server/crypto.c: Improve error messages in crypto_send
[nbdkit.git] / tests / test-tls-fallback.sh
blob191d97f00780168285c2f76185c17eeb09cff506
1 #!/usr/bin/env bash
2 # nbdkit
3 # Copyright Red Hat
5 # Redistribution and use in source and binary forms, with or without
6 # modification, are permitted provided that the following conditions are
7 # met:
9 # * Redistributions of source code must retain the above copyright
10 # notice, this list of conditions and the following disclaimer.
12 # * Redistributions in binary form must reproduce the above copyright
13 # notice, this list of conditions and the following disclaimer in the
14 # documentation and/or other materials provided with the distribution.
16 # * Neither the name of Red Hat nor the names of its contributors may be
17 # used to endorse or promote products derived from this software without
18 # specific prior written permission.
20 # THIS SOFTWARE IS PROVIDED BY RED HAT AND CONTRIBUTORS ''AS IS'' AND
21 # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
22 # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
23 # PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RED HAT OR
24 # CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
25 # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
26 # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
27 # USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
28 # ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
29 # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
30 # OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 # SUCH DAMAGE.
33 source ./functions.sh
34 set -e
35 set -x
37 requires_plugin sh
38 requires nbdsh -c 'print(h.set_full_info)' -c 'exit(not h.supports_tls())'
39 requires dd iflag=count_bytes </dev/null
40 requires dd iflag=skip_bytes </dev/null
42 # Does the nbdkit binary support TLS?
43 if ! nbdkit --dump-config | grep -sq tls=yes; then
44 echo "$0: nbdkit built without TLS support"
45 exit 77
48 # Did we create the PSK keys file?
49 # Probably 'certtool' is missing.
50 if [ ! -s keys.psk ]; then
51 echo "$0: PSK keys file was not created by the test harness"
52 exit 77
55 export sock=$(mktemp -u /tmp/nbdkit-test-sock.XXXXXX)
56 pid="tls-fallback.pid"
58 files="$sock $pid"
59 rm -f $files
60 cleanup_fn rm -f $files
62 # Run dual-mode server
63 start_nbdkit -P $pid -U $sock \
64 --tls=on --tls-psk=keys.psk -D nbdkit.tls.session=1 \
65 --filter=tls-fallback sh - tlsreadme=$'dummy\n' <<\EOF
66 check () {
67 if test "$1" != true; then
68 echo 'EINVAL unexpected tls mode' 2>&1; exit 1
71 case $1 in
72 list_exports) check "$3"; echo INTERLEAVED
73 echo hello; echo world
74 echo world; echo tour ;;
75 default_export) check "$3"; echo hello ;;
76 open) check "$4"; echo $3 ;;
77 export_description) echo "=$2=" ;;
78 get_size) echo "$2" | wc -c ;;
79 pread) echo "$2" | dd skip=$4 count=$3 iflag=skip_bytes,count_bytes ;;
80 can_write | can_trim) exit 0 ;;
81 *) exit 2 ;;
82 esac
83 EOF
85 # Plaintext client sees only dummy volume
86 nbdsh -c '
87 import os
89 def f(name, desc):
90 assert name == ""
91 assert desc == ""
93 h.set_opt_mode(True)
94 h.set_full_info(True)
95 h.connect_unix(os.environ["sock"])
96 assert h.opt_list(f) == 1
97 h.opt_info()
98 assert h.get_canonical_export_name() == ""
99 try:
100 h.get_export_description()
101 assert False
102 except nbd.Error:
103 pass
104 h.set_export_name("hello")
105 h.opt_go()
106 assert h.get_size() == 512
107 assert not h.can_trim()
108 assert h.pread(5, 0) == b"dummy"
111 # Encrypted client sees desired volumes
112 nbdsh -c '
113 import os
115 def f(name, desc):
116 if name == "hello":
117 assert desc == "world"
118 elif name == "world":
119 assert desc == "tour"
120 else:
121 assert False
123 h.set_opt_mode(True)
124 h.set_full_info(True)
125 h.set_tls(nbd.TLS_REQUIRE)
126 h.set_tls_psk_file("keys.psk")
127 h.set_tls_username("qemu")
128 h.connect_unix(os.environ["sock"])
129 assert h.opt_list(f) == 2
130 h.opt_info()
131 assert h.get_canonical_export_name() == "hello"
132 assert h.get_export_description() == "=hello="
133 h.opt_go()
134 assert h.get_size() == 6
135 assert h.can_trim()
136 assert h.pread(5, 0) == b"hello"