer", + .start_hook =3D test_migrate_multifd_tls_x509_start_override_host, + .finish_hook =3D test_migrate_tls_x509_finish, + }; + test_precopy_common(&args); +} + +static void test_multifd_tcp_tls_x509_mismatch_host(void) +{ + /* + * This has different behaviour to the non-multifd case. + * + * In non-multifd case when client aborts due to mismatched + * cert host, the server has already started trying to load + * migration state, and so it exits with I/O failure. + * + * In multifd case when client aborts due to mismatched + * cert host, the server is still waiting for the other + * multifd connections to arrive so hasn't started trying + * to load migration state, and thus just aborts the migration + * without exiting + */ + MigrateCommon args =3D { + .start =3D { + .hide_stderr =3D true, + }, + .listen_uri =3D "defer", + .start_hook =3D test_migrate_multifd_tls_x509_start_mismatch_host, + .finish_hook =3D test_migrate_tls_x509_finish, + .result =3D MIG_TEST_FAIL, + }; + test_precopy_common(&args); +} + +static void test_multifd_tcp_tls_x509_allow_anon_client(void) +{ + MigrateCommon args =3D { + .listen_uri =3D "defer", + .start_hook =3D test_migrate_multifd_tls_x509_start_allow_anon_cli= ent, + .finish_hook =3D test_migrate_tls_x509_finish, + }; + test_precopy_common(&args); +} + +static void test_multifd_tcp_tls_x509_reject_anon_client(void) +{ + MigrateCommon args =3D { + .start =3D { + .hide_stderr =3D true, + }, + .listen_uri =3D "defer", + .start_hook =3D test_migrate_multifd_tls_x509_start_reject_anon_cl= ient, + .finish_hook =3D test_migrate_tls_x509_finish, + .result =3D MIG_TEST_FAIL, + }; + test_precopy_common(&args); +} +#endif /* CONFIG_TASN1 */ #endif /* CONFIG_GNUTLS */ =20 /* @@ -2082,6 +2197,18 @@ int main(int argc, char **argv) test_multifd_tcp_tls_psk_match); qtest_add_func("/migration/multifd/tcp/tls/psk/mismatch", test_multifd_tcp_tls_psk_mismatch); +#ifdef CONFIG_TASN1 + qtest_add_func("/migration/multifd/tcp/tls/x509/default-host", + test_multifd_tcp_tls_x509_default_host); + qtest_add_func("/migration/multifd/tcp/tls/x509/override-host", + test_multifd_tcp_tls_x509_override_host); + qtest_add_func("/migration/multifd/tcp/tls/x509/mismatch-host", + test_multifd_tcp_tls_x509_mismatch_host); + qtest_add_func("/migration/multifd/tcp/tls/x509/allow-anon-client", + test_multifd_tcp_tls_x509_allow_anon_client); + qtest_add_func("/migration/multifd/tcp/tls/x509/reject-anon-client", + test_multifd_tcp_tls_x509_reject_anon_client); +#endif /* CONFIG_TASN1 */ #endif /* CONFIG_GNUTLS */ =20 if (kvm_dirty_ring_supported()) { --=20 2.35.1 From nobody Thu May 16 15:53:06 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1650989336898502.3379888327994; Tue, 26 Apr 2022 09:08:56 -0700 (PDT) Received: from localhost ([::1]:36458 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1njNkF-0004U5-P0 for importer@patchew.org; Tue, 26 Apr 2022 12:08:55 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:37854) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1njNcn-00041N-Uz for qemu-devel@nongnu.org; Tue, 26 Apr 2022 12:01:35 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]:37723) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1njNcg-0007R8-BO for qemu-devel@nongnu.org; Tue, 26 Apr 2022 12:01:09 -0400 Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-655-ZQkvn-KpNcWWqgAjyFt77Q-1; Tue, 26 Apr 2022 12:01:04 -0400 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com [10.11.54.8]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id D87413832186 for ; Tue, 26 Apr 2022 16:01:03 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.33.36.156]) by smtp.corp.redhat.com (Postfix) with ESMTP id 96D2CC28137; Tue, 26 Apr 2022 16:01:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1650988865; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Cs4XidUMc4tUZWMoserwt+Hi9nBDr1/rE9neHcid6Ig=; b=gUOXR3jv5bKt7Aq0xLumVWMSdelaehYRQYRULH5Hc8iUgeHqqyBy1PFjPr0oQpVXBjVVpQ R9FdMdkaaG7euiASWFv9t4M4OVqzPuVm7eSeq0V4lAbK88+P+HocdOLaB+r5cDoAslBTox AmTjgOR6uzS7CBYYQDyBape4Eoxhb1c= X-MC-Unique: ZQkvn-KpNcWWqgAjyFt77Q-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PATCH v3 9/9] tests: ensure migration status isn't reported as failed Date: Tue, 26 Apr 2022 17:00:48 +0100 Message-Id: <20220426160048.812266-10-berrange@redhat.com> In-Reply-To: <20220426160048.812266-1-berrange@redhat.com> References: <20220426160048.812266-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 2.85 on 10.11.54.8 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -28 X-Spam_score: -2.9 X-Spam_bar: -- X-Spam_report: (-2.9 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.082, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Laurent Vivier , Thomas Huth , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Juan Quintela , "Dr. David Alan Gilbert" , Peter Xu , Paolo Bonzini Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1650989338349100001 Various methods in the migration test call 'query_migrate' to fetch the current status and then access a particular field. Almost all of these cases expect the migration to be in a non-failed state. In the case of 'wait_for_migration_pass' in particular, if the status is 'failed' then it will get into an infinite loop. By validating that the status is not 'failed' the test suite will assert rather than hang when getting into an unexpected state. Reviewed-by: Peter Xu Signed-off-by: Daniel P. Berrang=C3=A9 --- tests/qtest/migration-helpers.c | 13 +++++++++++++ tests/qtest/migration-helpers.h | 1 + tests/qtest/migration-test.c | 6 +++--- 3 files changed, 17 insertions(+), 3 deletions(-) diff --git a/tests/qtest/migration-helpers.c b/tests/qtest/migration-helper= s.c index 4ee26014b7..a6aa59e4e6 100644 --- a/tests/qtest/migration-helpers.c +++ b/tests/qtest/migration-helpers.c @@ -107,6 +107,19 @@ QDict *migrate_query(QTestState *who) return wait_command(who, "{ 'execute': 'query-migrate' }"); } =20 +QDict *migrate_query_not_failed(QTestState *who) +{ + const char *status; + QDict *rsp =3D migrate_query(who); + status =3D qdict_get_str(rsp, "status"); + if (g_str_equal(status, "failed")) { + g_printerr("query-migrate shows failed migration: %s\n", + qdict_get_str(rsp, "error-desc")); + } + g_assert(!g_str_equal(status, "failed")); + return rsp; +} + /* * Note: caller is responsible to free the returned object via * g_free() after use diff --git a/tests/qtest/migration-helpers.h b/tests/qtest/migration-helper= s.h index 555adafce1..d07e0fb748 100644 --- a/tests/qtest/migration-helpers.h +++ b/tests/qtest/migration-helpers.h @@ -26,6 +26,7 @@ G_GNUC_PRINTF(3, 4) void migrate_qmp(QTestState *who, const char *uri, const char *fmt, ...); =20 QDict *migrate_query(QTestState *who); +QDict *migrate_query_not_failed(QTestState *who); =20 void wait_for_migration_status(QTestState *who, const char *goal, const char **ungoals); diff --git a/tests/qtest/migration-test.c b/tests/qtest/migration-test.c index 5ea0b9360a..d9f444ea14 100644 --- a/tests/qtest/migration-test.c +++ b/tests/qtest/migration-test.c @@ -181,7 +181,7 @@ static int64_t read_ram_property_int(QTestState *who, c= onst char *property) QDict *rsp_return, *rsp_ram; int64_t result; =20 - rsp_return =3D migrate_query(who); + rsp_return =3D migrate_query_not_failed(who); if (!qdict_haskey(rsp_return, "ram")) { /* Still in setup */ result =3D 0; @@ -198,7 +198,7 @@ static int64_t read_migrate_property_int(QTestState *wh= o, const char *property) QDict *rsp_return; int64_t result; =20 - rsp_return =3D migrate_query(who); + rsp_return =3D migrate_query_not_failed(who); result =3D qdict_get_try_int(rsp_return, property, 0); qobject_unref(rsp_return); return result; @@ -213,7 +213,7 @@ static void read_blocktime(QTestState *who) { QDict *rsp_return; =20 - rsp_return =3D migrate_query(who); + rsp_return =3D migrate_query_not_failed(who); g_assert(qdict_haskey(rsp_return, "postcopy-blocktime")); qobject_unref(rsp_return); } --=20 2.35.1