diff options
Diffstat (limited to 'qemu/tests/qemu-iotests/149')
| -rwxr-xr-x | qemu/tests/qemu-iotests/149 | 519 |
1 files changed, 519 insertions, 0 deletions
diff --git a/qemu/tests/qemu-iotests/149 b/qemu/tests/qemu-iotests/149 new file mode 100755 index 000000000..52e23d294 --- /dev/null +++ b/qemu/tests/qemu-iotests/149 @@ -0,0 +1,519 @@ +#!/usr/bin/env python +# +# Copyright (C) 2016 Red Hat, Inc. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# +# Creator/Owner: Daniel P. Berrange <berrange@redhat.com> +# +# Exercise the QEMU 'luks' block driver to validate interoperability +# with the Linux dm-crypt + cryptsetup implementation + +import subprocess +import os +import os.path + +import base64 + +import iotests + + +class LUKSConfig(object): + """Represent configuration parameters for a single LUKS + setup to be tested""" + + def __init__(self, name, cipher, keylen, mode, ivgen, + ivgen_hash, hash, password=None, passwords=None): + + self.name = name + self.cipher = cipher + self.keylen = keylen + self.mode = mode + self.ivgen = ivgen + self.ivgen_hash = ivgen_hash + self.hash = hash + + if passwords is not None: + self.passwords = passwords + else: + self.passwords = {} + + if password is None: + self.passwords["0"] = "123456" + else: + self.passwords["0"] = password + + def __repr__(self): + return self.name + + def image_name(self): + return "luks-%s.img" % self.name + + def image_path(self): + return os.path.join(iotests.test_dir, self.image_name()) + + def device_name(self): + return "qiotest-145-%s" % self.name + + def device_path(self): + return "/dev/mapper/" + self.device_name() + + def first_password(self): + for i in range(8): + slot = str(i) + if slot in self.passwords: + return (self.passwords[slot], slot) + raise Exception("No password found") + + def first_password_base64(self): + (pw, slot) = self.first_password() + return base64.b64encode(pw) + + def active_slots(self): + slots = [] + for i in range(8): + slot = str(i) + if slot in self.passwords: + slots.append(slot) + return slots + +def verify_passwordless_sudo(): + """Check whether sudo is configured to allow + password-less access to commands""" + + args = ["sudo", "-n", "/bin/true"] + + proc = subprocess.Popen(args, + stdin=subprocess.PIPE, + stdout=subprocess.PIPE, + stderr=subprocess.STDOUT) + + msg = proc.communicate()[0] + + if proc.returncode != 0: + iotests.notrun('requires password-less sudo access: %s' % msg) + + +def cryptsetup(args, password=None): + """Run the cryptsetup command in batch mode""" + + fullargs = ["sudo", "cryptsetup", "-q", "-v"] + fullargs.extend(args) + + iotests.log(" ".join(fullargs), filters=[iotests.filter_test_dir]) + proc = subprocess.Popen(fullargs, + stdin=subprocess.PIPE, + stdout=subprocess.PIPE, + stderr=subprocess.STDOUT) + + msg = proc.communicate(password)[0] + + if proc.returncode != 0: + raise Exception(msg) + + +def cryptsetup_add_password(config, slot): + """Add another password to a LUKS key slot""" + + (password, mainslot) = config.first_password() + + pwfile = os.path.join(iotests.test_dir, "passwd.txt") + with open(pwfile, "w") as fh: + fh.write(config.passwords[slot]) + + try: + args = ["luksAddKey", config.image_path(), + "--key-slot", slot, + "--key-file", "-", + pwfile] + + cryptsetup(args, password) + finally: + os.unlink(pwfile) + + +def cryptsetup_format(config): + """Format a new LUKS volume with cryptsetup, adding the + first key slot only""" + + (password, slot) = config.first_password() + + args = ["luksFormat"] + cipher = config.cipher + "-" + config.mode + "-" + config.ivgen + if config.ivgen_hash is not None: + cipher = cipher + ":" + config.ivgen_hash + args.extend(["--cipher", cipher]) + if config.mode == "xts": + args.extend(["--key-size", str(config.keylen * 2)]) + else: + args.extend(["--key-size", str(config.keylen)]) + if config.hash is not None: + args.extend(["--hash", config.hash]) + args.extend(["--key-slot", slot]) + args.extend(["--key-file", "-"]) + args.append(config.image_path()) + + cryptsetup(args, password) + + +def chown(config): + """Set the ownership of a open LUKS device to this user""" + + path = config.device_path() + + args = ["sudo", "chown", "%d:%d" % (os.getuid(), os.getgid()), path] + iotests.log(" ".join(args), filters=[iotests.filter_chown]) + proc = subprocess.Popen(args, + stdin=subprocess.PIPE, + stdout=subprocess.PIPE, + stderr=subprocess.STDOUT) + + msg = proc.communicate()[0] + + if proc.returncode != 0: + raise Exception("Cannot change owner on %s" % path) + + +def cryptsetup_open(config): + """Open an image as a LUKS device""" + + (password, slot) = config.first_password() + + args = ["luksOpen", config.image_path(), config.device_name()] + + cryptsetup(args, password) + + +def cryptsetup_close(config): + """Close an active LUKS device """ + + args = ["luksClose", config.device_name()] + cryptsetup(args) + + +def delete_image(config): + """Delete a disk image""" + + try: + os.unlink(config.image_path()) + iotests.log("unlink %s" % config.image_path(), + filters=[iotests.filter_test_dir]) + except Exception as e: + pass + + +def create_image(config, size_mb): + """Create a bare disk image with requested size""" + + delete_image(config) + iotests.log("truncate %s --size %dMB" % (config.image_path(), size_mb), + filters=[iotests.filter_test_dir]) + with open(config.image_path(), "w") as fn: + fn.truncate(size_mb * 1024 * 1024) + + +def qemu_img_create(config, size_mb): + """Create and format a disk image with LUKS using qemu-img""" + + opts = [ + "key-secret=sec0", + "cipher-alg=%s-%d" % (config.cipher, config.keylen), + "cipher-mode=%s" % config.mode, + "ivgen-alg=%s" % config.ivgen, + "hash-alg=%s" % config.hash, + ] + if config.ivgen_hash is not None: + opts.append("ivgen-hash-alg=%s" % config.ivgen_hash) + + args = ["create", "-f", "luks", + "--object", + ("secret,id=sec0,data=%s,format=base64" % + config.first_password_base64()), + "-o", ",".join(opts), + config.image_path(), + "%dM" % size_mb] + + iotests.log("qemu-img " + " ".join(args), filters=[iotests.filter_test_dir]) + iotests.log(iotests.qemu_img_pipe(*args), filters=[iotests.filter_test_dir]) + +def qemu_io_image_args(config, dev=False): + """Get the args for access an image or device with qemu-io""" + + if dev: + return [ + "--image-opts", + "driver=file,filename=%s" % config.device_path()] + else: + return [ + "--object", + ("secret,id=sec0,data=%s,format=base64" % + config.first_password_base64()), + "--image-opts", + ("driver=luks,key-secret=sec0,file.filename=%s" % + config.image_path())] + +def qemu_io_write_pattern(config, pattern, offset_mb, size_mb, dev=False): + """Write a pattern of data to a LUKS image or device""" + + args = ["-c", "write -P 0x%x %dM %dM" % (pattern, offset_mb, size_mb)] + args.extend(qemu_io_image_args(config, dev)) + iotests.log("qemu-io " + " ".join(args), filters=[iotests.filter_test_dir]) + iotests.log(iotests.qemu_io(*args), filters=[iotests.filter_test_dir, + iotests.filter_qemu_io]) + + +def qemu_io_read_pattern(config, pattern, offset_mb, size_mb, dev=False): + """Read a pattern of data to a LUKS image or device""" + + args = ["-c", "read -P 0x%x %dM %dM" % (pattern, offset_mb, size_mb)] + args.extend(qemu_io_image_args(config, dev)) + iotests.log("qemu-io " + " ".join(args), filters=[iotests.filter_test_dir]) + iotests.log(iotests.qemu_io(*args), filters=[iotests.filter_test_dir, + iotests.filter_qemu_io]) + + +def test_once(config, qemu_img=False): + """Run the test with a desired LUKS configuration. Can either + use qemu-img for creating the initial volume, or cryptsetup, + in order to test interoperability in both directions""" + + iotests.log("# ================= %s %s =================" % ( + "qemu-img" if qemu_img else "dm-crypt", config)) + + oneKB = 1024 + oneMB = oneKB * 1024 + oneGB = oneMB * 1024 + oneTB = oneGB * 1024 + + # 4 TB, so that we pass the 32-bit sector number boundary. + # Important for testing correctness of some IV generators + # The files are sparse, so not actually using this much space + image_size = 4 * oneTB + if qemu_img: + iotests.log("# Create image") + qemu_img_create(config, image_size / oneMB) + else: + iotests.log("# Create image") + create_image(config, image_size / oneMB) + + lowOffsetMB = 100 + highOffsetMB = 3 * oneTB / oneMB + + try: + if not qemu_img: + iotests.log("# Format image") + cryptsetup_format(config) + + for slot in config.active_slots()[1:]: + iotests.log("# Add password slot %s" % slot) + cryptsetup_add_password(config, slot) + + # First we'll open the image using cryptsetup and write a + # known pattern of data that we'll then verify with QEMU + + iotests.log("# Open dev") + cryptsetup_open(config) + + try: + iotests.log("# Set dev owner") + chown(config) + + iotests.log("# Write test pattern 0xa7") + qemu_io_write_pattern(config, 0xa7, lowOffsetMB, 10, dev=True) + iotests.log("# Write test pattern 0x13") + qemu_io_write_pattern(config, 0x13, highOffsetMB, 10, dev=True) + finally: + iotests.log("# Close dev") + cryptsetup_close(config) + + # Ok, now we're using QEMU to verify the pattern just + # written via dm-crypt + + iotests.log("# Read test pattern 0xa7") + qemu_io_read_pattern(config, 0xa7, lowOffsetMB, 10, dev=False) + iotests.log("# Read test pattern 0x13") + qemu_io_read_pattern(config, 0x13, highOffsetMB, 10, dev=False) + + + # Write a new pattern to the image, which we'll later + # verify with dm-crypt + iotests.log("# Write test pattern 0x91") + qemu_io_write_pattern(config, 0x91, lowOffsetMB, 10, dev=False) + iotests.log("# Write test pattern 0x5e") + qemu_io_write_pattern(config, 0x5e, highOffsetMB, 10, dev=False) + + + # Now we're opening the image with dm-crypt once more + # and verifying what QEMU wrote, completing the circle + iotests.log("# Open dev") + cryptsetup_open(config) + + try: + iotests.log("# Set dev owner") + chown(config) + + iotests.log("# Read test pattern 0x91") + qemu_io_read_pattern(config, 0x91, lowOffsetMB, 10, dev=True) + iotests.log("# Read test pattern 0x5e") + qemu_io_read_pattern(config, 0x5e, highOffsetMB, 10, dev=True) + finally: + iotests.log("# Close dev") + cryptsetup_close(config) + finally: + iotests.log("# Delete image") + delete_image(config) + print + + +# Obviously we only work with the luks image format +iotests.verify_image_format(supported_fmts=['luks']) +iotests.verify_platform() + +# We need sudo in order to run cryptsetup to create +# dm-crypt devices. This is safe to use on any +# machine, since all dm-crypt devices are backed +# by newly created plain files, and have a dm-crypt +# name prefix of 'qiotest' to avoid clashing with +# user LUKS volumes +verify_passwordless_sudo() + + +# If we look at all permutations of cipher, key size, +# mode, ivgen, hash, there are ~1000 possible configs. +# +# We certainly don't want/need to test every permutation +# to get good validation of interoperability between QEMU +# and dm-crypt/cryptsetup. +# +# The configs below are a representative set that aim to +# exercise each axis of configurability. +# +configs = [ + # A common LUKS default + LUKSConfig("aes-256-xts-plain64-sha1", + "aes", 256, "xts", "plain64", None, "sha1"), + + + # LUKS default but diff ciphers + LUKSConfig("twofish-256-xts-plain64-sha1", + "twofish", 256, "xts", "plain64", None, "sha1"), + LUKSConfig("serpent-256-xts-plain64-sha1", + "serpent", 256, "xts", "plain64", None, "sha1"), + # Should really be xts, but kernel doesn't support xts+cast5 + # nor does it do essiv+cast5 + LUKSConfig("cast5-128-cbc-plain64-sha1", + "cast5", 128, "cbc", "plain64", None, "sha1"), + LUKSConfig("cast6-256-xts-plain64-sha1", + "cast6", 256, "xts", "plain64", None, "sha1"), + + + # LUKS default but diff modes / ivgens + LUKSConfig("aes-256-cbc-plain-sha1", + "aes", 256, "cbc", "plain", None, "sha1"), + LUKSConfig("aes-256-cbc-plain64-sha1", + "aes", 256, "cbc", "plain64", None, "sha1"), + LUKSConfig("aes-256-cbc-essiv-sha256-sha1", + "aes", 256, "cbc", "essiv", "sha256", "sha1"), + LUKSConfig("aes-256-xts-essiv-sha256-sha1", + "aes", 256, "xts", "essiv", "sha256", "sha1"), + + + # LUKS default but smaller key sizes + LUKSConfig("aes-128-xts-plain64-sha256-sha1", + "aes", 128, "xts", "plain64", None, "sha1"), + LUKSConfig("aes-192-xts-plain64-sha256-sha1", + "aes", 192, "xts", "plain64", None, "sha1"), + + LUKSConfig("twofish-128-xts-plain64-sha1", + "twofish", 128, "xts", "plain64", None, "sha1"), + LUKSConfig("twofish-192-xts-plain64-sha1", + "twofish", 192, "xts", "plain64", None, "sha1"), + + LUKSConfig("serpent-128-xts-plain64-sha1", + "serpent", 128, "xts", "plain64", None, "sha1"), + LUKSConfig("serpent-192-xts-plain64-sha1", + "serpent", 192, "xts", "plain64", None, "sha1"), + + LUKSConfig("cast6-128-xts-plain64-sha1", + "cast6", 128, "xts", "plain", None, "sha1"), + LUKSConfig("cast6-192-xts-plain64-sha1", + "cast6", 192, "xts", "plain64", None, "sha1"), + + + # LUKS default but diff hash + LUKSConfig("aes-256-xts-plain64-sha256", + "aes", 256, "xts", "plain64", None, "sha256"), + LUKSConfig("aes-256-xts-plain64-sha512", + "aes", 256, "xts", "plain64", None, "sha512"), + LUKSConfig("aes-256-xts-plain64-ripemd160", + "aes", 256, "xts", "plain64", None, "ripemd160"), + + # Password in slot 3 + LUKSConfig("aes-256-xts-plain-sha1-pwslot3", + "aes", 256, "xts", "plain", None, "sha1", + passwords={ + "3": "slot3", + }), + + # Passwords in every slot + LUKSConfig("aes-256-xts-plain-sha1-pwallslots", + "aes", 256, "xts", "plain", None, "sha1", + passwords={ + "0": "slot1", + "1": "slot1", + "2": "slot2", + "3": "slot3", + "4": "slot4", + "5": "slot5", + "6": "slot6", + "7": "slot7", + }), +] + +blacklist = [ + # We don't have a cast-6 cipher impl for QEMU yet + "cast6-256-xts-plain64-sha1", + "cast6-128-xts-plain64-sha1", + "cast6-192-xts-plain64-sha1", + + # GCrypt doesn't support Twofish with 192 bit key + "twofish-192-xts-plain64-sha1", + + # We don't have sha512 hash wired up yet + "aes-256-xts-plain64-sha512", + + # We don't have ripemd160 hash wired up yet + "aes-256-xts-plain64-ripemd160", +] + +whitelist = [] +if "LUKS_CONFIG" in os.environ: + whitelist = os.environ["LUKS_CONFIG"].split(",") + +for config in configs: + if config.name in blacklist: + iotests.log("Skipping %s in blacklist" % config.name) + continue + + if len(whitelist) > 0 and config.name not in whitelist: + iotests.log("Skipping %s not in whitelist" % config.name) + continue + + test_once(config, qemu_img=False) + + # XXX we should support setting passwords in a non-0 + # key slot with 'qemu-img create' in future + (pw, slot) = config.first_password() + if slot == "0": + test_once(config, qemu_img=True) |