[qemu.git] / tests / qemu-iotests / 294

#!/usr/bin/env bash
# group: rw quick
#
# Copyright (C) 2019 Red Hat, Inc.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.
#

# creator
[email protected]

seq=`basename $0`
echo "QA output created by $seq"

status=1	# failure is the default!

_cleanup()
{
	_cleanup_test_img
}
trap "_cleanup; exit \$status" 0 1 2 3 15

# get standard environment, filters and checks
. ./common.rc
. ./common.filter

_supported_fmt luks
_supported_proto file fuse #TODO

QEMU_IO_OPTIONS=$QEMU_IO_OPTIONS_NO_FMT

# you are supposed to see the password as *******, see :-)
S0="--object secret,id=sec0,data=hunter0"
S1="--object secret,id=sec1,data=hunter1"
SECRETS="$S0 $S1"


IMGS0="--image-opts driver=$IMGFMT,file.filename=$TEST_IMG,key-secret=sec0"
IMGS1="--image-opts driver=$IMGFMT,file.filename=$TEST_IMG,key-secret=sec1"

echo "== creating a test image =="
_make_test_img $S0 -o "key-secret=sec0,iter-time=10" 32M

echo
echo "== test that key 0 opens the image =="
$QEMU_IO $S0 -c "read 0 4096" $IMGS0 | _filter_qemu_io | _filter_testdir

echo
echo "== adding a password to slot 1 =="
$QEMU_IMG amend $SECRETS $IMGS0 -o state=active,new-secret=sec1,keyslot=1,iter-time=10

echo
echo "== 'backup' the image header =="
dd if=$TEST_IMG_FILE of=${TEST_IMG_FILE}.bk bs=4K skip=0 count=1

echo
echo "== erase slot 0 =="
$QEMU_IMG amend $SECRETS $IMGS1 -o state=inactive,keyslot=0 | _filter_img_create

echo
echo "== test that key 0 doesn't open the image =="
$QEMU_IO $S0 -c "read 0 4096" $IMGS0 | _filter_qemu_io | _filter_testdir

echo
echo "== 'restore' the image header =="
dd if=${TEST_IMG_FILE}.bk of=${TEST_IMG_FILE} bs=4K skip=0 count=1 conv=notrunc

echo
echo "== test that key 0 still doesn't open the image (key material is erased) =="
$QEMU_IO $SECRETS -c "read 0 4096" $IMGS0 | _filter_qemu_io | _filter_testdir

echo
echo "== test that key 1 still works =="
$QEMU_IO $SECRETS -c "read 0 4096" $IMGS1 | _filter_qemu_io | _filter_testdir

echo "*** done"
rm -f $seq.full
status=0


exit 0
Commit	Line	Data
92a476e9	1	#!/usr/bin/env bash
9dd003a9	2	# group: rw quick
11d80bfc ML	3	#
	4	# Copyright (C) 2019 Red Hat, Inc.
	5	#
	6	# This program is free software; you can redistribute it and/or modify
	7	# it under the terms of the GNU General Public License as published by
	8	# the Free Software Foundation; either version 2 of the License, or
	9	# (at your option) any later version.
	10	#
	11	# This program is distributed in the hope that it will be useful,
	12	# but WITHOUT ANY WARRANTY; without even the implied warranty of
	13	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	14	# GNU General Public License for more details.
	15	#
	16	# You should have received a copy of the GNU General Public License
	17	# along with this program. If not, see <http://www.gnu.org/licenses/>.
	18	#
	19
	20	# creator
	21	[email protected]
	22
	23	seq=`basename $0`
	24	echo "QA output created by $seq"
	25
	26	status=1 # failure is the default!
	27
	28	_cleanup()
	29	{
	30	_cleanup_test_img
	31	}
	32	trap "_cleanup; exit \$status" 0 1 2 3 15
	33
	34	# get standard environment, filters and checks
	35	. ./common.rc
	36	. ./common.filter
	37
	38	_supported_fmt luks
57284d2a	39	_supported_proto file fuse #TODO
11d80bfc ML	40
	41	QEMU_IO_OPTIONS=$QEMU_IO_OPTIONS_NO_FMT
	42
	43	# you are supposed to see the password as *******, see :-)
	44	S0="--object secret,id=sec0,data=hunter0"
	45	S1="--object secret,id=sec1,data=hunter1"
	46	SECRETS="$S0 $S1"
	47
	48
	49	IMGS0="--image-opts driver=$IMGFMT,file.filename=$TEST_IMG,key-secret=sec0"
	50	IMGS1="--image-opts driver=$IMGFMT,file.filename=$TEST_IMG,key-secret=sec1"
	51
	52	echo "== creating a test image =="
	53	_make_test_img $S0 -o "key-secret=sec0,iter-time=10" 32M
	54
	55	echo
	56	echo "== test that key 0 opens the image =="
	57	$QEMU_IO $S0 -c "read 0 4096" $IMGS0 \| _filter_qemu_io \| _filter_testdir
	58
	59	echo
	60	echo "== adding a password to slot 1 =="
	61	$QEMU_IMG amend $SECRETS $IMGS0 -o state=active,new-secret=sec1,keyslot=1,iter-time=10
	62
	63	echo
	64	echo "== 'backup' the image header =="
	65	dd if=$TEST_IMG_FILE of=${TEST_IMG_FILE}.bk bs=4K skip=0 count=1
	66
	67	echo
	68	echo "== erase slot 0 =="
	69	$QEMU_IMG amend $SECRETS $IMGS1 -o state=inactive,keyslot=0 \| _filter_img_create
	70
	71	echo
	72	echo "== test that key 0 doesn't open the image =="
	73	$QEMU_IO $S0 -c "read 0 4096" $IMGS0 \| _filter_qemu_io \| _filter_testdir
	74
	75	echo
	76	echo "== 'restore' the image header =="
	77	dd if=${TEST_IMG_FILE}.bk of=${TEST_IMG_FILE} bs=4K skip=0 count=1 conv=notrunc
	78
	79	echo
	80	echo "== test that key 0 still doesn't open the image (key material is erased) =="
	81	$QEMU_IO $SECRETS -c "read 0 4096" $IMGS0 \| _filter_qemu_io \| _filter_testdir
	82
	83	echo
	84	echo "== test that key 1 still works =="
	85	$QEMU_IO $SECRETS -c "read 0 4096" $IMGS1 \| _filter_qemu_io \| _filter_testdir
	86
	87	echo "*** done"
	88	rm -f $seq.full
	89	status=0
	90
	91
	92	exit 0