From nobody Sat May 18 03:21:35 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1637161557173341.7322115867919; Wed, 17 Nov 2021 07:05:57 -0800 (PST) Received: from localhost ([::1]:33548 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mnMVW-00086A-PM for importer@patchew.org; Wed, 17 Nov 2021 10:05:54 -0500 Received: from eggs.gnu.org ([209.51.188.92]:33448) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mnMS1-0003ej-BB for qemu-devel@nongnu.org; Wed, 17 Nov 2021 10:02:17 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:55146) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mnMRz-0002lA-7j for qemu-devel@nongnu.org; Wed, 17 Nov 2021 10:02:17 -0500 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-48-C-N1zHW_PO24u4corlQq9A-1; Wed, 17 Nov 2021 10:02:09 -0500 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 8EA39CC622; Wed, 17 Nov 2021 15:02:08 +0000 (UTC) Received: from localhost (unknown [10.39.195.120]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 8812B19D9B; Wed, 17 Nov 2021 15:02:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1637161334; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=5n4qF2HbQ+YEnXxwp0jd86iHwmna9cL67Byg/xWP7Mc=; b=MgbTSCSD5DL79un2E9ryQRcHyQZgJU51rGj+vYKf384PuYiRowU/4JKfOQNPS0SuEVOtu5 +r9iaQ9apW25jC5nQX8twKGtm+lxUe1UXbWpXDczhBUq2zTo/UMQU/WFptTm777N6Zvc6Q 6zP0169MJypBhg1OjlN+2xqqqFCsP1M= X-MC-Unique: C-N1zHW_PO24u4corlQq9A-1 From: Hanna Reitz To: qemu-block@nongnu.org Subject: [PATCH 1/2] iotests: Use aes-128-cbc Date: Wed, 17 Nov 2021 16:01:58 +0100 Message-Id: <20211117150159.41806-2-hreitz@redhat.com> In-Reply-To: <20211117150159.41806-1-hreitz@redhat.com> References: <20211117150159.41806-1-hreitz@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=hreitz@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=hreitz@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -34 X-Spam_score: -3.5 X-Spam_bar: --- X-Spam_report: (-3.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.701, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , Hanna Reitz , qemu-devel@nongnu.org, Thomas Huth Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1637161608423100001 Content-Type: text/plain; charset="utf-8" Our gnutls crypto backend (which is the default as of 8bd0931f6) supports neither twofish-128 nor the CTR mode. CBC and aes-128 are supported by all of our backends (as far as I can tell), so use aes-128-cbc in our iotests. (We could also use e.g. aes-256-cbc, but the different key sizes would lead to different key slot offsets and so change the reference output more, which is why I went with aes-128.) Signed-off-by: Hanna Reitz --- tests/qemu-iotests/206 | 4 ++-- tests/qemu-iotests/206.out | 6 +++--- tests/qemu-iotests/210 | 4 ++-- tests/qemu-iotests/210.out | 6 +++--- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/tests/qemu-iotests/206 b/tests/qemu-iotests/206 index c3cdad4ce4..10eff343f7 100755 --- a/tests/qemu-iotests/206 +++ b/tests/qemu-iotests/206 @@ -162,8 +162,8 @@ with iotests.FilePath('t.qcow2') as disk_path, \ 'encrypt': { 'format': 'luks', 'key-secret': 'keysec0', - 'cipher-alg': 'twofish-128', - 'cipher-mode': 'ctr', + 'cipher-alg': 'aes-128', + 'cipher-mode': 'cbc', 'ivgen-alg': 'plain64', 'ivgen-hash-alg': 'md5', 'hash-alg': 'sha1', diff --git a/tests/qemu-iotests/206.out b/tests/qemu-iotests/206.out index 3593e8e9c2..80cd274223 100644 --- a/tests/qemu-iotests/206.out +++ b/tests/qemu-iotests/206.out @@ -97,7 +97,7 @@ Format specific information: =20 =3D=3D=3D Successful image creation (encrypted) =3D=3D=3D =20 -{"execute": "blockdev-create", "arguments": {"job-id": "job0", "options": = {"driver": "qcow2", "encrypt": {"cipher-alg": "twofish-128", "cipher-mode":= "ctr", "format": "luks", "hash-alg": "sha1", "iter-time": 10, "ivgen-alg":= "plain64", "ivgen-hash-alg": "md5", "key-secret": "keysec0"}, "file": {"dr= iver": "file", "filename": "TEST_DIR/PID-t.qcow2"}, "size": 33554432}}} +{"execute": "blockdev-create", "arguments": {"job-id": "job0", "options": = {"driver": "qcow2", "encrypt": {"cipher-alg": "aes-128", "cipher-mode": "cb= c", "format": "luks", "hash-alg": "sha1", "iter-time": 10, "ivgen-alg": "pl= ain64", "ivgen-hash-alg": "md5", "key-secret": "keysec0"}, "file": {"driver= ": "file", "filename": "TEST_DIR/PID-t.qcow2"}, "size": 33554432}}} {"return": {}} {"execute": "job-dismiss", "arguments": {"id": "job0"}} {"return": {}} @@ -115,10 +115,10 @@ Format specific information: encrypt: ivgen alg: plain64 hash alg: sha1 - cipher alg: twofish-128 + cipher alg: aes-128 uuid: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX format: luks - cipher mode: ctr + cipher mode: cbc slots: [0]: active: true diff --git a/tests/qemu-iotests/210 b/tests/qemu-iotests/210 index 5a62ed4dd1..a4dcc5fe59 100755 --- a/tests/qemu-iotests/210 +++ b/tests/qemu-iotests/210 @@ -83,8 +83,8 @@ with iotests.FilePath('t.luks') as disk_path, \ }, 'size': size, 'key-secret': 'keysec0', - 'cipher-alg': 'twofish-128', - 'cipher-mode': 'ctr', + 'cipher-alg': 'aes-128', + 'cipher-mode': 'cbc', 'ivgen-alg': 'plain64', 'ivgen-hash-alg': 'md5', 'hash-alg': 'sha1', diff --git a/tests/qemu-iotests/210.out b/tests/qemu-iotests/210.out index 55c0844370..96d9f749dd 100644 --- a/tests/qemu-iotests/210.out +++ b/tests/qemu-iotests/210.out @@ -59,7 +59,7 @@ Format specific information: {"execute": "job-dismiss", "arguments": {"id": "job0"}} {"return": {}} =20 -{"execute": "blockdev-create", "arguments": {"job-id": "job0", "options": = {"cipher-alg": "twofish-128", "cipher-mode": "ctr", "driver": "luks", "file= ": {"driver": "file", "filename": "TEST_DIR/PID-t.luks"}, "hash-alg": "sha1= ", "iter-time": 10, "ivgen-alg": "plain64", "ivgen-hash-alg": "md5", "key-s= ecret": "keysec0", "size": 67108864}}} +{"execute": "blockdev-create", "arguments": {"job-id": "job0", "options": = {"cipher-alg": "aes-128", "cipher-mode": "cbc", "driver": "luks", "file": {= "driver": "file", "filename": "TEST_DIR/PID-t.luks"}, "hash-alg": "sha1", "= iter-time": 10, "ivgen-alg": "plain64", "ivgen-hash-alg": "md5", "key-secre= t": "keysec0", "size": 67108864}}} {"return": {}} {"execute": "job-dismiss", "arguments": {"id": "job0"}} {"return": {}} @@ -71,9 +71,9 @@ encrypted: yes Format specific information: ivgen alg: plain64 hash alg: sha1 - cipher alg: twofish-128 + cipher alg: aes-128 uuid: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX - cipher mode: ctr + cipher mode: cbc slots: [0]: active: true --=20 2.33.1 From nobody Sat May 18 03:21:35 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1637161983605857.6280978471975; Wed, 17 Nov 2021 07:13:03 -0800 (PST) Received: from localhost ([::1]:45508 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mnMcQ-00084N-30 for importer@patchew.org; Wed, 17 Nov 2021 10:13:02 -0500 Received: from eggs.gnu.org ([209.51.188.92]:33422) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mnMRz-0003Yt-9P for qemu-devel@nongnu.org; Wed, 17 Nov 2021 10:02:15 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]:24216) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mnMRx-0002kr-Lf for qemu-devel@nongnu.org; Wed, 17 Nov 2021 10:02:14 -0500 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-27-LJpj-mJCMaieUgi3aaQQ4g-1; Wed, 17 Nov 2021 10:02:11 -0500 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id B7D4F824F9B; Wed, 17 Nov 2021 15:02:10 +0000 (UTC) Received: from localhost (unknown [10.39.195.120]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 5855B5F4E0; Wed, 17 Nov 2021 15:02:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1637161333; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=8BXDE491rHHwtbMQyU56HEIxlr9ssJak1klcTrajC74=; b=SPrvBIS3F23qOeVQ24vo3OkA33hfsdKN+48KiOsa68E7C/+tOt9xyCSzV+pQOrQmQYl6jg TI8vr2MJHof4n1DXQRDBJR7XI4Uk2umCbDa4wsrK6piZcUof3ngJqT9LcKCAP3OFCz3Jo9 IcYbcWFteayKbLrguzcvtDL1S9v+Dpc= X-MC-Unique: LJpj-mJCMaieUgi3aaQQ4g-1 From: Hanna Reitz To: qemu-block@nongnu.org Subject: [PATCH 2/2] iotests/149: Skip on unsupported ciphers Date: Wed, 17 Nov 2021 16:01:59 +0100 Message-Id: <20211117150159.41806-3-hreitz@redhat.com> In-Reply-To: <20211117150159.41806-1-hreitz@redhat.com> References: <20211117150159.41806-1-hreitz@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=hreitz@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=hreitz@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -34 X-Spam_score: -3.5 X-Spam_bar: --- X-Spam_report: (-3.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.701, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , Hanna Reitz , qemu-devel@nongnu.org, Thomas Huth Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1637161999564100001 Content-Type: text/plain; charset="utf-8" Whenever qemu-img or qemu-io report that some cipher is unsupported, skip the whole test, because that is probably because qemu has been configured with the gnutls crypto backend. We could taylor the algorithm list to what gnutls supports, but this is a test that is run rather rarely anyway (because it requires password-less sudo), and so it seems better and easier to skip it. When this test is intentionally run to check LUKS compatibility, it seems better not to limit the algorithms but keep the list extensive. Signed-off-by: Hanna Reitz --- tests/qemu-iotests/149 | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/tests/qemu-iotests/149 b/tests/qemu-iotests/149 index 328fd05a4c..adcef86e88 100755 --- a/tests/qemu-iotests/149 +++ b/tests/qemu-iotests/149 @@ -230,6 +230,18 @@ def create_image(config, size_mb): fn.truncate(size_mb * 1024 * 1024) =20 =20 +def check_cipher_support(output): + """Check the output of qemu-img or qemu-io for mention of the respecti= ve + cipher algorithm being unsupported, and if so, skip this test. + (Returns `output` for convenience.)""" + + if 'Unsupported cipher algorithm' in output: + iotests.notrun('Unsupported cipher algorithm ' + f'{config.cipher}-{config.keylen}-{config.mode}; ' + 'consider configuring qemu with a different crypto ' + 'backend') + return output + def qemu_img_create(config, size_mb): """Create and format a disk image with LUKS using qemu-img""" =20 @@ -253,7 +265,8 @@ def qemu_img_create(config, size_mb): "%dM" % size_mb] =20 iotests.log("qemu-img " + " ".join(args), filters=3D[iotests.filter_te= st_dir]) - iotests.log(iotests.qemu_img_pipe(*args), filters=3D[iotests.filter_te= st_dir]) + iotests.log(check_cipher_support(iotests.qemu_img_pipe(*args)), + filters=3D[iotests.filter_test_dir]) =20 def qemu_io_image_args(config, dev=3DFalse): """Get the args for access an image or device with qemu-io""" @@ -279,8 +292,8 @@ def qemu_io_write_pattern(config, pattern, offset_mb, s= ize_mb, dev=3DFalse): args =3D ["-c", "write -P 0x%x %dM %dM" % (pattern, offset_mb, size_mb= )] args.extend(qemu_io_image_args(config, dev)) iotests.log("qemu-io " + " ".join(args), filters=3D[iotests.filter_tes= t_dir]) - iotests.log(iotests.qemu_io(*args), filters=3D[iotests.filter_test_dir, - iotests.filter_qemu_io]) + iotests.log(check_cipher_support(iotests.qemu_io(*args)), + filters=3D[iotests.filter_test_dir, iotests.filter_qemu_io= ]) =20 =20 def qemu_io_read_pattern(config, pattern, offset_mb, size_mb, dev=3DFalse): @@ -291,8 +304,8 @@ def qemu_io_read_pattern(config, pattern, offset_mb, si= ze_mb, dev=3DFalse): args =3D ["-c", "read -P 0x%x %dM %dM" % (pattern, offset_mb, size_mb)] args.extend(qemu_io_image_args(config, dev)) iotests.log("qemu-io " + " ".join(args), filters=3D[iotests.filter_tes= t_dir]) - iotests.log(iotests.qemu_io(*args), filters=3D[iotests.filter_test_dir, - iotests.filter_qemu_io]) + iotests.log(check_cipher_support(iotests.qemu_io(*args)), + filters=3D[iotests.filter_test_dir, iotests.filter_qemu_io= ]) =20 =20 def test_once(config, qemu_img=3DFalse): --=20 2.33.1