From nobody Mon Feb 9 11:14:49 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1637162484460350.94769434784155; Wed, 17 Nov 2021 07:21:24 -0800 (PST) Received: from localhost ([::1]:56954 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mnMkV-0007wa-Fo for importer@patchew.org; Wed, 17 Nov 2021 10:21:23 -0500 Received: from eggs.gnu.org ([209.51.188.92]:38016) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mnMgY-0003Il-Sm for qemu-devel@nongnu.org; Wed, 17 Nov 2021 10:17:18 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]:31540) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mnMgX-0004uL-Ai for qemu-devel@nongnu.org; Wed, 17 Nov 2021 10:17:18 -0500 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-485-Ptx-60d6PBKLkLskAY3zQA-1; Wed, 17 Nov 2021 10:17:13 -0500 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 9C57A19200C1; Wed, 17 Nov 2021 15:17:12 +0000 (UTC) Received: from localhost (unknown [10.39.195.120]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 3D02319D9B; Wed, 17 Nov 2021 15:17:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1637162236; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=5n4qF2HbQ+YEnXxwp0jd86iHwmna9cL67Byg/xWP7Mc=; b=dIHS6QjXPO4CN4NWYOHw3ANw1+aCq6AGzPwVcViZUUoPDzkM5WdQT2oXkpxVLOyDQnPZi8 T7Acz/Ce8zljAGnb46v3VxElryVNPwn9mCSNZP7b33zj7nT/NnUanJUM4JSA4oMJ+3wMRm 7NFwna1PAeOshZKsw11yEDni4aS8Omc= X-MC-Unique: Ptx-60d6PBKLkLskAY3zQA-1 From: Hanna Reitz To: qemu-block@nongnu.org Subject: [PATCH v2 1/2] iotests: Use aes-128-cbc Date: Wed, 17 Nov 2021 16:17:06 +0100 Message-Id: <20211117151707.52549-2-hreitz@redhat.com> In-Reply-To: <20211117151707.52549-1-hreitz@redhat.com> References: <20211117151707.52549-1-hreitz@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=hreitz@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=hreitz@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -34 X-Spam_score: -3.5 X-Spam_bar: --- X-Spam_report: (-3.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.701, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , Hanna Reitz , =?UTF-8?q?Daniel=20P=20=2E=20Berrang=C3=A9?= , qemu-devel@nongnu.org, Thomas Huth Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1637162485092100001 Content-Type: text/plain; charset="utf-8" Our gnutls crypto backend (which is the default as of 8bd0931f6) supports neither twofish-128 nor the CTR mode. CBC and aes-128 are supported by all of our backends (as far as I can tell), so use aes-128-cbc in our iotests. (We could also use e.g. aes-256-cbc, but the different key sizes would lead to different key slot offsets and so change the reference output more, which is why I went with aes-128.) Signed-off-by: Hanna Reitz Tested-by: Thomas Huth --- tests/qemu-iotests/206 | 4 ++-- tests/qemu-iotests/206.out | 6 +++--- tests/qemu-iotests/210 | 4 ++-- tests/qemu-iotests/210.out | 6 +++--- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/tests/qemu-iotests/206 b/tests/qemu-iotests/206 index c3cdad4ce4..10eff343f7 100755 --- a/tests/qemu-iotests/206 +++ b/tests/qemu-iotests/206 @@ -162,8 +162,8 @@ with iotests.FilePath('t.qcow2') as disk_path, \ 'encrypt': { 'format': 'luks', 'key-secret': 'keysec0', - 'cipher-alg': 'twofish-128', - 'cipher-mode': 'ctr', + 'cipher-alg': 'aes-128', + 'cipher-mode': 'cbc', 'ivgen-alg': 'plain64', 'ivgen-hash-alg': 'md5', 'hash-alg': 'sha1', diff --git a/tests/qemu-iotests/206.out b/tests/qemu-iotests/206.out index 3593e8e9c2..80cd274223 100644 --- a/tests/qemu-iotests/206.out +++ b/tests/qemu-iotests/206.out @@ -97,7 +97,7 @@ Format specific information: =20 =3D=3D=3D Successful image creation (encrypted) =3D=3D=3D =20 -{"execute": "blockdev-create", "arguments": {"job-id": "job0", "options": = {"driver": "qcow2", "encrypt": {"cipher-alg": "twofish-128", "cipher-mode":= "ctr", "format": "luks", "hash-alg": "sha1", "iter-time": 10, "ivgen-alg":= "plain64", "ivgen-hash-alg": "md5", "key-secret": "keysec0"}, "file": {"dr= iver": "file", "filename": "TEST_DIR/PID-t.qcow2"}, "size": 33554432}}} +{"execute": "blockdev-create", "arguments": {"job-id": "job0", "options": = {"driver": "qcow2", "encrypt": {"cipher-alg": "aes-128", "cipher-mode": "cb= c", "format": "luks", "hash-alg": "sha1", "iter-time": 10, "ivgen-alg": "pl= ain64", "ivgen-hash-alg": "md5", "key-secret": "keysec0"}, "file": {"driver= ": "file", "filename": "TEST_DIR/PID-t.qcow2"}, "size": 33554432}}} {"return": {}} {"execute": "job-dismiss", "arguments": {"id": "job0"}} {"return": {}} @@ -115,10 +115,10 @@ Format specific information: encrypt: ivgen alg: plain64 hash alg: sha1 - cipher alg: twofish-128 + cipher alg: aes-128 uuid: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX format: luks - cipher mode: ctr + cipher mode: cbc slots: [0]: active: true diff --git a/tests/qemu-iotests/210 b/tests/qemu-iotests/210 index 5a62ed4dd1..a4dcc5fe59 100755 --- a/tests/qemu-iotests/210 +++ b/tests/qemu-iotests/210 @@ -83,8 +83,8 @@ with iotests.FilePath('t.luks') as disk_path, \ }, 'size': size, 'key-secret': 'keysec0', - 'cipher-alg': 'twofish-128', - 'cipher-mode': 'ctr', + 'cipher-alg': 'aes-128', + 'cipher-mode': 'cbc', 'ivgen-alg': 'plain64', 'ivgen-hash-alg': 'md5', 'hash-alg': 'sha1', diff --git a/tests/qemu-iotests/210.out b/tests/qemu-iotests/210.out index 55c0844370..96d9f749dd 100644 --- a/tests/qemu-iotests/210.out +++ b/tests/qemu-iotests/210.out @@ -59,7 +59,7 @@ Format specific information: {"execute": "job-dismiss", "arguments": {"id": "job0"}} {"return": {}} =20 -{"execute": "blockdev-create", "arguments": {"job-id": "job0", "options": = {"cipher-alg": "twofish-128", "cipher-mode": "ctr", "driver": "luks", "file= ": {"driver": "file", "filename": "TEST_DIR/PID-t.luks"}, "hash-alg": "sha1= ", "iter-time": 10, "ivgen-alg": "plain64", "ivgen-hash-alg": "md5", "key-s= ecret": "keysec0", "size": 67108864}}} +{"execute": "blockdev-create", "arguments": {"job-id": "job0", "options": = {"cipher-alg": "aes-128", "cipher-mode": "cbc", "driver": "luks", "file": {= "driver": "file", "filename": "TEST_DIR/PID-t.luks"}, "hash-alg": "sha1", "= iter-time": 10, "ivgen-alg": "plain64", "ivgen-hash-alg": "md5", "key-secre= t": "keysec0", "size": 67108864}}} {"return": {}} {"execute": "job-dismiss", "arguments": {"id": "job0"}} {"return": {}} @@ -71,9 +71,9 @@ encrypted: yes Format specific information: ivgen alg: plain64 hash alg: sha1 - cipher alg: twofish-128 + cipher alg: aes-128 uuid: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX - cipher mode: ctr + cipher mode: cbc slots: [0]: active: true --=20 2.33.1 From nobody Mon Feb 9 11:14:49 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1637162380695932.6676664638095; Wed, 17 Nov 2021 07:19:40 -0800 (PST) Received: from localhost ([::1]:53676 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mnMip-0005Z5-Ow for importer@patchew.org; Wed, 17 Nov 2021 10:19:39 -0500 Received: from eggs.gnu.org ([209.51.188.92]:38074) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mnMgg-0003Tn-KH for qemu-devel@nongnu.org; Wed, 17 Nov 2021 10:17:26 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:44188) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mnMgf-0004v3-3D for qemu-devel@nongnu.org; Wed, 17 Nov 2021 10:17:26 -0500 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-412-kaIMpFXcNH-AyJTySs4YIQ-1; Wed, 17 Nov 2021 10:17:18 -0500 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 3EFAAA40C1; Wed, 17 Nov 2021 15:17:17 +0000 (UTC) Received: from localhost (unknown [10.39.195.120]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 8012F1F450; Wed, 17 Nov 2021 15:17:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1637162241; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=YjWqTZ9WqnWnWOQIRXBDxC4j5StRT3e4uMKPQWMjPbU=; b=GrKJsIxCfbGm4YP5kY1kdFVMt29bD4acqRNvcNen5IEFhOb/eaIu+CORbH13OvAIIteK14 G5vv0lKyJHYCfuRouD+JsLsuM53sV/fw1XNRLT9PDK0JzZG2JkBgSiXdZQTizZcUCx5vtG SCBWURtXoqPpu9LKl4NsC6/WDnxh1gU= X-MC-Unique: kaIMpFXcNH-AyJTySs4YIQ-1 From: Hanna Reitz To: qemu-block@nongnu.org Subject: [PATCH v2 2/2] iotests/149: Skip on unsupported ciphers Date: Wed, 17 Nov 2021 16:17:07 +0100 Message-Id: <20211117151707.52549-3-hreitz@redhat.com> In-Reply-To: <20211117151707.52549-1-hreitz@redhat.com> References: <20211117151707.52549-1-hreitz@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=hreitz@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=hreitz@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -34 X-Spam_score: -3.5 X-Spam_bar: --- X-Spam_report: (-3.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.701, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , Hanna Reitz , =?UTF-8?q?Daniel=20P=20=2E=20Berrang=C3=A9?= , qemu-devel@nongnu.org, Thomas Huth Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1637162382035100001 Content-Type: text/plain; charset="utf-8" Whenever qemu-img or qemu-io report that some cipher is unsupported, skip the whole test, because that is probably because qemu has been configured with the gnutls crypto backend. We could taylor the algorithm list to what gnutls supports, but this is a test that is run rather rarely anyway (because it requires password-less sudo), and so it seems better and easier to skip it. When this test is intentionally run to check LUKS compatibility, it seems better not to limit the algorithms but keep the list extensive. Signed-off-by: Hanna Reitz Reviewed-by: Daniel P. Berrang=C3=A9 --- tests/qemu-iotests/149 | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/tests/qemu-iotests/149 b/tests/qemu-iotests/149 index 328fd05a4c..d49646ca60 100755 --- a/tests/qemu-iotests/149 +++ b/tests/qemu-iotests/149 @@ -230,6 +230,18 @@ def create_image(config, size_mb): fn.truncate(size_mb * 1024 * 1024) =20 =20 +def check_cipher_support(config, output): + """Check the output of qemu-img or qemu-io for mention of the respecti= ve + cipher algorithm being unsupported, and if so, skip this test. + (Returns `output` for convenience.)""" + + if 'Unsupported cipher algorithm' in output: + iotests.notrun('Unsupported cipher algorithm ' + f'{config.cipher}-{config.keylen}-{config.mode}; ' + 'consider configuring qemu with a different crypto ' + 'backend') + return output + def qemu_img_create(config, size_mb): """Create and format a disk image with LUKS using qemu-img""" =20 @@ -253,7 +265,8 @@ def qemu_img_create(config, size_mb): "%dM" % size_mb] =20 iotests.log("qemu-img " + " ".join(args), filters=3D[iotests.filter_te= st_dir]) - iotests.log(iotests.qemu_img_pipe(*args), filters=3D[iotests.filter_te= st_dir]) + iotests.log(check_cipher_support(config, iotests.qemu_img_pipe(*args)), + filters=3D[iotests.filter_test_dir]) =20 def qemu_io_image_args(config, dev=3DFalse): """Get the args for access an image or device with qemu-io""" @@ -279,8 +292,8 @@ def qemu_io_write_pattern(config, pattern, offset_mb, s= ize_mb, dev=3DFalse): args =3D ["-c", "write -P 0x%x %dM %dM" % (pattern, offset_mb, size_mb= )] args.extend(qemu_io_image_args(config, dev)) iotests.log("qemu-io " + " ".join(args), filters=3D[iotests.filter_tes= t_dir]) - iotests.log(iotests.qemu_io(*args), filters=3D[iotests.filter_test_dir, - iotests.filter_qemu_io]) + iotests.log(check_cipher_support(config, iotests.qemu_io(*args)), + filters=3D[iotests.filter_test_dir, iotests.filter_qemu_io= ]) =20 =20 def qemu_io_read_pattern(config, pattern, offset_mb, size_mb, dev=3DFalse): @@ -291,8 +304,8 @@ def qemu_io_read_pattern(config, pattern, offset_mb, si= ze_mb, dev=3DFalse): args =3D ["-c", "read -P 0x%x %dM %dM" % (pattern, offset_mb, size_mb)] args.extend(qemu_io_image_args(config, dev)) iotests.log("qemu-io " + " ".join(args), filters=3D[iotests.filter_tes= t_dir]) - iotests.log(iotests.qemu_io(*args), filters=3D[iotests.filter_test_dir, - iotests.filter_qemu_io]) + iotests.log(check_cipher_support(config, iotests.qemu_io(*args)), + filters=3D[iotests.filter_test_dir, iotests.filter_qemu_io= ]) =20 =20 def test_once(config, qemu_img=3DFalse): --=20 2.33.1