[mirror_qemu.git] / tests / qemu-iotests / 149

#!/usr/bin/env python
#
# Copyright (C) 2016 Red Hat, Inc.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.
#
# Creator/Owner: Daniel P. Berrange <berrange@redhat.com>
#
# Exercise the QEMU 'luks' block driver to validate interoperability
# with the Linux dm-crypt + cryptsetup implementation

from __future__ import print_function
import subprocess
import os
import os.path

import base64

import iotests


class LUKSConfig(object):
    """Represent configuration parameters for a single LUKS
       setup to be tested"""

    def __init__(self, name, cipher, keylen, mode, ivgen,
                 ivgen_hash, hash, password=None, passwords=None):

        self.name = name
        self.cipher = cipher
        self.keylen = keylen
        self.mode = mode
        self.ivgen = ivgen
        self.ivgen_hash = ivgen_hash
        self.hash = hash

        if passwords is not None:
            self.passwords = passwords
        else:
            self.passwords = {}

            if password is None:
                self.passwords["0"] = "123456"
            else:
                self.passwords["0"] = password

    def __repr__(self):
        return self.name

    def image_name(self):
        return "luks-%s.img" % self.name

    def image_path(self):
        return os.path.join(iotests.test_dir, self.image_name())

    def device_name(self):
        return "qiotest-145-%s" % self.name

    def device_path(self):
        return "/dev/mapper/" + self.device_name()

    def first_password(self):
        for i in range(8):
            slot = str(i)
            if slot in self.passwords:
                return (self.passwords[slot], slot)
        raise Exception("No password found")

    def first_password_base64(self):
        (pw, slot) = self.first_password()
        return base64.b64encode(pw)

    def active_slots(self):
        slots = []
        for i in range(8):
            slot = str(i)
            if slot in self.passwords:
                slots.append(slot)
        return slots

def verify_passwordless_sudo():
    """Check whether sudo is configured to allow
       password-less access to commands"""

    args = ["sudo", "-n", "/bin/true"]

    proc = subprocess.Popen(args,
                            stdin=subprocess.PIPE,
                            stdout=subprocess.PIPE,
                            stderr=subprocess.STDOUT)

    msg = proc.communicate()[0]

    if proc.returncode != 0:
        iotests.notrun('requires password-less sudo access: %s' % msg)


def cryptsetup(args, password=None):
    """Run the cryptsetup command in batch mode"""

    fullargs = ["sudo", "cryptsetup", "-q", "-v"]
    fullargs.extend(args)

    iotests.log(" ".join(fullargs), filters=[iotests.filter_test_dir])
    proc = subprocess.Popen(fullargs,
                            stdin=subprocess.PIPE,
                            stdout=subprocess.PIPE,
                            stderr=subprocess.STDOUT)

    msg = proc.communicate(password)[0]

    if proc.returncode != 0:
        raise Exception(msg)


def cryptsetup_add_password(config, slot):
    """Add another password to a LUKS key slot"""

    (password, mainslot) = config.first_password()

    pwfile = os.path.join(iotests.test_dir, "passwd.txt")
    with open(pwfile, "w") as fh:
        fh.write(config.passwords[slot])

    try:
        args = ["luksAddKey", config.image_path(),
                "--key-slot", slot,
                "--key-file", "-",
                "--iter-time", "10",
                pwfile]

        cryptsetup(args, password)
    finally:
        os.unlink(pwfile)


def cryptsetup_format(config):
    """Format a new LUKS volume with cryptsetup, adding the
    first key slot only"""

    (password, slot) = config.first_password()

    args = ["luksFormat"]
    cipher = config.cipher + "-" + config.mode + "-" + config.ivgen
    if config.ivgen_hash is not None:
        cipher = cipher + ":" + config.ivgen_hash
    elif config.ivgen == "essiv":
        cipher = cipher + ":" + "sha256"
    args.extend(["--cipher", cipher])
    if config.mode == "xts":
        args.extend(["--key-size", str(config.keylen * 2)])
    else:
        args.extend(["--key-size", str(config.keylen)])
    if config.hash is not None:
        args.extend(["--hash", config.hash])
    args.extend(["--key-slot", slot])
    args.extend(["--key-file", "-"])
    args.extend(["--iter-time", "10"])
    args.append(config.image_path())

    cryptsetup(args, password)


def chown(config):
    """Set the ownership of a open LUKS device to this user"""

    path = config.device_path()

    args = ["sudo", "chown", "%d:%d" % (os.getuid(), os.getgid()), path]
    iotests.log(" ".join(args), filters=[iotests.filter_chown])
    proc = subprocess.Popen(args,
                            stdin=subprocess.PIPE,
                            stdout=subprocess.PIPE,
                            stderr=subprocess.STDOUT)

    msg = proc.communicate()[0]

    if proc.returncode != 0:
        raise Exception(msg)


def cryptsetup_open(config):
    """Open an image as a LUKS device"""

    (password, slot) = config.first_password()

    args = ["luksOpen", config.image_path(), config.device_name()]

    cryptsetup(args, password)


def cryptsetup_close(config):
    """Close an active LUKS device """

    args = ["luksClose", config.device_name()]
    cryptsetup(args)


def delete_image(config):
    """Delete a disk image"""

    try:
        os.unlink(config.image_path())
        iotests.log("unlink %s" % config.image_path(),
                    filters=[iotests.filter_test_dir])
    except Exception as e:
        pass


def create_image(config, size_mb):
    """Create a bare disk image with requested size"""

    delete_image(config)
    iotests.log("truncate %s --size %dMB" % (config.image_path(), size_mb),
                filters=[iotests.filter_test_dir])
    with open(config.image_path(), "w") as fn:
        fn.truncate(size_mb * 1024 * 1024)


def qemu_img_create(config, size_mb):
    """Create and format a disk image with LUKS using qemu-img"""

    opts = [
        "key-secret=sec0",
        "iter-time=10",
        "cipher-alg=%s-%d" % (config.cipher, config.keylen),
        "cipher-mode=%s" % config.mode,
        "ivgen-alg=%s" % config.ivgen,
        "hash-alg=%s" % config.hash,
    ]
    if config.ivgen_hash is not None:
        opts.append("ivgen-hash-alg=%s" % config.ivgen_hash)

    args = ["create", "-f", "luks",
            "--object",
            ("secret,id=sec0,data=%s,format=base64" %
             config.first_password_base64()),
            "-o", ",".join(opts),
            config.image_path(),
            "%dM" % size_mb]

    iotests.log("qemu-img " + " ".join(args), filters=[iotests.filter_test_dir])
    iotests.log(iotests.qemu_img_pipe(*args), filters=[iotests.filter_test_dir])

def qemu_io_image_args(config, dev=False):
    """Get the args for access an image or device with qemu-io"""

    if dev:
        return [
            "--image-opts",
            "driver=file,filename=%s" % config.device_path()]
    else:
        return [
            "--object",
            ("secret,id=sec0,data=%s,format=base64" %
             config.first_password_base64()),
            "--image-opts",
            ("driver=luks,key-secret=sec0,file.filename=%s" %
             config.image_path())]

def qemu_io_write_pattern(config, pattern, offset_mb, size_mb, dev=False):
    """Write a pattern of data to a LUKS image or device"""

    if dev:
        chown(config)
    args = ["-c", "write -P 0x%x %dM %dM" % (pattern, offset_mb, size_mb)]
    args.extend(qemu_io_image_args(config, dev))
    iotests.log("qemu-io " + " ".join(args), filters=[iotests.filter_test_dir])
    iotests.log(iotests.qemu_io(*args), filters=[iotests.filter_test_dir,
                                                 iotests.filter_qemu_io])


def qemu_io_read_pattern(config, pattern, offset_mb, size_mb, dev=False):
    """Read a pattern of data to a LUKS image or device"""

    if dev:
        chown(config)
    args = ["-c", "read -P 0x%x %dM %dM" % (pattern, offset_mb, size_mb)]
    args.extend(qemu_io_image_args(config, dev))
    iotests.log("qemu-io " + " ".join(args), filters=[iotests.filter_test_dir])
    iotests.log(iotests.qemu_io(*args), filters=[iotests.filter_test_dir,
                                                 iotests.filter_qemu_io])


def test_once(config, qemu_img=False):
    """Run the test with a desired LUKS configuration. Can either
       use qemu-img for creating the initial volume, or cryptsetup,
       in order to test interoperability in both directions"""

    iotests.log("# ================= %s %s =================" % (
        "qemu-img" if qemu_img else "dm-crypt", config))

    oneKB = 1024
    oneMB = oneKB * 1024
    oneGB = oneMB * 1024
    oneTB = oneGB * 1024

    # 4 TB, so that we pass the 32-bit sector number boundary.
    # Important for testing correctness of some IV generators
    # The files are sparse, so not actually using this much space
    image_size = 4 * oneTB
    if qemu_img:
        iotests.log("# Create image")
        qemu_img_create(config, image_size / oneMB)
    else:
        iotests.log("# Create image")
        create_image(config, image_size / oneMB)

    lowOffsetMB = 100
    highOffsetMB = 3 * oneTB / oneMB

    try:
        if not qemu_img:
            iotests.log("# Format image")
            cryptsetup_format(config)

            for slot in config.active_slots()[1:]:
                iotests.log("# Add password slot %s" % slot)
                cryptsetup_add_password(config, slot)

        # First we'll open the image using cryptsetup and write a
        # known pattern of data that we'll then verify with QEMU

        iotests.log("# Open dev")
        cryptsetup_open(config)

        try:
            iotests.log("# Write test pattern 0xa7")
            qemu_io_write_pattern(config, 0xa7, lowOffsetMB, 10, dev=True)
            iotests.log("# Write test pattern 0x13")
            qemu_io_write_pattern(config, 0x13, highOffsetMB, 10, dev=True)
        finally:
            iotests.log("# Close dev")
            cryptsetup_close(config)

        # Ok, now we're using QEMU to verify the pattern just
        # written via dm-crypt

        iotests.log("# Read test pattern 0xa7")
        qemu_io_read_pattern(config, 0xa7, lowOffsetMB, 10, dev=False)
        iotests.log("# Read test pattern 0x13")
        qemu_io_read_pattern(config, 0x13, highOffsetMB, 10, dev=False)


        # Write a new pattern to the image, which we'll later
        # verify with dm-crypt
        iotests.log("# Write test pattern 0x91")
        qemu_io_write_pattern(config, 0x91, lowOffsetMB, 10, dev=False)
        iotests.log("# Write test pattern 0x5e")
        qemu_io_write_pattern(config, 0x5e, highOffsetMB, 10, dev=False)


        # Now we're opening the image with dm-crypt once more
        # and verifying what QEMU wrote, completing the circle
        iotests.log("# Open dev")
        cryptsetup_open(config)

        try:
            iotests.log("# Read test pattern 0x91")
            qemu_io_read_pattern(config, 0x91, lowOffsetMB, 10, dev=True)
            iotests.log("# Read test pattern 0x5e")
            qemu_io_read_pattern(config, 0x5e, highOffsetMB, 10, dev=True)
        finally:
            iotests.log("# Close dev")
            cryptsetup_close(config)
    finally:
        iotests.log("# Delete image")
        delete_image(config)
        print()


# Obviously we only work with the luks image format
iotests.verify_image_format(supported_fmts=['luks'])
iotests.verify_platform()

# We need sudo in order to run cryptsetup to create
# dm-crypt devices. This is safe to use on any
# machine, since all dm-crypt devices are backed
# by newly created plain files, and have a dm-crypt
# name prefix of 'qiotest' to avoid clashing with
# user LUKS volumes
verify_passwordless_sudo()


# If we look at all permutations of cipher, key size,
# mode, ivgen, hash, there are ~1000 possible configs.
#
# We certainly don't want/need to test every permutation
# to get good validation of interoperability between QEMU
# and dm-crypt/cryptsetup.
#
# The configs below are a representative set that aim to
# exercise each axis of configurability.
#
configs = [
    # A common LUKS default
    LUKSConfig("aes-256-xts-plain64-sha1",
               "aes", 256, "xts", "plain64", None, "sha1"),


    # LUKS default but diff ciphers
    LUKSConfig("twofish-256-xts-plain64-sha1",
               "twofish", 256, "xts", "plain64", None, "sha1"),
    LUKSConfig("serpent-256-xts-plain64-sha1",
               "serpent", 256, "xts", "plain64", None, "sha1"),
    # Should really be xts, but kernel doesn't support xts+cast5
    # nor does it do essiv+cast5
    LUKSConfig("cast5-128-cbc-plain64-sha1",
               "cast5", 128, "cbc", "plain64", None, "sha1"),
    LUKSConfig("cast6-256-xts-plain64-sha1",
               "cast6", 256, "xts", "plain64", None, "sha1"),


    # LUKS default but diff modes / ivgens
    LUKSConfig("aes-256-cbc-plain-sha1",
               "aes", 256, "cbc", "plain", None, "sha1"),
    LUKSConfig("aes-256-cbc-plain64-sha1",
               "aes", 256, "cbc", "plain64", None, "sha1"),
    LUKSConfig("aes-256-cbc-essiv-sha256-sha1",
               "aes", 256, "cbc", "essiv", "sha256", "sha1"),
    LUKSConfig("aes-256-xts-essiv-sha256-sha1",
               "aes", 256, "xts", "essiv", "sha256", "sha1"),


    # LUKS default but smaller key sizes
    LUKSConfig("aes-128-xts-plain64-sha256-sha1",
               "aes", 128, "xts", "plain64", None, "sha1"),
    LUKSConfig("aes-192-xts-plain64-sha256-sha1",
               "aes", 192, "xts", "plain64", None, "sha1"),

    LUKSConfig("twofish-128-xts-plain64-sha1",
               "twofish", 128, "xts", "plain64", None, "sha1"),
    LUKSConfig("twofish-192-xts-plain64-sha1",
               "twofish", 192, "xts", "plain64", None, "sha1"),

    LUKSConfig("serpent-128-xts-plain64-sha1",
               "serpent", 128, "xts", "plain64", None, "sha1"),
    LUKSConfig("serpent-192-xts-plain64-sha1",
               "serpent", 192, "xts", "plain64", None, "sha1"),

    LUKSConfig("cast6-128-xts-plain64-sha1",
               "cast6", 128, "xts", "plain", None, "sha1"),
    LUKSConfig("cast6-192-xts-plain64-sha1",
               "cast6", 192, "xts", "plain64", None, "sha1"),


    # LUKS default but diff hash
    LUKSConfig("aes-256-xts-plain64-sha224",
               "aes", 256, "xts", "plain64", None, "sha224"),
    LUKSConfig("aes-256-xts-plain64-sha256",
               "aes", 256, "xts", "plain64", None, "sha256"),
    LUKSConfig("aes-256-xts-plain64-sha384",
               "aes", 256, "xts", "plain64", None, "sha384"),
    LUKSConfig("aes-256-xts-plain64-sha512",
               "aes", 256, "xts", "plain64", None, "sha512"),
    LUKSConfig("aes-256-xts-plain64-ripemd160",
               "aes", 256, "xts", "plain64", None, "ripemd160"),

    # Password in slot 3
    LUKSConfig("aes-256-xts-plain-sha1-pwslot3",
               "aes", 256, "xts", "plain", None, "sha1",
               passwords={
                   "3": "slot3",
               }),

    # Passwords in every slot
    LUKSConfig("aes-256-xts-plain-sha1-pwallslots",
               "aes", 256, "xts", "plain", None, "sha1",
               passwords={
                   "0": "slot1",
                   "1": "slot1",
                   "2": "slot2",
                   "3": "slot3",
                   "4": "slot4",
                   "5": "slot5",
                   "6": "slot6",
                   "7": "slot7",
               }),

    # Check handling of default hash alg (sha256) with essiv
    LUKSConfig("aes-256-cbc-essiv-auto-sha1",
               "aes", 256, "cbc", "essiv", None, "sha1"),

    # Check that a useless hash provided for 'plain64' iv gen
    # is ignored and no error raised
    LUKSConfig("aes-256-cbc-plain64-sha256-sha1",
               "aes", 256, "cbc", "plain64", "sha256", "sha1"),

]

blacklist = [
    # We don't have a cast-6 cipher impl for QEMU yet
    "cast6-256-xts-plain64-sha1",
    "cast6-128-xts-plain64-sha1",
    "cast6-192-xts-plain64-sha1",

    # GCrypt doesn't support Twofish with 192 bit key
    "twofish-192-xts-plain64-sha1",
]

whitelist = []
if "LUKS_CONFIG" in os.environ:
    whitelist = os.environ["LUKS_CONFIG"].split(",")

for config in configs:
    if config.name in blacklist:
        iotests.log("Skipping %s in blacklist" % config.name)
        continue

    if len(whitelist) > 0 and config.name not in whitelist:
        iotests.log("Skipping %s not in whitelist" % config.name)
        continue

    test_once(config, qemu_img=False)

    # XXX we should support setting passwords in a non-0
    # key slot with 'qemu-img create' in future
    (pw, slot) = config.first_password()
    if slot == "0":
        test_once(config, qemu_img=True)
Commit	Line	Data
08db36f6	1	#!/usr/bin/env python
6278ae03 DB	2	#
	3	# Copyright (C) 2016 Red Hat, Inc.
	4	#
	5	# This program is free software; you can redistribute it and/or modify
	6	# it under the terms of the GNU General Public License as published by
	7	# the Free Software Foundation; either version 2 of the License, or
	8	# (at your option) any later version.
	9	#
	10	# This program is distributed in the hope that it will be useful,
	11	# but WITHOUT ANY WARRANTY; without even the implied warranty of
	12	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	13	# GNU General Public License for more details.
	14	#
	15	# You should have received a copy of the GNU General Public License
	16	# along with this program. If not, see <http://www.gnu.org/licenses/>.
	17	#
	18	# Creator/Owner: Daniel P. Berrange <berrange@redhat.com>
	19	#
	20	# Exercise the QEMU 'luks' block driver to validate interoperability
	21	# with the Linux dm-crypt + cryptsetup implementation
	22
f03868bd	23	from __future__ import print_function
6278ae03 DB	24	import subprocess
	25	import os
	26	import os.path
	27
	28	import base64
	29
	30	import iotests
	31
	32
	33	class LUKSConfig(object):
	34	"""Represent configuration parameters for a single LUKS
	35	setup to be tested"""
	36
	37	def __init__(self, name, cipher, keylen, mode, ivgen,
	38	ivgen_hash, hash, password=None, passwords=None):
	39
	40	self.name = name
	41	self.cipher = cipher
	42	self.keylen = keylen
	43	self.mode = mode
	44	self.ivgen = ivgen
	45	self.ivgen_hash = ivgen_hash
	46	self.hash = hash
	47
	48	if passwords is not None:
	49	self.passwords = passwords
	50	else:
	51	self.passwords = {}
	52
	53	if password is None:
	54	self.passwords["0"] = "123456"
	55	else:
	56	self.passwords["0"] = password
	57
	58	def __repr__(self):
	59	return self.name
	60
	61	def image_name(self):
	62	return "luks-%s.img" % self.name
	63
	64	def image_path(self):
	65	return os.path.join(iotests.test_dir, self.image_name())
	66
	67	def device_name(self):
	68	return "qiotest-145-%s" % self.name
	69
	70	def device_path(self):
	71	return "/dev/mapper/" + self.device_name()
	72
	73	def first_password(self):
	74	for i in range(8):
	75	slot = str(i)
	76	if slot in self.passwords:
	77	return (self.passwords[slot], slot)
	78	raise Exception("No password found")
	79
	80	def first_password_base64(self):
	81	(pw, slot) = self.first_password()
	82	return base64.b64encode(pw)
	83
	84	def active_slots(self):
	85	slots = []
	86	for i in range(8):
	87	slot = str(i)
88	if slot in self.passwords:
89	slots.append(slot)
90	return slots
91
92	def verify_passwordless_sudo():
93	"""Check whether sudo is configured to allow
94	password-less access to commands"""
95
96	args = ["sudo", "-n", "/bin/true"]
97
98	proc = subprocess.Popen(args,
99	stdin=subprocess.PIPE,
100	stdout=subprocess.PIPE,
101	stderr=subprocess.STDOUT)
102
103	msg = proc.communicate()[0]
104
105	if proc.returncode != 0:
106	iotests.notrun('requires password-less sudo access: %s' % msg)
107
108
109	def cryptsetup(args, password=None):
110	"""Run the cryptsetup command in batch mode"""
111
112	fullargs = ["sudo", "cryptsetup", "-q", "-v"]
113	fullargs.extend(args)
114
115	iotests.log(" ".join(fullargs), filters=[iotests.filter_test_dir])
116	proc = subprocess.Popen(fullargs,
117	stdin=subprocess.PIPE,
118	stdout=subprocess.PIPE,
119	stderr=subprocess.STDOUT)
120
121	msg = proc.communicate(password)[0]
122
123	if proc.returncode != 0:
124	raise Exception(msg)
125
126
127	def cryptsetup_add_password(config, slot):
128	"""Add another password to a LUKS key slot"""
129
130	(password, mainslot) = config.first_password()
131
132	pwfile = os.path.join(iotests.test_dir, "passwd.txt")
133	with open(pwfile, "w") as fh:
134	fh.write(config.passwords[slot])
135
136	try:
137	args = ["luksAddKey", config.image_path(),
138	"--key-slot", slot,
139	"--key-file", "-",
307d9991	140	"--iter-time", "10",
6278ae03 DB	141	pwfile]
	142
	143	cryptsetup(args, password)
	144	finally:
	145	os.unlink(pwfile)
	146
	147
	148	def cryptsetup_format(config):
	149	"""Format a new LUKS volume with cryptsetup, adding the
	150	first key slot only"""
	151
	152	(password, slot) = config.first_password()
	153
	154	args = ["luksFormat"]
	155	cipher = config.cipher + "-" + config.mode + "-" + config.ivgen
	156	if config.ivgen_hash is not None:
	157	cipher = cipher + ":" + config.ivgen_hash
8b7cdba3 DB	158	elif config.ivgen == "essiv":
8b7cdba3 DB	159	cipher = cipher + ":" + "sha256"
6278ae03 DB	160	args.extend(["--cipher", cipher])
	161	if config.mode == "xts":
	162	args.extend(["--key-size", str(config.keylen * 2)])
	163	else:
	164	args.extend(["--key-size", str(config.keylen)])
	165	if config.hash is not None:
	166	args.extend(["--hash", config.hash])
	167	args.extend(["--key-slot", slot])
	168	args.extend(["--key-file", "-"])
307d9991	169	args.extend(["--iter-time", "10"])
6278ae03 DB	170	args.append(config.image_path())
	171
	172	cryptsetup(args, password)
	173
	174
	175	def chown(config):
	176	"""Set the ownership of a open LUKS device to this user"""
	177
	178	path = config.device_path()
	179
	180	args = ["sudo", "chown", "%d:%d" % (os.getuid(), os.getgid()), path]
	181	iotests.log(" ".join(args), filters=[iotests.filter_chown])
	182	proc = subprocess.Popen(args,
	183	stdin=subprocess.PIPE,
	184	stdout=subprocess.PIPE,
	185	stderr=subprocess.STDOUT)
	186
	187	msg = proc.communicate()[0]
	188
	189	if proc.returncode != 0:
ae50b71d	190	raise Exception(msg)
6278ae03 DB	191
	192
	193	def cryptsetup_open(config):
	194	"""Open an image as a LUKS device"""
	195
	196	(password, slot) = config.first_password()
	197
	198	args = ["luksOpen", config.image_path(), config.device_name()]
	199
	200	cryptsetup(args, password)
	201
	202
	203	def cryptsetup_close(config):
	204	"""Close an active LUKS device """
	205
	206	args = ["luksClose", config.device_name()]
	207	cryptsetup(args)
	208
	209
	210	def delete_image(config):
	211	"""Delete a disk image"""
	212
	213	try:
	214	os.unlink(config.image_path())
	215	iotests.log("unlink %s" % config.image_path(),
	216	filters=[iotests.filter_test_dir])
	217	except Exception as e:
	218	pass
	219
	220
	221	def create_image(config, size_mb):
	222	"""Create a bare disk image with requested size"""
	223
	224	delete_image(config)
	225	iotests.log("truncate %s --size %dMB" % (config.image_path(), size_mb),
	226	filters=[iotests.filter_test_dir])
	227	with open(config.image_path(), "w") as fn:
	228	fn.truncate(size_mb * 1024 * 1024)
	229
	230
	231	def qemu_img_create(config, size_mb):
	232	"""Create and format a disk image with LUKS using qemu-img"""
	233
	234	opts = [
	235	"key-secret=sec0",
307d9991	236	"iter-time=10",
6278ae03 DB	237	"cipher-alg=%s-%d" % (config.cipher, config.keylen),
	238	"cipher-mode=%s" % config.mode,
	239	"ivgen-alg=%s" % config.ivgen,
	240	"hash-alg=%s" % config.hash,
	241	]
	242	if config.ivgen_hash is not None:
	243	opts.append("ivgen-hash-alg=%s" % config.ivgen_hash)
	244
	245	args = ["create", "-f", "luks",
	246	"--object",
	247	("secret,id=sec0,data=%s,format=base64" %
	248	config.first_password_base64()),
	249	"-o", ",".join(opts),
	250	config.image_path(),
	251	"%dM" % size_mb]
	252
	253	iotests.log("qemu-img " + " ".join(args), filters=[iotests.filter_test_dir])
	254	iotests.log(iotests.qemu_img_pipe(*args), filters=[iotests.filter_test_dir])
	255
	256	def qemu_io_image_args(config, dev=False):
	257	"""Get the args for access an image or device with qemu-io"""
	258
	259	if dev:
	260	return [
	261	"--image-opts",
	262	"driver=file,filename=%s" % config.device_path()]
	263	else:
	264	return [
	265	"--object",
	266	("secret,id=sec0,data=%s,format=base64" %
	267	config.first_password_base64()),
	268	"--image-opts",
	269	("driver=luks,key-secret=sec0,file.filename=%s" %
	270	config.image_path())]
	271
	272	def qemu_io_write_pattern(config, pattern, offset_mb, size_mb, dev=False):
	273	"""Write a pattern of data to a LUKS image or device"""
	274
ae50b71d DB	275	if dev:
ae50b71d DB	276	chown(config)
6278ae03 DB	277	args = ["-c", "write -P 0x%x %dM %dM" % (pattern, offset_mb, size_mb)]
	278	args.extend(qemu_io_image_args(config, dev))
	279	iotests.log("qemu-io " + " ".join(args), filters=[iotests.filter_test_dir])
	280	iotests.log(iotests.qemu_io(*args), filters=[iotests.filter_test_dir,
	281	iotests.filter_qemu_io])
	282
	283
	284	def qemu_io_read_pattern(config, pattern, offset_mb, size_mb, dev=False):
	285	"""Read a pattern of data to a LUKS image or device"""
	286
ae50b71d DB	287	if dev:
ae50b71d DB	288	chown(config)
6278ae03 DB	289	args = ["-c", "read -P 0x%x %dM %dM" % (pattern, offset_mb, size_mb)]
	290	args.extend(qemu_io_image_args(config, dev))
	291	iotests.log("qemu-io " + " ".join(args), filters=[iotests.filter_test_dir])
	292	iotests.log(iotests.qemu_io(*args), filters=[iotests.filter_test_dir,
	293	iotests.filter_qemu_io])
	294
	295
	296	def test_once(config, qemu_img=False):
	297	"""Run the test with a desired LUKS configuration. Can either
	298	use qemu-img for creating the initial volume, or cryptsetup,
	299	in order to test interoperability in both directions"""
	300
	301	iotests.log("# ================= %s %s =================" % (
	302	"qemu-img" if qemu_img else "dm-crypt", config))
	303
	304	oneKB = 1024
	305	oneMB = oneKB * 1024
	306	oneGB = oneMB * 1024
	307	oneTB = oneGB * 1024
	308
	309	# 4 TB, so that we pass the 32-bit sector number boundary.
	310	# Important for testing correctness of some IV generators
	311	# The files are sparse, so not actually using this much space
	312	image_size = 4 * oneTB
	313	if qemu_img:
	314	iotests.log("# Create image")
	315	qemu_img_create(config, image_size / oneMB)
	316	else:
	317	iotests.log("# Create image")
	318	create_image(config, image_size / oneMB)
	319
	320	lowOffsetMB = 100
	321	highOffsetMB = 3 * oneTB / oneMB
	322
	323	try:
	324	if not qemu_img:
	325	iotests.log("# Format image")
	326	cryptsetup_format(config)
	327
	328	for slot in config.active_slots()[1:]:
	329	iotests.log("# Add password slot %s" % slot)
	330	cryptsetup_add_password(config, slot)
	331
	332	# First we'll open the image using cryptsetup and write a
	333	# known pattern of data that we'll then verify with QEMU
	334
	335	iotests.log("# Open dev")
	336	cryptsetup_open(config)
	337
	338	try:
6278ae03 DB	339	iotests.log("# Write test pattern 0xa7")
	340	qemu_io_write_pattern(config, 0xa7, lowOffsetMB, 10, dev=True)
	341	iotests.log("# Write test pattern 0x13")
	342	qemu_io_write_pattern(config, 0x13, highOffsetMB, 10, dev=True)
	343	finally:
	344	iotests.log("# Close dev")
	345	cryptsetup_close(config)
	346
	347	# Ok, now we're using QEMU to verify the pattern just
	348	# written via dm-crypt
	349
	350	iotests.log("# Read test pattern 0xa7")
	351	qemu_io_read_pattern(config, 0xa7, lowOffsetMB, 10, dev=False)
	352	iotests.log("# Read test pattern 0x13")
	353	qemu_io_read_pattern(config, 0x13, highOffsetMB, 10, dev=False)
	354
	355
	356	# Write a new pattern to the image, which we'll later
	357	# verify with dm-crypt
	358	iotests.log("# Write test pattern 0x91")
	359	qemu_io_write_pattern(config, 0x91, lowOffsetMB, 10, dev=False)
	360	iotests.log("# Write test pattern 0x5e")
	361	qemu_io_write_pattern(config, 0x5e, highOffsetMB, 10, dev=False)
	362
	363
	364	# Now we're opening the image with dm-crypt once more
	365	# and verifying what QEMU wrote, completing the circle
	366	iotests.log("# Open dev")
	367	cryptsetup_open(config)
	368
	369	try:
6278ae03 DB	370	iotests.log("# Read test pattern 0x91")
	371	qemu_io_read_pattern(config, 0x91, lowOffsetMB, 10, dev=True)
	372	iotests.log("# Read test pattern 0x5e")
	373	qemu_io_read_pattern(config, 0x5e, highOffsetMB, 10, dev=True)
	374	finally:
	375	iotests.log("# Close dev")
	376	cryptsetup_close(config)
	377	finally:
	378	iotests.log("# Delete image")
	379	delete_image(config)
f03868bd	380	print()
6278ae03 DB	381
	382
	383	# Obviously we only work with the luks image format
	384	iotests.verify_image_format(supported_fmts=['luks'])
	385	iotests.verify_platform()
	386
	387	# We need sudo in order to run cryptsetup to create
	388	# dm-crypt devices. This is safe to use on any
	389	# machine, since all dm-crypt devices are backed
	390	# by newly created plain files, and have a dm-crypt
	391	# name prefix of 'qiotest' to avoid clashing with
	392	# user LUKS volumes
	393	verify_passwordless_sudo()
	394
	395
	396	# If we look at all permutations of cipher, key size,
	397	# mode, ivgen, hash, there are ~1000 possible configs.
	398	#
	399	# We certainly don't want/need to test every permutation
	400	# to get good validation of interoperability between QEMU
	401	# and dm-crypt/cryptsetup.
	402	#
	403	# The configs below are a representative set that aim to
	404	# exercise each axis of configurability.
	405	#
	406	configs = [
	407	# A common LUKS default
	408	LUKSConfig("aes-256-xts-plain64-sha1",
	409	"aes", 256, "xts", "plain64", None, "sha1"),
	410
	411
	412	# LUKS default but diff ciphers
	413	LUKSConfig("twofish-256-xts-plain64-sha1",
	414	"twofish", 256, "xts", "plain64", None, "sha1"),
	415	LUKSConfig("serpent-256-xts-plain64-sha1",
	416	"serpent", 256, "xts", "plain64", None, "sha1"),
	417	# Should really be xts, but kernel doesn't support xts+cast5
	418	# nor does it do essiv+cast5
	419	LUKSConfig("cast5-128-cbc-plain64-sha1",
	420	"cast5", 128, "cbc", "plain64", None, "sha1"),
	421	LUKSConfig("cast6-256-xts-plain64-sha1",
	422	"cast6", 256, "xts", "plain64", None, "sha1"),
	423
	424
	425	# LUKS default but diff modes / ivgens
	426	LUKSConfig("aes-256-cbc-plain-sha1",
	427	"aes", 256, "cbc", "plain", None, "sha1"),
	428	LUKSConfig("aes-256-cbc-plain64-sha1",
	429	"aes", 256, "cbc", "plain64", None, "sha1"),
	430	LUKSConfig("aes-256-cbc-essiv-sha256-sha1",
	431	"aes", 256, "cbc", "essiv", "sha256", "sha1"),
	432	LUKSConfig("aes-256-xts-essiv-sha256-sha1",
	433	"aes", 256, "xts", "essiv", "sha256", "sha1"),
	434
	435
	436	# LUKS default but smaller key sizes
	437	LUKSConfig("aes-128-xts-plain64-sha256-sha1",
	438	"aes", 128, "xts", "plain64", None, "sha1"),
	439	LUKSConfig("aes-192-xts-plain64-sha256-sha1",
	440	"aes", 192, "xts", "plain64", None, "sha1"),
	441
	442	LUKSConfig("twofish-128-xts-plain64-sha1",
	443	"twofish", 128, "xts", "plain64", None, "sha1"),
	444	LUKSConfig("twofish-192-xts-plain64-sha1",
445	"twofish", 192, "xts", "plain64", None, "sha1"),
446
447	LUKSConfig("serpent-128-xts-plain64-sha1",
448	"serpent", 128, "xts", "plain64", None, "sha1"),
449	LUKSConfig("serpent-192-xts-plain64-sha1",
450	"serpent", 192, "xts", "plain64", None, "sha1"),
451
452	LUKSConfig("cast6-128-xts-plain64-sha1",
453	"cast6", 128, "xts", "plain", None, "sha1"),
454	LUKSConfig("cast6-192-xts-plain64-sha1",
455	"cast6", 192, "xts", "plain64", None, "sha1"),
456
457
458	# LUKS default but diff hash
a488e71e DB	459	LUKSConfig("aes-256-xts-plain64-sha224",
a488e71e DB	460	"aes", 256, "xts", "plain64", None, "sha224"),
6278ae03 DB	461	LUKSConfig("aes-256-xts-plain64-sha256",
6278ae03 DB	462	"aes", 256, "xts", "plain64", None, "sha256"),
a488e71e DB	463	LUKSConfig("aes-256-xts-plain64-sha384",
a488e71e DB	464	"aes", 256, "xts", "plain64", None, "sha384"),
6278ae03 DB	465	LUKSConfig("aes-256-xts-plain64-sha512",
	466	"aes", 256, "xts", "plain64", None, "sha512"),
	467	LUKSConfig("aes-256-xts-plain64-ripemd160",
	468	"aes", 256, "xts", "plain64", None, "ripemd160"),
	469
	470	# Password in slot 3
	471	LUKSConfig("aes-256-xts-plain-sha1-pwslot3",
	472	"aes", 256, "xts", "plain", None, "sha1",
	473	passwords={
	474	"3": "slot3",
	475	}),
	476
	477	# Passwords in every slot
	478	LUKSConfig("aes-256-xts-plain-sha1-pwallslots",
	479	"aes", 256, "xts", "plain", None, "sha1",
	480	passwords={
	481	"0": "slot1",
	482	"1": "slot1",
	483	"2": "slot2",
	484	"3": "slot3",
	485	"4": "slot4",
	486	"5": "slot5",
	487	"6": "slot6",
	488	"7": "slot7",
	489	}),
8b7cdba3 DB	490
	491	# Check handling of default hash alg (sha256) with essiv
	492	LUKSConfig("aes-256-cbc-essiv-auto-sha1",
	493	"aes", 256, "cbc", "essiv", None, "sha1"),
	494
	495	# Check that a useless hash provided for 'plain64' iv gen
	496	# is ignored and no error raised
	497	LUKSConfig("aes-256-cbc-plain64-sha256-sha1",
	498	"aes", 256, "cbc", "plain64", "sha256", "sha1"),
	499
6278ae03 DB	500	]
	501
	502	blacklist = [
	503	# We don't have a cast-6 cipher impl for QEMU yet
	504	"cast6-256-xts-plain64-sha1",
	505	"cast6-128-xts-plain64-sha1",
	506	"cast6-192-xts-plain64-sha1",
	507
	508	# GCrypt doesn't support Twofish with 192 bit key
	509	"twofish-192-xts-plain64-sha1",
6278ae03 DB	510	]
	511
	512	whitelist = []
	513	if "LUKS_CONFIG" in os.environ:
	514	whitelist = os.environ["LUKS_CONFIG"].split(",")
	515
	516	for config in configs:
	517	if config.name in blacklist:
	518	iotests.log("Skipping %s in blacklist" % config.name)
	519	continue
	520
	521	if len(whitelist) > 0 and config.name not in whitelist:
	522	iotests.log("Skipping %s not in whitelist" % config.name)
	523	continue
	524
	525	test_once(config, qemu_img=False)
	526
	527	# XXX we should support setting passwords in a non-0
	528	# key slot with 'qemu-img create' in future
	529	(pw, slot) = config.first_password()
	530	if slot == "0":
	531	test_once(config, qemu_img=True)