tests/qemu-iotests: validate NBD TLS with UNIX sockets and PSK

This validates that connections to an NBD server running on a UNIX socket can use TLS with pre-shared keys (PSK). Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Message-Id: <20220304193610.3293146-13-berrange@redhat.com> [eblake: squash in rebase fix] Tested-by: Eric Blake <eblake@redhat.com> Signed-off-by: Eric Blake <eblake@redhat.com>
2025-08-04 00:03:54 -06:00 · 2022-03-04 19:36:10 +00:00 · 2022-03-04 19:36:10 +00:00 · 10cc95c38f
commit 10cc95c38f
parent f0620835c5
3 changed files with 70 additions and 0 deletions
--- a/tests/qemu-iotests/common.tls
+++ b/tests/qemu-iotests/common.tls
@ -24,6 +24,7 @@ tls_x509_cleanup()
 {
    rm -f "${tls_dir}"/*.pem
    rm -f "${tls_dir}"/*/*.pem
+    rm -f "${tls_dir}"/*/*.psk
    rmdir "${tls_dir}"/*
    rmdir "${tls_dir}"
 }
@ -40,6 +41,18 @@ tls_certtool()
    rm -f "${tls_dir}"/certtool.log
 }

+tls_psktool()
+{
+    psktool "$@" 1>"${tls_dir}"/psktool.log 2>&1
+    if test "$?" = 0; then
+      head -1 "${tls_dir}"/psktool.log
+    else
+      cat "${tls_dir}"/psktool.log
+    fi
+    rm -f "${tls_dir}"/psktool.log
+}
+
+
 tls_x509_init()
 {
    (certtool --help) >/dev/null 2>&1 || \
@ -176,3 +189,14 @@ EOF

    rm -f "${tls_dir}/cert.info"
 }
+
+tls_psk_create_creds()
+{
+    name=$1
+
+    mkdir -p "${tls_dir}/$name"
+
+    tls_psktool \
+	--pskfile "${tls_dir}/$name/keys.psk" \
+	--username "$name"
+}