From nobody Wed Apr 16 08:01:16 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1499449858693708.413492837036; Fri, 7 Jul 2017 10:50:58 -0700 (PDT) Received: from localhost ([::1]:57928 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dTXP7-0008NL-A1 for importer@patchew.org; Fri, 07 Jul 2017 13:50:57 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:42609) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dTWly-0005xO-7s for qemu-devel@nongnu.org; Fri, 07 Jul 2017 13:10:33 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dTWlu-0000AT-Em for qemu-devel@nongnu.org; Fri, 07 Jul 2017 13:10:30 -0400 Received: from mx1.redhat.com ([209.132.183.28]:38316) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dTWlp-00007Z-Kh; Fri, 07 Jul 2017 13:10:21 -0400 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id A9AF34DB15; Fri, 7 Jul 2017 17:10:20 +0000 (UTC) Received: from noname.redhat.com (ovpn-117-34.ams2.redhat.com [10.36.117.34]) by smtp.corp.redhat.com (Postfix) with ESMTP id BA9DD61F23; Fri, 7 Jul 2017 17:10:19 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com A9AF34DB15 Authentication-Results: ext-mx05.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx05.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=kwolf@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com A9AF34DB15 From: Kevin Wolf To: qemu-block@nongnu.org Date: Fri, 7 Jul 2017 19:08:09 +0200 Message-Id: <1499447335-6125-55-git-send-email-kwolf@redhat.com> In-Reply-To: <1499447335-6125-1-git-send-email-kwolf@redhat.com> References: <1499447335-6125-1-git-send-email-kwolf@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Fri, 07 Jul 2017 17:10:20 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PULL 054/100] qcow2: add iotests to cover LUKS encryption support X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: kwolf@redhat.com, qemu-devel@nongnu.org Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" From: "Daniel P. Berrange" This extends the 087 iotest to cover LUKS encryption when doing blockdev-add. Two further tests are added to validate read/write of LUKS encrypted images with a single file and with a backing file. Reviewed-by: Alberto Garcia Reviewed-by: Max Reitz Signed-off-by: Daniel P. Berrange Message-id: 20170623162419.26068-15-berrange@redhat.com Signed-off-by: Max Reitz --- tests/qemu-iotests/087 | 35 ++++++++++++++++++- tests/qemu-iotests/087.out | 14 +++++++- tests/qemu-iotests/188 | 76 ++++++++++++++++++++++++++++++++++++++++ tests/qemu-iotests/188.out | 18 ++++++++++ tests/qemu-iotests/189 | 86 ++++++++++++++++++++++++++++++++++++++++++= ++++ tests/qemu-iotests/189.out | 26 ++++++++++++++ tests/qemu-iotests/group | 2 ++ 7 files changed, 255 insertions(+), 2 deletions(-) create mode 100755 tests/qemu-iotests/188 create mode 100644 tests/qemu-iotests/188.out create mode 100755 tests/qemu-iotests/189 create mode 100644 tests/qemu-iotests/189.out diff --git a/tests/qemu-iotests/087 b/tests/qemu-iotests/087 index 1d595b2..f8e4903 100755 --- a/tests/qemu-iotests/087 +++ b/tests/qemu-iotests/087 @@ -119,7 +119,7 @@ run_qemu <. +# + +# creator +owner=3Dberrange@redhat.com + +seq=3D`basename $0` +echo "QA output created by $seq" + +here=3D`pwd` +status=3D1 # failure is the default! + +_cleanup() +{ + _cleanup_test_img +} +trap "_cleanup; exit \$status" 0 1 2 3 15 + +# get standard environment, filters and checks +. ./common.rc +. ./common.filter + +_supported_fmt qcow2 +_supported_proto generic +_supported_os Linux + + +size=3D16M + +SECRET=3D"secret,id=3Dsec0,data=3Dastrochicken" +SECRETALT=3D"secret,id=3Dsec0,data=3Dplatypus" + +_make_test_img --object $SECRET -o "encrypt.format=3Dluks,encrypt.key-secr= et=3Dsec0,encrypt.iter-time=3D10" $size + +IMGSPEC=3D"driver=3D$IMGFMT,file.filename=3D$TEST_IMG,encrypt.key-secret= =3Dsec0" + +QEMU_IO_OPTIONS=3D$QEMU_IO_OPTIONS_NO_FMT + +echo +echo "=3D=3D reading whole image =3D=3D" +$QEMU_IO --object $SECRET -c "read -P 0 0 $size" --image-opts $IMGSPEC | _= filter_qemu_io | _filter_testdir + +echo +echo "=3D=3D rewriting whole image =3D=3D" +$QEMU_IO --object $SECRET -c "write -P 0xa 0 $size" --image-opts $IMGSPEC = | _filter_qemu_io | _filter_testdir + +echo +echo "=3D=3D verify pattern =3D=3D" +$QEMU_IO --object $SECRET -c "read -P 0xa 0 $size" --image-opts $IMGSPEC = | _filter_qemu_io | _filter_testdir + +echo +echo "=3D=3D verify open failure with wrong password =3D=3D" +$QEMU_IO --object $SECRETALT -c "read -P 0xa 0 $size" --image-opts $IMGSPE= C | _filter_qemu_io | _filter_testdir + + +# success, all done +echo "*** done" +rm -f $seq.full +status=3D0 diff --git a/tests/qemu-iotests/188.out b/tests/qemu-iotests/188.out new file mode 100644 index 0000000..8af24e5 --- /dev/null +++ b/tests/qemu-iotests/188.out @@ -0,0 +1,18 @@ +QA output created by 188 +Formatting 'TEST_DIR/t.IMGFMT', fmt=3DIMGFMT size=3D16777216 encrypt.forma= t=3Dluks encrypt.key-secret=3Dsec0 encrypt.iter-time=3D10 + +=3D=3D reading whole image =3D=3D +read 16777216/16777216 bytes at offset 0 +16 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) + +=3D=3D rewriting whole image =3D=3D +wrote 16777216/16777216 bytes at offset 0 +16 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) + +=3D=3D verify pattern =3D=3D +read 16777216/16777216 bytes at offset 0 +16 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) + +=3D=3D verify open failure with wrong password =3D=3D +can't open: Invalid password, cannot unlock any keyslot +*** done diff --git a/tests/qemu-iotests/189 b/tests/qemu-iotests/189 new file mode 100755 index 0000000..54ad980 --- /dev/null +++ b/tests/qemu-iotests/189 @@ -0,0 +1,86 @@ +#!/bin/bash +# +# Test encrypted read/write using backing files +# +# Copyright (C) 2017 Red Hat, Inc. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +# creator +owner=3Dberrange@redhat.com + +seq=3D`basename $0` +echo "QA output created by $seq" + +here=3D`pwd` +status=3D1 # failure is the default! + +_cleanup() +{ + _cleanup_test_img +} +trap "_cleanup; exit \$status" 0 1 2 3 15 + +# get standard environment, filters and checks +. ./common.rc +. ./common.filter + +_supported_fmt qcow2 +_supported_proto generic +_supported_os Linux + + +size=3D16M +TEST_IMG_BASE=3D$TEST_IMG.base +SECRET0=3D"secret,id=3Dsec0,data=3Dastrochicken" +SECRET1=3D"secret,id=3Dsec1,data=3Dfurby" + +TEST_IMG_SAVE=3D$TEST_IMG +TEST_IMG=3D$TEST_IMG_BASE +echo "=3D=3D create base =3D=3D" +_make_test_img --object $SECRET0 -o "encrypt.format=3Dluks,encrypt.key-sec= ret=3Dsec0,encrypt.iter-time=3D10" $size +TEST_IMG=3D$TEST_IMG_SAVE + +IMGSPECBASE=3D"driver=3D$IMGFMT,file.filename=3D$TEST_IMG_BASE,encrypt.key= -secret=3Dsec0" +IMGSPEC=3D"driver=3D$IMGFMT,file.filename=3D$TEST_IMG,backing.driver=3D$IM= GFMT,backing.file.filename=3D$TEST_IMG_BASE,backing.encrypt.key-secret=3Dse= c0,encrypt.key-secret=3Dsec1" +QEMU_IO_OPTIONS=3D$QEMU_IO_OPTIONS_NO_FMT + +echo +echo "=3D=3D writing whole image =3D=3D" +$QEMU_IO --object $SECRET0 -c "write -P 0xa 0 $size" --image-opts $IMGSPEC= BASE | _filter_qemu_io | _filter_testdir + +echo +echo "=3D=3D verify pattern =3D=3D" +$QEMU_IO --object $SECRET0 -c "read -P 0xa 0 $size" --image-opts $IMGSPECB= ASE | _filter_qemu_io | _filter_testdir + +echo "=3D=3D create overlay =3D=3D" +_make_test_img --object $SECRET1 -o "encrypt.format=3Dluks,encrypt.key-sec= ret=3Dsec1,encrypt.iter-time=3D10" -b "$TEST_IMG_BASE" $size + +echo +echo "=3D=3D writing part of a cluster =3D=3D" +$QEMU_IO --object $SECRET0 --object $SECRET1 -c "write -P 0xe 0 1024" --im= age-opts $IMGSPEC | _filter_qemu_io | _filter_testdir + +echo +echo "=3D=3D verify pattern =3D=3D" +$QEMU_IO --object $SECRET0 --object $SECRET1 -c "read -P 0xe 0 1024" --ima= ge-opts $IMGSPEC | _filter_qemu_io | _filter_testdir +echo +echo "=3D=3D verify pattern =3D=3D" +$QEMU_IO --object $SECRET0 --object $SECRET1 -c "read -P 0xa 1024 64512" -= -image-opts $IMGSPEC | _filter_qemu_io | _filter_testdir + + +# success, all done +echo "*** done" +rm -f $seq.full +status=3D0 diff --git a/tests/qemu-iotests/189.out b/tests/qemu-iotests/189.out new file mode 100644 index 0000000..a0b7c9c --- /dev/null +++ b/tests/qemu-iotests/189.out @@ -0,0 +1,26 @@ +QA output created by 189 +=3D=3D create base =3D=3D +Formatting 'TEST_DIR/t.IMGFMT.base', fmt=3DIMGFMT size=3D16777216 encrypt.= format=3Dluks encrypt.key-secret=3Dsec0 encrypt.iter-time=3D10 + +=3D=3D writing whole image =3D=3D +wrote 16777216/16777216 bytes at offset 0 +16 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) + +=3D=3D verify pattern =3D=3D +read 16777216/16777216 bytes at offset 0 +16 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) +=3D=3D create overlay =3D=3D +Formatting 'TEST_DIR/t.IMGFMT', fmt=3DIMGFMT size=3D16777216 backing_file= =3DTEST_DIR/t.IMGFMT.base encrypt.format=3Dluks encrypt.key-secret=3Dsec1 e= ncrypt.iter-time=3D10 + +=3D=3D writing part of a cluster =3D=3D +wrote 1024/1024 bytes at offset 0 +1 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) + +=3D=3D verify pattern =3D=3D +read 1024/1024 bytes at offset 0 +1 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) + +=3D=3D verify pattern =3D=3D +read 64512/64512 bytes at offset 1024 +63 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) +*** done diff --git a/tests/qemu-iotests/group b/tests/qemu-iotests/group index 318ae74..613d596 100644 --- a/tests/qemu-iotests/group +++ b/tests/qemu-iotests/group @@ -176,3 +176,5 @@ 182 rw auto quick 183 rw auto migration 185 rw auto +188 rw auto quick +189 rw auto quick --=20 1.8.3.1