search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
scripts: kernel-doc: allow passing desired Sphinx C domain dialect
[qemu/ar7.git] / tests / qemu-iotests / 293
blobf86fe3b41375f99e433079f690e984fc342400e4
1 #!/usr/bin/env bash
2 #
3 # Test encryption key management with luks
4 # Based on 134
5 #
6 # Copyright (C) 2019 Red Hat, Inc.
7 #
8 # This program is free software; you can redistribute it and/or modify
9 # it under the terms of the GNU General Public License as published by
10 # the Free Software Foundation; either version 2 of the License, or
11 # (at your option) any later version.
12 #
13 # This program is distributed in the hope that it will be useful,
14 # but WITHOUT ANY WARRANTY; without even the implied warranty of
15 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 # GNU General Public License for more details.
17 #
18 # You should have received a copy of the GNU General Public License
19 # along with this program. If not, see <http://www.gnu.org/licenses/>.
20 #
21
22 # creator
23 owner=mlevitsk@redhat.com
24
25 seq=`basename $0`
26 echo "QA output created by $seq"
27
28 status=1 # failure is the default!
29
30 _cleanup()
31 {
32 _cleanup_test_img
33 }
34 trap "_cleanup; exit \$status" 0 1 2 3 15
35
36 # get standard environment, filters and checks
37 . ./common.rc
38 . ./common.filter
39
40 _supported_fmt qcow2 luks
41 _supported_proto file #TODO
42 _require_working_luks
43
44 QEMU_IO_OPTIONS=$QEMU_IO_OPTIONS_NO_FMT
45
46 if [ "$IMGFMT" = "qcow2" ] ; then
47 PR="encrypt."
48 EXTRA_IMG_ARGS="-o encrypt.format=luks"
49 fi
50
51
52 # secrets: you are supposed to see the password as *******, see :-)
53 S0="--object secret,id=sec0,data=hunter0"
54 S1="--object secret,id=sec1,data=hunter1"
55 S2="--object secret,id=sec2,data=hunter2"
56 S3="--object secret,id=sec3,data=hunter3"
57 S4="--object secret,id=sec4,data=hunter4"
58 SECRETS="$S0 $S1 $S2 $S3 $S4"
59
60 # image with given secret
61 IMGS0="--image-opts driver=$IMGFMT,file.filename=$TEST_IMG,${PR}key-secret=sec0"
62 IMGS1="--image-opts driver=$IMGFMT,file.filename=$TEST_IMG,${PR}key-secret=sec1"
63 IMGS2="--image-opts driver=$IMGFMT,file.filename=$TEST_IMG,${PR}key-secret=sec2"
64 IMGS3="--image-opts driver=$IMGFMT,file.filename=$TEST_IMG,${PR}key-secret=sec3"
65 IMGS4="--image-opts driver=$IMGFMT,file.filename=$TEST_IMG,${PR}key-secret=sec4"
66
67
68 echo "== creating a test image =="
69 _make_test_img $S0 $EXTRA_IMG_ARGS -o ${PR}key-secret=sec0,${PR}iter-time=10 32M
70
71 echo
72 echo "== test that key 0 opens the image =="
73 $QEMU_IO $S0 -c "read 0 4096" $IMGS0 | _filter_qemu_io | _filter_testdir
74
75 echo
76 echo "== adding a password to slot 4 =="
77 $QEMU_IMG amend $SECRETS $IMGS0 -o ${PR}state=active,${PR}new-secret=sec4,${PR}iter-time=10,${PR}keyslot=4
78 echo "== adding a password to slot 1 =="
79 $QEMU_IMG amend $SECRETS $IMGS0 -o ${PR}state=active,${PR}new-secret=sec1,${PR}iter-time=10
80 echo "== adding a password to slot 3 =="
81 $QEMU_IMG amend $SECRETS $IMGS1 -o ${PR}state=active,${PR}new-secret=sec3,${PR}iter-time=10,${PR}keyslot=3
82
83 echo "== adding a password to slot 2 =="
84 $QEMU_IMG amend $SECRETS $IMGS3 -o ${PR}state=active,${PR}new-secret=sec2,${PR}iter-time=10
85
86
87 echo "== erase slot 4 =="
88 $QEMU_IMG amend $SECRETS $IMGS1 -o ${PR}state=inactive,${PR}keyslot=4 | _filter_img_create
89
90
91 echo
92 echo "== all secrets should work =="
93 for IMG in "$IMGS0" "$IMGS1" "$IMGS2" "$IMGS3"; do
94 $QEMU_IO $SECRETS -c "read 0 4096" $IMG | _filter_qemu_io | _filter_testdir
95 done
96
97 echo
98 echo "== erase slot 0 and try it =="
99 $QEMU_IMG amend $SECRETS $IMGS1 -o ${PR}state=inactive,${PR}old-secret=sec0 | _filter_img_create
100 $QEMU_IO $SECRETS -c "read 0 4096" $IMGS0 | _filter_qemu_io | _filter_testdir
101
102 echo
103 echo "== erase slot 2 and try it =="
104 $QEMU_IMG amend $SECRETS $IMGS1 -o ${PR}state=inactive,${PR}keyslot=2 | _filter_img_create
105 $QEMU_IO $SECRETS -c "read 0 4096" $IMGS2 | _filter_qemu_io | _filter_testdir
106
107
108 # at this point slots 1 and 3 should be active
109
110 echo
111 echo "== filling 4 slots with secret 2 =="
112 for ((i = 0; i < 4; i++)); do
113 $QEMU_IMG amend $SECRETS $IMGS3 -o ${PR}state=active,${PR}new-secret=sec2,${PR}iter-time=10
114 done
115
116 echo
117 echo "== adding secret 0 =="
118 $QEMU_IMG amend $SECRETS $IMGS3 -o ${PR}state=active,${PR}new-secret=sec0,${PR}iter-time=10
119
120 echo
121 echo "== adding secret 3 (last slot) =="
122 $QEMU_IMG amend $SECRETS $IMGS3 -o ${PR}state=active,${PR}new-secret=sec3,${PR}iter-time=10
123
124 echo
125 echo "== trying to add another slot (should fail) =="
126 $QEMU_IMG amend $SECRETS $IMGS2 -o ${PR}state=active,${PR}new-secret=sec3,${PR}iter-time=10
127
128 echo
129 echo "== all secrets should work again =="
130 for IMG in "$IMGS0" "$IMGS1" "$IMGS2" "$IMGS3"; do
131 $QEMU_IO $SECRETS -c "read 0 4096" $IMG | _filter_qemu_io | _filter_testdir
132 done
133
134
135 echo
136
137 echo "== erase all keys of secret 2=="
138 $QEMU_IMG amend $SECRETS $IMGS1 -o ${PR}state=inactive,${PR}old-secret=sec2
139
140 echo "== erase all keys of secret 1=="
141 $QEMU_IMG amend $SECRETS $IMGS1 -o ${PR}state=inactive,${PR}old-secret=sec1
142
143 echo "== erase all keys of secret 0=="
144 $QEMU_IMG amend $SECRETS $IMGS0 -o ${PR}state=inactive,${PR}old-secret=sec0
145
146 echo "== erasing secret3 will fail now since it is the only secret (in 3 slots) =="
147 $QEMU_IMG amend $SECRETS $IMGS3 -o ${PR}state=inactive,${PR}old-secret=sec3
148
149 echo
150 echo "== only secret3 should work now =="
151 for IMG in "$IMGS0" "$IMGS1" "$IMGS2" "$IMGS3"; do
152 $QEMU_IO $SECRETS -c "read 0 4096" $IMG | _filter_qemu_io | _filter_testdir
153 done
154
155 echo
156 echo "== add secret0 =="
157 $QEMU_IMG amend $SECRETS $IMGS3 -o ${PR}state=active,${PR}new-secret=sec0,${PR}iter-time=10
158
159 echo "== erase secret3 =="
160 $QEMU_IMG amend $SECRETS $IMGS0 -o ${PR}state=inactive,${PR}old-secret=sec3
161
162 echo
163 echo "== only secret0 should work now =="
164 for IMG in "$IMGS0" "$IMGS1" "$IMGS2" "$IMGS3"; do
165 $QEMU_IO $SECRETS -c "read 0 4096" $IMG | _filter_qemu_io | _filter_testdir
166 done
167
168 echo
169 echo "== replace secret0 with secret1 (should fail) =="
170 $QEMU_IMG amend $SECRETS $IMGS0 -o ${PR}state=active,${PR}new-secret=sec1,${PR}keyslot=0
171
172 echo
173 echo "== replace secret0 with secret1 with force (should work) =="
174 $QEMU_IMG amend $SECRETS $IMGS0 -o ${PR}state=active,${PR}new-secret=sec1,${PR}iter-time=10,${PR}keyslot=0 --force
175
176 echo
177 echo "== only secret1 should work now =="
178 for IMG in "$IMGS0" "$IMGS1" "$IMGS2" "$IMGS3"; do
179 $QEMU_IO $SECRETS -c "read 0 4096" $IMG | _filter_qemu_io | _filter_testdir
180 done
181
182
183 echo
184 echo "== erase last secret (should fail) =="
185 $QEMU_IMG amend $SECRETS $IMGS1 -o ${PR}state=inactive,${PR}keyslot=0
186 $QEMU_IMG amend $SECRETS $IMGS1 -o ${PR}state=inactive,${PR}old-secret=sec1
187
188
189 echo "== erase non existing secrets (should fail) =="
190 $QEMU_IMG amend $SECRETS $IMGS1 -o ${PR}state=inactive,${PR}old-secret=sec5 --force
191 $QEMU_IMG amend $SECRETS $IMGS1 -o ${PR}state=inactive,${PR}old-secret=sec0 --force
192 $QEMU_IMG amend $SECRETS $IMGS1 -o ${PR}state=inactive,${PR}keyslot=1 --force
193
194 echo
195 echo "== erase last secret with force by slot (should work) =="
196 $QEMU_IMG amend $SECRETS $IMGS1 -o ${PR}state=inactive,${PR}keyslot=0 --force
197
198 echo
199 echo "== we have no secrets now, data is lost forever =="
200 for IMG in "$IMGS0" "$IMGS1" "$IMGS2" "$IMGS3"; do
201 $QEMU_IO $SECRETS -c "read 0 4096" $IMG | _filter_qemu_io | _filter_testdir
202 done
203
204 # success, all done
205 echo "*** done"
206 rm -f $seq.full
207 status=0
208
AR7 emulation for QEMU