From patchwork Wed Mar 2 17:49:14 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= X-Patchwork-Id: 12766458 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 9D3B3C433FE for ; Wed, 2 Mar 2022 17:52:04 +0000 (UTC) Received: from localhost ([::1]:40282 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nPT8t-00007w-H5 for qemu-devel@archiver.kernel.org; Wed, 02 Mar 2022 12:52:03 -0500 Received: from eggs.gnu.org ([209.51.188.92]:53846) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nPT70-0005r1-Ia for qemu-devel@nongnu.org; Wed, 02 Mar 2022 12:50:06 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:53306) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nPT6y-0008B1-Rd for qemu-devel@nongnu.org; Wed, 02 Mar 2022 12:50:06 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1646243403; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Oh5uKooIwZDpg/vStznMUnlZRgtm/pLwZuqMCZbKJ9c=; b=TvW2+NFxmBurGSX9RibZVGgIyEBtlwiFpH02l/HwEfFq5tV1HEmJ9v+dzNNV2qCIry4FXO qiW4mJH3c3hqPJeEWslzJyfpZt3cVsOE4nwj50iY3mk1b0J43AyfwMME/Sr0T2Y/HCHKKj GQyT26lMTGnFy0bCgozWpDMkUTamoeQ= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-210-zzuZDcFWNZyGcIkDrqyxQA-1; Wed, 02 Mar 2022 12:49:58 -0500 X-MC-Unique: zzuZDcFWNZyGcIkDrqyxQA-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 80271801AFE for ; Wed, 2 Mar 2022 17:49:57 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.33.36.166]) by smtp.corp.redhat.com (Postfix) with ESMTP id 282188001D; Wed, 2 Mar 2022 17:49:34 +0000 (UTC) From: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PATCH 00/18] tests: introduce testing coverage for TLS with migration Date: Wed, 2 Mar 2022 17:49:14 +0000 Message-Id: <20220302174932.2692378-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=berrange@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -28 X-Spam_score: -2.9 X-Spam_bar: -- X-Spam_report: (-2.9 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.082, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Laurent Vivier , Thomas Huth , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , Juan Quintela , "Dr. David Alan Gilbert" , Peter Xu , Paolo Bonzini Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" This significantly expands the migration test suite to cover testing with TLS over TCP and UNIX sockets, with both PSK (pre shared keys) and x509 credentials, and for both single and multifd scenarios. It identified one bug in handling PSK credentials with UNIX sockets, but other than that everything was operating as expected. To minimize the impact on code duplication alopt of refactoring is done of the migration tests to introduce a common helper for running the migration process. The various tests mostly just have to provide a callback to set a few parameters/capabilities before migration starts, and sometimes a callback to cleanup or validate after completion/failure. Daniel P. Berrangé (18): tests: fix encoding of IP addresses in x509 certs tests: improve error message when saving TLS PSK file fails tests: support QTEST_TRACE env variable tests: print newline after QMP response in qtest logs tests: add more helper macros for creating TLS x509 certs crypto: mandate a hostname when checking x509 creds on a client migration: fix use of TLS PSK credentials with a UNIX socket tests: merge code for UNIX and TCP migration pre-copy tests tests: introduce ability to provide hooks for migration precopy test tests: switch migration FD passing test to use common precopy helper tests: expand the migration precopy helper to support failures tests: add migration tests of TLS with PSK credentials tests: add migration tests of TLS with x509 credentials tests: convert XBZRLE migration test to use common helper tests: convert multifd migration tests to use common helper tests: add multifd migration tests of TLS with PSK credentials tests: add multifd migration tests of TLS with x509 credentials tests: ensure migration status isn't reported as failed crypto/tlssession.c | 6 + meson.build | 1 + migration/tls.c | 4 - tests/qtest/libqtest.c | 11 +- tests/qtest/meson.build | 12 +- tests/qtest/migration-helpers.c | 13 + tests/qtest/migration-helpers.h | 1 + tests/qtest/migration-test.c | 1041 +++++++++++++++++++++----- tests/unit/crypto-tls-psk-helpers.c | 20 +- tests/unit/crypto-tls-psk-helpers.h | 1 + tests/unit/crypto-tls-x509-helpers.c | 16 +- tests/unit/crypto-tls-x509-helpers.h | 53 ++ tests/unit/test-crypto-tlssession.c | 11 +- 13 files changed, 1004 insertions(+), 186 deletions(-)