qemu/tests/qemu-iotests/189

#!/bin/bash
#
# Test encrypted read/write using backing files
#
# Copyright (C) 2017 Red Hat, Inc.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.
#

# creator
owner=berrange@redhat.com

seq=`basename $0`
echo "QA output created by $seq"

here=`pwd`
status=1	# failure is the default!

_cleanup()
{
	_cleanup_test_img
}
trap "_cleanup; exit \$status" 0 1 2 3 15

# get standard environment, filters and checks
. ./common.rc
. ./common.filter

_supported_fmt qcow2
_supported_proto generic
_supported_os Linux


size=16M
TEST_IMG_BASE=$TEST_IMG.base
SECRET0="secret,id=sec0,data=astrochicken"
SECRET1="secret,id=sec1,data=furby"

TEST_IMG_SAVE=$TEST_IMG
TEST_IMG=$TEST_IMG_BASE
echo "== create base =="
_make_test_img --object $SECRET0 -o "encrypt.format=luks,encrypt.key-secret=sec0,encrypt.iter-time=10" $size
TEST_IMG=$TEST_IMG_SAVE

IMGSPECBASE="driver=$IMGFMT,file.filename=$TEST_IMG_BASE,encrypt.key-secret=sec0"
IMGSPEC="driver=$IMGFMT,file.filename=$TEST_IMG,backing.driver=$IMGFMT,backing.file.filename=$TEST_IMG_BASE,backing.encrypt.key-secret=sec0,encrypt.key-secret=sec1"
QEMU_IO_OPTIONS=$QEMU_IO_OPTIONS_NO_FMT

echo
echo "== writing whole image =="
$QEMU_IO --object $SECRET0 -c "write -P 0xa 0 $size" --image-opts $IMGSPECBASE | _filter_qemu_io | _filter_testdir

echo
echo "== verify pattern =="
$QEMU_IO --object $SECRET0 -c "read -P 0xa 0 $size" --image-opts $IMGSPECBASE | _filter_qemu_io | _filter_testdir

echo "== create overlay =="
_make_test_img --object $SECRET1 -o "encrypt.format=luks,encrypt.key-secret=sec1,encrypt.iter-time=10" -u -b "$TEST_IMG_BASE" $size

echo
echo "== writing part of a cluster =="
$QEMU_IO --object $SECRET0 --object $SECRET1 -c "write -P 0xe 0 1024" --image-opts $IMGSPEC | _filter_qemu_io | _filter_testdir

echo
echo "== verify pattern =="
$QEMU_IO --object $SECRET0 --object $SECRET1 -c "read -P 0xe 0 1024" --image-opts $IMGSPEC | _filter_qemu_io | _filter_testdir
echo
echo "== verify pattern =="
$QEMU_IO --object $SECRET0 --object $SECRET1 -c "read -P 0xa 1024 64512" --image-opts $IMGSPEC | _filter_qemu_io | _filter_testdir


# success, all done
echo "*** done"
rm -f $seq.full
status=0
qcow2: add iotests to cover LUKS encryption support This extends the 087 iotest to cover LUKS encryption when doing blockdev-add. Two further tests are added to validate read/write of LUKS encrypted images with a single file and with a backing file. Reviewed-by: Alberto Garcia <berto@igalia.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Message-id: 20170623162419.26068-15-berrange@redhat.com Signed-off-by: Max Reitz <mreitz@redhat.com> 2017-06-23 17:24:13 +01:00			`#!/bin/bash`
			`#`
			`# Test encrypted read/write using backing files`
			`#`
			`# Copyright (C) 2017 Red Hat, Inc.`
			`#`
			`# This program is free software; you can redistribute it and/or modify`
			`# it under the terms of the GNU General Public License as published by`
			`# the Free Software Foundation; either version 2 of the License, or`
			`# (at your option) any later version.`
			`#`
			`# This program is distributed in the hope that it will be useful,`
			`# but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`# GNU General Public License for more details.`
			`#`
			`# You should have received a copy of the GNU General Public License`
			`# along with this program. If not, see <http://www.gnu.org/licenses/>.`
			`#`

			`# creator`
			`owner=berrange@redhat.com`

			seq=`basename $0`
			`echo "QA output created by $seq"`

			here=`pwd`
			`status=1 # failure is the default!`

			`_cleanup()`
			`{`
			`_cleanup_test_img`
			`}`
			`trap "_cleanup; exit \$status" 0 1 2 3 15`

			`# get standard environment, filters and checks`
			`. ./common.rc`
			`. ./common.filter`

			`_supported_fmt qcow2`
			`_supported_proto generic`
			`_supported_os Linux`


			`size=16M`
			`TEST_IMG_BASE=$TEST_IMG.base`
			`SECRET0="secret,id=sec0,data=astrochicken"`
			`SECRET1="secret,id=sec1,data=furby"`

			`TEST_IMG_SAVE=$TEST_IMG`
			`TEST_IMG=$TEST_IMG_BASE`
			`echo "== create base =="`
			`_make_test_img --object $SECRET0 -o "encrypt.format=luks,encrypt.key-secret=sec0,encrypt.iter-time=10" $size`
			`TEST_IMG=$TEST_IMG_SAVE`

			`IMGSPECBASE="driver=$IMGFMT,file.filename=$TEST_IMG_BASE,encrypt.key-secret=sec0"`
			`IMGSPEC="driver=$IMGFMT,file.filename=$TEST_IMG,backing.driver=$IMGFMT,backing.file.filename=$TEST_IMG_BASE,backing.encrypt.key-secret=sec0,encrypt.key-secret=sec1"`
			`QEMU_IO_OPTIONS=$QEMU_IO_OPTIONS_NO_FMT`

			`echo`
			`echo "== writing whole image =="`
			`$QEMU_IO --object $SECRET0 -c "write -P 0xa 0 $size" --image-opts $IMGSPECBASE \| _filter_qemu_io \| _filter_testdir`

			`echo`
			`echo "== verify pattern =="`
			`$QEMU_IO --object $SECRET0 -c "read -P 0xa 0 $size" --image-opts $IMGSPECBASE \| _filter_qemu_io \| _filter_testdir`

			`echo "== create overlay =="`
qemu-img: Check for backing image if specified during create Or, rather, force the open of a backing image if one was specified for creation. Using a similar -unsafe option as rebase, allow qemu-img to ignore the backing file validation if possible. It may not always be possible, as in the existing case when a filesize for the new image was not specified. This is accomplished by shifting around the conditionals in bdrv_img_create, such that a backing file is always opened unless we provide BDRV_O_NO_BACKING. qemu-img is adjusted to pass this new flag when -u is provided to create. Sorry for the heinous looking diffstat, but it's mostly whitespace. Inspired by: https://bugzilla.redhat.com/show_bug.cgi?id=1213786 Signed-off-by: John Snow <jsnow@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com> 2017-07-17 20:34:22 -04:00			`_make_test_img --object $SECRET1 -o "encrypt.format=luks,encrypt.key-secret=sec1,encrypt.iter-time=10" -u -b "$TEST_IMG_BASE" $size`
qcow2: add iotests to cover LUKS encryption support This extends the 087 iotest to cover LUKS encryption when doing blockdev-add. Two further tests are added to validate read/write of LUKS encrypted images with a single file and with a backing file. Reviewed-by: Alberto Garcia <berto@igalia.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Message-id: 20170623162419.26068-15-berrange@redhat.com Signed-off-by: Max Reitz <mreitz@redhat.com> 2017-06-23 17:24:13 +01:00
			`echo`
			`echo "== writing part of a cluster =="`
			`$QEMU_IO --object $SECRET0 --object $SECRET1 -c "write -P 0xe 0 1024" --image-opts $IMGSPEC \| _filter_qemu_io \| _filter_testdir`

			`echo`
			`echo "== verify pattern =="`
			`$QEMU_IO --object $SECRET0 --object $SECRET1 -c "read -P 0xe 0 1024" --image-opts $IMGSPEC \| _filter_qemu_io \| _filter_testdir`
			`echo`
			`echo "== verify pattern =="`
			`$QEMU_IO --object $SECRET0 --object $SECRET1 -c "read -P 0xa 1024 64512" --image-opts $IMGSPEC \| _filter_qemu_io \| _filter_testdir`


			`# success, all done`
			`echo "*** done"`
			`rm -f $seq.full`
			`status=0`