tests/test-luks-copy.sh

   1 #!/usr/bin/env bash
   2 # nbdkit
   3 # Copyright Red Hat
   4 #
   5 # Redistribution and use in source and binary forms, with or without
   6 # modification, are permitted provided that the following conditions are
   7 # met:
   8 #
   9 # * Redistributions of source code must retain the above copyright
  10 # notice, this list of conditions and the following disclaimer.
  11 #
  12 # * Redistributions in binary form must reproduce the above copyright
  13 # notice, this list of conditions and the following disclaimer in the
  14 # documentation and/or other materials provided with the distribution.
  15 #
  16 # * Neither the name of Red Hat nor the names of its contributors may be
  17 # used to endorse or promote products derived from this software without
  18 # specific prior written permission.
  19 #
  20 # THIS SOFTWARE IS PROVIDED BY RED HAT AND CONTRIBUTORS ''AS IS'' AND
  21 # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
  22 # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
  23 # PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RED HAT OR
  24 # CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  25 # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  26 # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
  27 # USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
  28 # ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
  29 # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
  30 # OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  31 # SUCH DAMAGE.
  32
  33 source ./functions.sh
  34 set -e
  35 set -x
  36
  37 requires_nbdcopy
  38 requires nbdsh --version
  39 requires_nbdsh_uri
  40 requires qemu-img --version
  41 requires bash -c 'qemu-img --help | grep -- --target-image-opts'
  42 requires hexdump --version
  43 requires $TRUNCATE --version
  44 requires_filter luks
  45
  46 # Test fails on macOS (darwin) because of:
  47 # qemu-img: luks-copy-zero1.img: Unsupported cipher mode xts
  48 requires_not test "$(uname)" = "Darwin"
  49
  50 encrypt_disk=luks-copy1.img
  51 plain_disk=luks-copy2.img
  52 pid=luks-copy.pid
  53 sock=$(mktemp -u /tmp/nbdkit-test-sock.XXXXXX)
  54 cleanup_fn rm -f $encrypt_disk $plain_disk $pid $sock
  55 rm -f $encrypt_disk $plain_disk $pid $sock
  56
  57 # Create an empty encrypted disk container.
  58 #
  59 # NB: This is complicated because qemu doesn't create an all-zeroes
  60 # plaintext disk for some reason when you use create -f luks.  It
  61 # starts with random plaintext.
  62 #
  63 # https://stackoverflow.com/a/44669936
  64 qemu-img create -f luks \
  65          --object secret,data=123456,id=sec0 \
  66          -o key-secret=sec0 \
  67          $encrypt_disk 1M
  68 $TRUNCATE -s 1M $plain_disk
  69 qemu-img convert --target-image-opts -n \
  70          --object secret,data=123456,id=sec0 \
  71          $plain_disk \
  72          driver=luks,file.filename=$encrypt_disk,key-secret=sec0
  73 rm $plain_disk
  74
  75 # Start nbdkit on the encrypted disk.
  76 start_nbdkit -P $pid -U $sock \
  77              file $encrypt_disk --filter=luks passphrase=123456
  78 uri="nbd+unix:///?socket=$sock"
  79
  80 # Copy the whole disk out.  It should be empty.
  81 nbdcopy -C 1 "$uri" $plain_disk
  82
  83 if [ "$(hexdump -C $plain_disk)" != '00000000  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
  84 *
  85 00100000' ]; then
  86     echo "$0: expected plaintext disk to be empty"
  87     exit 1
  88 fi
  89
  90 # Use nbdsh to overwrite with some known data and check we can read
  91 # back what we wrote.
  92 nbdsh -u "$uri" \
  93       -c 'h.pwrite(b"1"*65536, 0)' \
  94       -c 'h.pwrite(b"2"*65536, 128*1024)' \
  95       -c 'h.pwrite(b"3"*65536, 900*1024)' \
  96       -c 'buf = h.pread(65536, 0)' \
  97       -c 'assert buf == b"1"*65536' \
  98       -c 'buf = h.pread(65536, 65536)' \
  99       -c 'assert buf == bytearray(65536)' \
 100       -c 'buf = h.pread(65536, 128*1024)' \
 101       -c 'assert buf == b"2"*65536' \
 102       -c 'buf = h.pread(65536, 900*1024)' \
 103       -c 'assert buf == b"3"*65536' \
 104       -c 'h.flush()'
 105
 106 # Use qemu to copy out the whole disk.  Note we called flush() above
 107 # so the disk should be synchronised.
 108 qemu-img convert --image-opts \
 109          --object secret,data=123456,id=sec0 \
 110          driver=luks,file.filename=$encrypt_disk,key-secret=sec0 \
 111          $plain_disk
 112
 113 # Check the contents are expected.
 114 if [ "$(hexdump -C $plain_disk)" != '00000000  31 31 31 31 31 31 31 31  31 31 31 31 31 31 31 31  |1111111111111111|
 115 *
 116 00010000  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 117 *
 118 00020000  32 32 32 32 32 32 32 32  32 32 32 32 32 32 32 32  |2222222222222222|
 119 *
 120 00030000  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 121 *
 122 000e1000  33 33 33 33 33 33 33 33  33 33 33 33 33 33 33 33  |3333333333333333|
 123 *
 124 000f1000  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 125 *
 126 00100000' ]; then
 127     echo "$0: unexpected content"
 128     exit 1
 129 fi