qemu-e2k/tests/qemu-iotests/210
Hanna Reitz cb5a24d7f6 iotests: Use aes-128-cbc
Our gnutls crypto backend (which is the default as of 8bd0931f6)
supports neither twofish-128 nor the CTR mode.  CBC and aes-128 are
supported by all of our backends (as far as I can tell), so use
aes-128-cbc in our iotests.

(We could also use e.g. aes-256-cbc, but the different key sizes would
lead to different key slot offsets and so change the reference output
more, which is why I went with aes-128.)

Signed-off-by: Hanna Reitz <hreitz@redhat.com>
Message-Id: <20211117151707.52549-2-hreitz@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Tested-by: Thomas Huth <thuth@redhat.com>
2021-11-23 15:39:12 +01:00

180 lines
5.9 KiB
Python
Executable File

#!/usr/bin/env python3
# group: rw
#
# Test luks and file image creation
#
# Copyright (C) 2018 Red Hat, Inc.
#
# Creator/Owner: Kevin Wolf <kwolf@redhat.com>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
import iotests
from iotests import imgfmt
iotests.script_initialize(
supported_fmts=['luks'],
supported_protocols=['file'],
)
with iotests.FilePath('t.luks') as disk_path, \
iotests.VM() as vm:
vm.add_object('secret,id=keysec0,data=foo')
#
# Successful image creation (defaults)
#
iotests.log("=== Successful image creation (defaults) ===")
iotests.log("")
size = 128 * 1024 * 1024
vm.launch()
vm.blockdev_create({ 'driver': 'file',
'filename': disk_path,
'size': 0 })
vm.qmp_log('blockdev-add', driver='file', filename=disk_path,
node_name='imgfile', filters=[iotests.filter_qmp_testfiles])
vm.blockdev_create({ 'driver': imgfmt,
'file': 'imgfile',
'key-secret': 'keysec0',
'size': size,
'iter-time': 10 })
vm.shutdown()
# TODO Proper support for images to be used with imgopts and/or protocols
iotests.img_info_log(
'driver=luks,file.driver=file,file.filename=%s,key-secret=keysec0' % (disk_path),
filter_path=disk_path,
extra_args=['--object', 'secret,id=keysec0,data=foo'],
imgopts=True)
#
# Successful image creation (with non-default options)
#
iotests.log("=== Successful image creation (with non-default options) ===")
iotests.log("")
size = 64 * 1024 * 1024
vm.launch()
vm.blockdev_create({ 'driver': 'file',
'filename': disk_path,
'size': 0 })
vm.blockdev_create({ 'driver': imgfmt,
'file': {
'driver': 'file',
'filename': disk_path,
},
'size': size,
'key-secret': 'keysec0',
'cipher-alg': 'aes-128',
'cipher-mode': 'cbc',
'ivgen-alg': 'plain64',
'ivgen-hash-alg': 'md5',
'hash-alg': 'sha1',
'iter-time': 10 })
vm.shutdown()
# TODO Proper support for images to be used with imgopts and/or protocols
iotests.img_info_log(
'driver=luks,file.driver=file,file.filename=%s,key-secret=keysec0' % (disk_path),
filter_path=disk_path,
extra_args=['--object', 'secret,id=keysec0,data=foo'],
imgopts=True)
#
# Invalid BlockdevRef
#
iotests.log("=== Invalid BlockdevRef ===")
iotests.log("")
size = 64 * 1024 * 1024
vm.launch()
vm.blockdev_create({ 'driver': imgfmt,
'file': "this doesn't exist",
'size': size })
vm.shutdown()
#
# Zero size
#
iotests.log("=== Zero size ===")
iotests.log("")
vm.add_blockdev('driver=file,filename=%s,node-name=node0' % (disk_path))
vm.launch()
vm.blockdev_create({ 'driver': imgfmt,
'file': 'node0',
'key-secret': 'keysec0',
'size': 0,
'iter-time': 10 })
vm.shutdown()
# TODO Proper support for images to be used with imgopts and/or protocols
iotests.img_info_log(
'driver=luks,file.driver=file,file.filename=%s,key-secret=keysec0' % (disk_path),
filter_path=disk_path,
extra_args=['--object', 'secret,id=keysec0,data=foo'],
imgopts=True)
#
# Invalid sizes
#
# TODO Negative image sizes aren't handled correctly, but this is a problem
# with QAPI's implementation of the 'size' type and affects other commands as
# well. Once this is fixed, we may want to add a test case here.
# 1. 2^64 - 512
# 2. 2^63 = 8 EB (qemu-img enforces image sizes less than this)
# 3. 2^63 - 512 (generally valid, but with the crypto header the file will
# exceed 63 bits)
iotests.log("=== Invalid sizes ===")
iotests.log("")
vm.launch()
for size in [ 18446744073709551104, 9223372036854775808, 9223372036854775296 ]:
vm.blockdev_create({ 'driver': imgfmt,
'file': 'node0',
'key-secret': 'keysec0',
'size': size })
vm.shutdown()
#
# Resize image with invalid sizes
#
iotests.log("=== Resize image with invalid sizes ===")
iotests.log("")
vm.add_blockdev('driver=luks,file=node0,key-secret=keysec0,node-name=node1')
vm.launch()
vm.qmp_log('block_resize', node_name='node1', size=9223372036854775296)
vm.qmp_log('block_resize', node_name='node1', size=9223372036854775808)
vm.qmp_log('block_resize', node_name='node1', size=18446744073709551104)
vm.qmp_log('block_resize', node_name='node1', size=-9223372036854775808)
vm.shutdown()
# TODO Proper support for images to be used with imgopts and/or protocols
iotests.img_info_log(
'driver=luks,file.driver=file,file.filename=%s,key-secret=keysec0' % (disk_path),
filter_path=disk_path,
extra_args=['--object', 'secret,id=keysec0,data=foo'],
imgopts=True)