From nobody Mon Feb 9 00:19:44 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1487678920415188.83728798886068; Tue, 21 Feb 2017 04:08:40 -0800 (PST) Received: from localhost ([::1]:43973 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cg9FF-0008NK-OR for importer@patchew.org; Tue, 21 Feb 2017 07:08:37 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:38228) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cg939-0005Yr-SX for qemu-devel@nongnu.org; Tue, 21 Feb 2017 06:56:09 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cg938-0005Fi-3n for qemu-devel@nongnu.org; Tue, 21 Feb 2017 06:56:07 -0500 Received: from mx1.redhat.com ([209.132.183.28]:35288) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1cg932-0005E5-Cm; Tue, 21 Feb 2017 06:56:00 -0500 Received: from int-mx14.intmail.prod.int.phx2.redhat.com (int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 74D767E9CB; Tue, 21 Feb 2017 11:56:00 +0000 (UTC) Received: from t460.redhat.com (ovpn-117-196.ams2.redhat.com [10.36.117.196]) by int-mx14.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id v1LBtLjO032624; Tue, 21 Feb 2017 06:55:57 -0500 From: "Daniel P. Berrange" To: qemu-devel@nongnu.org Date: Tue, 21 Feb 2017 11:55:08 +0000 Message-Id: <20170221115512.21918-15-berrange@redhat.com> In-Reply-To: <20170221115512.21918-1-berrange@redhat.com> References: <20170221115512.21918-1-berrange@redhat.com> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.27 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Tue, 21 Feb 2017 11:56:00 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v5 14/18] qcow2: add iotests to cover LUKS encryption support X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , Alberto Garcia , qemu-block@nongnu.org, Max Reitz Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" This extends the 087 iotest to cover LUKS encryption when doing blockdev-add. Two further tests are added to validate read/write of LUKS encrypted images with a single file and with a backing file. Reviewed-by: Alberto Garcia Reviewed-by: Max Reitz Signed-off-by: Daniel P. Berrange --- tests/qemu-iotests/087 | 32 ++++++++++++++++- tests/qemu-iotests/087.out | 14 +++++++- tests/qemu-iotests/176 | 76 ++++++++++++++++++++++++++++++++++++++++ tests/qemu-iotests/176.out | 18 ++++++++++ tests/qemu-iotests/177 | 86 ++++++++++++++++++++++++++++++++++++++++++= ++++ tests/qemu-iotests/177.out | 26 ++++++++++++++ tests/qemu-iotests/group | 2 ++ 7 files changed, 252 insertions(+), 2 deletions(-) create mode 100755 tests/qemu-iotests/176 create mode 100644 tests/qemu-iotests/176.out create mode 100755 tests/qemu-iotests/177 create mode 100644 tests/qemu-iotests/177.out diff --git a/tests/qemu-iotests/087 b/tests/qemu-iotests/087 index 55a9e06..1c3ca9f 100755 --- a/tests/qemu-iotests/087 +++ b/tests/qemu-iotests/087 @@ -121,7 +121,7 @@ run_qemu <. +# + +# creator +owner=3Dberrange@redhat.com + +seq=3D`basename $0` +echo "QA output created by $seq" + +here=3D`pwd` +status=3D1 # failure is the default! + +_cleanup() +{ + _cleanup_test_img +} +trap "_cleanup; exit \$status" 0 1 2 3 15 + +# get standard environment, filters and checks +. ./common.rc +. ./common.filter + +_supported_fmt qcow2 +_supported_proto generic +_supported_os Linux + + +size=3D16M + +SECRET=3D"secret,id=3Dsec0,data=3Dastrochicken" +SECRETALT=3D"secret,id=3Dsec0,data=3Dplatypus" + +_make_test_img --object $SECRET -o "encryption-format=3Dluks,luks-key-secr= et=3Dsec0,luks-iter-time=3D10" $size + +IMGSPEC=3D"driver=3D$IMGFMT,file.filename=3D$TEST_IMG,luks-key-secret=3Dse= c0" + +QEMU_IO_OPTIONS=3D$QEMU_IO_OPTIONS_NO_FMT + +echo +echo "=3D=3D reading whole image =3D=3D" +$QEMU_IO --object $SECRET -c "read -P 0 0 $size" --image-opts $IMGSPEC | _= filter_qemu_io | _filter_testdir + +echo +echo "=3D=3D rewriting whole image =3D=3D" +$QEMU_IO --object $SECRET -c "write -P 0xa 0 $size" --image-opts $IMGSPEC = | _filter_qemu_io | _filter_testdir + +echo +echo "=3D=3D verify pattern =3D=3D" +$QEMU_IO --object $SECRET -c "read -P 0xa 0 $size" --image-opts $IMGSPEC = | _filter_qemu_io | _filter_testdir + +echo +echo "=3D=3D verify open failure with wrong password =3D=3D" +$QEMU_IO --object $SECRETALT -c "read -P 0xa 0 $size" --image-opts $IMGSPE= C | _filter_qemu_io | _filter_testdir + + +# success, all done +echo "*** done" +rm -f $seq.full +status=3D0 diff --git a/tests/qemu-iotests/176.out b/tests/qemu-iotests/176.out new file mode 100644 index 0000000..0662154 --- /dev/null +++ b/tests/qemu-iotests/176.out @@ -0,0 +1,18 @@ +QA output created by 176 +Formatting 'TEST_DIR/t.IMGFMT', fmt=3DIMGFMT size=3D16777216 encryption-fo= rmat=3Dluks luks-key-secret=3Dsec0 luks-iter-time=3D10 + +=3D=3D reading whole image =3D=3D +read 16777216/16777216 bytes at offset 0 +16 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) + +=3D=3D rewriting whole image =3D=3D +wrote 16777216/16777216 bytes at offset 0 +16 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) + +=3D=3D verify pattern =3D=3D +read 16777216/16777216 bytes at offset 0 +16 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) + +=3D=3D verify open failure with wrong password =3D=3D +can't open: Invalid password, cannot unlock any keyslot +*** done diff --git a/tests/qemu-iotests/177 b/tests/qemu-iotests/177 new file mode 100755 index 0000000..9dd03d5 --- /dev/null +++ b/tests/qemu-iotests/177 @@ -0,0 +1,86 @@ +#!/bin/bash +# +# Test encrypted read/write using backing files +# +# Copyright (C) 2017 Red Hat, Inc. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +# creator +owner=3Dberrange@redhat.com + +seq=3D`basename $0` +echo "QA output created by $seq" + +here=3D`pwd` +status=3D1 # failure is the default! + +_cleanup() +{ + _cleanup_test_img +} +trap "_cleanup; exit \$status" 0 1 2 3 15 + +# get standard environment, filters and checks +. ./common.rc +. ./common.filter + +_supported_fmt qcow2 +_supported_proto generic +_supported_os Linux + + +size=3D16M +TEST_IMG_BASE=3D$TEST_IMG.base +SECRET0=3D"secret,id=3Dsec0,data=3Dastrochicken" +SECRET1=3D"secret,id=3Dsec1,data=3Dfurby" + +TEST_IMG_SAVE=3D$TEST_IMG +TEST_IMG=3D$TEST_IMG_BASE +echo "=3D=3D create base =3D=3D" +_make_test_img --object $SECRET0 -o "encryption-format=3Dluks,luks-key-sec= ret=3Dsec0,luks-iter-time=3D10" $size +TEST_IMG=3D$TEST_IMG_SAVE + +IMGSPECBASE=3D"driver=3D$IMGFMT,file.filename=3D$TEST_IMG_BASE,luks-key-se= cret=3Dsec0" +IMGSPEC=3D"driver=3D$IMGFMT,file.filename=3D$TEST_IMG,backing.driver=3D$IM= GFMT,backing.file.filename=3D$TEST_IMG_BASE,backing.luks-key-secret=3Dsec0,= luks-key-secret=3Dsec1" +QEMU_IO_OPTIONS=3D$QEMU_IO_OPTIONS_NO_FMT + +echo +echo "=3D=3D writing whole image =3D=3D" +$QEMU_IO --object $SECRET0 -c "write -P 0xa 0 $size" --image-opts $IMGSPEC= BASE | _filter_qemu_io | _filter_testdir + +echo +echo "=3D=3D verify pattern =3D=3D" +$QEMU_IO --object $SECRET0 -c "read -P 0xa 0 $size" --image-opts $IMGSPECB= ASE | _filter_qemu_io | _filter_testdir + +echo "=3D=3D create overlay =3D=3D" +_make_test_img --object $SECRET1 -o "encryption-format=3Dluks,luks-key-sec= ret=3Dsec1,luks-iter-time=3D10" -b "$TEST_IMG_BASE" $size + +echo +echo "=3D=3D writing part of a cluster =3D=3D" +$QEMU_IO --object $SECRET0 --object $SECRET1 -c "write -P 0xe 0 1024" --im= age-opts $IMGSPEC | _filter_qemu_io | _filter_testdir + +echo +echo "=3D=3D verify pattern =3D=3D" +$QEMU_IO --object $SECRET0 --object $SECRET1 -c "read -P 0xe 0 1024" --ima= ge-opts $IMGSPEC | _filter_qemu_io | _filter_testdir +echo +echo "=3D=3D verify pattern =3D=3D" +$QEMU_IO --object $SECRET0 --object $SECRET1 -c "read -P 0xa 1024 64512" -= -image-opts $IMGSPEC | _filter_qemu_io | _filter_testdir + + +# success, all done +echo "*** done" +rm -f $seq.full +status=3D0 diff --git a/tests/qemu-iotests/177.out b/tests/qemu-iotests/177.out new file mode 100644 index 0000000..5a91b12 --- /dev/null +++ b/tests/qemu-iotests/177.out @@ -0,0 +1,26 @@ +QA output created by 177 +=3D=3D create base =3D=3D +Formatting 'TEST_DIR/t.IMGFMT.base', fmt=3DIMGFMT size=3D16777216 encrypti= on-format=3Dluks luks-key-secret=3Dsec0 luks-iter-time=3D10 + +=3D=3D writing whole image =3D=3D +wrote 16777216/16777216 bytes at offset 0 +16 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) + +=3D=3D verify pattern =3D=3D +read 16777216/16777216 bytes at offset 0 +16 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) +=3D=3D create overlay =3D=3D +Formatting 'TEST_DIR/t.IMGFMT', fmt=3DIMGFMT size=3D16777216 backing_file= =3DTEST_DIR/t.IMGFMT.base encryption-format=3Dluks luks-key-secret=3Dsec1 l= uks-iter-time=3D10 + +=3D=3D writing part of a cluster =3D=3D +wrote 1024/1024 bytes at offset 0 +1 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) + +=3D=3D verify pattern =3D=3D +read 1024/1024 bytes at offset 0 +1 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) + +=3D=3D verify pattern =3D=3D +read 64512/64512 bytes at offset 1024 +63 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) +*** done diff --git a/tests/qemu-iotests/group b/tests/qemu-iotests/group index 19169eb..a7cdd3f 100644 --- a/tests/qemu-iotests/group +++ b/tests/qemu-iotests/group @@ -168,3 +168,5 @@ 173 rw auto 174 auto 175 rw auto backing +176 rw auto quick +177 rw auto quick --=20 2.9.3