tls.c 83 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609161016111612161316141615161616171618161916201621162216231624162516261627162816291630163116321633163416351636163716381639164016411642164316441645164616471648164916501651165216531654165516561657165816591660166116621663166416651666166716681669167016711672167316741675167616771678167916801681168216831684168516861687168816891690169116921693169416951696169716981699170017011702170317041705170617071708170917101711171217131714171517161717171817191720172117221723172417251726172717281729173017311732173317341735173617371738173917401741174217431744174517461747174817491750175117521753175417551756175717581759176017611762176317641765176617671768176917701771177217731774177517761777177817791780178117821783178417851786178717881789179017911792179317941795179617971798179918001801180218031804180518061807180818091810181118121813181418151816181718181819182018211822182318241825182618271828182918301831183218331834183518361837183818391840184118421843184418451846184718481849185018511852185318541855185618571858185918601861186218631864186518661867186818691870187118721873187418751876187718781879188018811882188318841885188618871888188918901891189218931894189518961897189818991900190119021903190419051906190719081909191019111912191319141915191619171918191919201921192219231924192519261927192819291930193119321933193419351936193719381939194019411942194319441945194619471948194919501951195219531954195519561957195819591960196119621963196419651966196719681969197019711972197319741975197619771978197919801981198219831984198519861987198819891990199119921993199419951996199719981999200020012002200320042005200620072008200920102011201220132014201520162017201820192020202120222023202420252026202720282029203020312032203320342035203620372038203920402041204220432044204520462047204820492050205120522053205420552056205720582059206020612062206320642065206620672068206920702071207220732074207520762077207820792080208120822083208420852086208720882089209020912092209320942095209620972098209921002101210221032104210521062107210821092110211121122113211421152116211721182119212021212122212321242125212621272128212921302131213221332134213521362137213821392140214121422143214421452146214721482149215021512152215321542155215621572158215921602161216221632164216521662167216821692170217121722173217421752176217721782179218021812182218321842185218621872188218921902191219221932194219521962197219821992200220122022203220422052206220722082209221022112212221322142215221622172218221922202221222222232224222522262227222822292230223122322233223422352236223722382239224022412242224322442245224622472248224922502251225222532254225522562257225822592260226122622263226422652266226722682269227022712272227322742275227622772278227922802281228222832284228522862287228822892290229122922293229422952296229722982299230023012302230323042305230623072308230923102311231223132314231523162317231823192320232123222323232423252326232723282329233023312332233323342335233623372338233923402341234223432344234523462347234823492350235123522353235423552356235723582359236023612362236323642365236623672368236923702371237223732374237523762377237823792380238123822383238423852386238723882389239023912392239323942395239623972398239924002401240224032404240524062407240824092410241124122413241424152416241724182419242024212422242324242425242624272428242924302431243224332434243524362437243824392440244124422443244424452446244724482449245024512452245324542455245624572458245924602461246224632464246524662467246824692470247124722473247424752476247724782479248024812482248324842485248624872488248924902491249224932494249524962497249824992500250125022503250425052506250725082509251025112512251325142515251625172518251925202521252225232524252525262527252825292530253125322533253425352536253725382539254025412542254325442545254625472548254925502551255225532554255525562557255825592560256125622563256425652566256725682569257025712572257325742575257625772578257925802581258225832584258525862587258825892590259125922593259425952596259725982599260026012602260326042605260626072608260926102611261226132614261526162617261826192620262126222623262426252626262726282629263026312632263326342635263626372638263926402641264226432644264526462647264826492650265126522653265426552656265726582659266026612662266326642665266626672668266926702671267226732674267526762677267826792680268126822683268426852686268726882689269026912692269326942695269626972698269927002701270227032704270527062707270827092710271127122713271427152716271727182719272027212722272327242725272627272728272927302731273227332734273527362737273827392740274127422743274427452746274727482749275027512752275327542755275627572758275927602761276227632764276527662767276827692770277127722773277427752776277727782779278027812782278327842785278627872788278927902791279227932794279527962797279827992800280128022803280428052806280728082809281028112812281328142815281628172818281928202821282228232824282528262827282828292830283128322833283428352836283728382839284028412842284328442845284628472848284928502851285228532854285528562857285828592860286128622863286428652866286728682869287028712872287328742875287628772878287928802881288228832884288528862887288828892890289128922893289428952896289728982899290029012902290329042905290629072908290929102911291229132914291529162917291829192920292129222923292429252926292729282929293029312932293329342935293629372938293929402941294229432944294529462947294829492950295129522953295429552956295729582959296029612962296329642965296629672968296929702971297229732974297529762977297829792980298129822983298429852986298729882989299029912992299329942995299629972998299930003001300230033004300530063007300830093010301130123013301430153016301730183019302030213022302330243025302630273028302930303031303230333034303530363037303830393040304130423043304430453046304730483049305030513052305330543055305630573058305930603061306230633064306530663067306830693070307130723073307430753076307730783079308030813082308330843085308630873088308930903091309230933094309530963097309830993100310131023103310431053106310731083109311031113112311331143115311631173118311931203121312231233124312531263127312831293130313131323133313431353136313731383139314031413142314331443145314631473148314931503151315231533154315531563157315831593160316131623163316431653166316731683169317031713172317331743175317631773178317931803181318231833184318531863187318831893190319131923193319431953196319731983199320032013202320332043205320632073208320932103211321232133214321532163217321832193220322132223223322432253226322732283229323032313232323332343235323632373238323932403241324232433244324532463247324832493250325132523253325432553256325732583259326032613262326332643265326632673268326932703271327232733274327532763277327832793280328132823283328432853286328732883289329032913292329332943295329632973298329933003301330233033304330533063307330833093310
  1. // SPDX-License-Identifier: GPL-2.0
  2. #define _GNU_SOURCE
  3. #include <arpa/inet.h>
  4. #include <errno.h>
  5. #include <error.h>
  6. #include <fcntl.h>
  7. #include <poll.h>
  8. #include <stdio.h>
  9. #include <stdlib.h>
  10. #include <unistd.h>
  11. #include <linux/tls.h>
  12. #include <linux/tcp.h>
  13. #include <linux/socket.h>
  14. #include <sys/epoll.h>
  15. #include <sys/types.h>
  16. #include <sys/sendfile.h>
  17. #include <sys/socket.h>
  18. #include <sys/stat.h>
  19. #include "kselftest_harness.h"
  20. #define TLS_PAYLOAD_MAX_LEN 16384
  21. #define SOL_TLS 282
  22. static int fips_enabled;
  23. struct tls_crypto_info_keys {
  24. union {
  25. struct tls_crypto_info crypto_info;
  26. struct tls12_crypto_info_aes_gcm_128 aes128;
  27. struct tls12_crypto_info_chacha20_poly1305 chacha20;
  28. struct tls12_crypto_info_sm4_gcm sm4gcm;
  29. struct tls12_crypto_info_sm4_ccm sm4ccm;
  30. struct tls12_crypto_info_aes_ccm_128 aesccm128;
  31. struct tls12_crypto_info_aes_gcm_256 aesgcm256;
  32. struct tls12_crypto_info_aria_gcm_128 ariagcm128;
  33. struct tls12_crypto_info_aria_gcm_256 ariagcm256;
  34. };
  35. size_t len;
  36. };
  37. static void tls_crypto_info_init(uint16_t tls_version, uint16_t cipher_type,
  38. struct tls_crypto_info_keys *tls12,
  39. char key_generation)
  40. {
  41. memset(tls12, key_generation, sizeof(*tls12));
  42. memset(tls12, 0, sizeof(struct tls_crypto_info));
  43. switch (cipher_type) {
  44. case TLS_CIPHER_CHACHA20_POLY1305:
  45. tls12->len = sizeof(struct tls12_crypto_info_chacha20_poly1305);
  46. tls12->chacha20.info.version = tls_version;
  47. tls12->chacha20.info.cipher_type = cipher_type;
  48. break;
  49. case TLS_CIPHER_AES_GCM_128:
  50. tls12->len = sizeof(struct tls12_crypto_info_aes_gcm_128);
  51. tls12->aes128.info.version = tls_version;
  52. tls12->aes128.info.cipher_type = cipher_type;
  53. break;
  54. case TLS_CIPHER_SM4_GCM:
  55. tls12->len = sizeof(struct tls12_crypto_info_sm4_gcm);
  56. tls12->sm4gcm.info.version = tls_version;
  57. tls12->sm4gcm.info.cipher_type = cipher_type;
  58. break;
  59. case TLS_CIPHER_SM4_CCM:
  60. tls12->len = sizeof(struct tls12_crypto_info_sm4_ccm);
  61. tls12->sm4ccm.info.version = tls_version;
  62. tls12->sm4ccm.info.cipher_type = cipher_type;
  63. break;
  64. case TLS_CIPHER_AES_CCM_128:
  65. tls12->len = sizeof(struct tls12_crypto_info_aes_ccm_128);
  66. tls12->aesccm128.info.version = tls_version;
  67. tls12->aesccm128.info.cipher_type = cipher_type;
  68. break;
  69. case TLS_CIPHER_AES_GCM_256:
  70. tls12->len = sizeof(struct tls12_crypto_info_aes_gcm_256);
  71. tls12->aesgcm256.info.version = tls_version;
  72. tls12->aesgcm256.info.cipher_type = cipher_type;
  73. break;
  74. case TLS_CIPHER_ARIA_GCM_128:
  75. tls12->len = sizeof(struct tls12_crypto_info_aria_gcm_128);
  76. tls12->ariagcm128.info.version = tls_version;
  77. tls12->ariagcm128.info.cipher_type = cipher_type;
  78. break;
  79. case TLS_CIPHER_ARIA_GCM_256:
  80. tls12->len = sizeof(struct tls12_crypto_info_aria_gcm_256);
  81. tls12->ariagcm256.info.version = tls_version;
  82. tls12->ariagcm256.info.cipher_type = cipher_type;
  83. break;
  84. default:
  85. break;
  86. }
  87. }
  88. static void memrnd(void *s, size_t n)
  89. {
  90. int *dword = s;
  91. char *byte;
  92. for (; n >= 4; n -= 4)
  93. *dword++ = rand();
  94. byte = (void *)dword;
  95. while (n--)
  96. *byte++ = rand();
  97. }
  98. static void ulp_sock_pair(struct __test_metadata *_metadata,
  99. int *fd, int *cfd, bool *notls)
  100. {
  101. struct sockaddr_in addr;
  102. socklen_t len;
  103. int sfd, ret;
  104. *notls = false;
  105. len = sizeof(addr);
  106. addr.sin_family = AF_INET;
  107. addr.sin_addr.s_addr = htonl(INADDR_ANY);
  108. addr.sin_port = 0;
  109. *fd = socket(AF_INET, SOCK_STREAM, 0);
  110. sfd = socket(AF_INET, SOCK_STREAM, 0);
  111. ret = bind(sfd, &addr, sizeof(addr));
  112. ASSERT_EQ(ret, 0);
  113. ret = listen(sfd, 10);
  114. ASSERT_EQ(ret, 0);
  115. ret = getsockname(sfd, &addr, &len);
  116. ASSERT_EQ(ret, 0);
  117. ret = connect(*fd, &addr, sizeof(addr));
  118. ASSERT_EQ(ret, 0);
  119. *cfd = accept(sfd, &addr, &len);
  120. ASSERT_GE(*cfd, 0);
  121. close(sfd);
  122. ret = setsockopt(*fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls"));
  123. if (ret != 0) {
  124. ASSERT_EQ(errno, ENOENT);
  125. *notls = true;
  126. printf("Failure setting TCP_ULP, testing without tls\n");
  127. return;
  128. }
  129. ret = setsockopt(*cfd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls"));
  130. ASSERT_EQ(ret, 0);
  131. }
  132. /* Produce a basic cmsg */
  133. static int tls_send_cmsg(int fd, unsigned char record_type,
  134. void *data, size_t len, int flags)
  135. {
  136. char cbuf[CMSG_SPACE(sizeof(char))];
  137. int cmsg_len = sizeof(char);
  138. struct cmsghdr *cmsg;
  139. struct msghdr msg;
  140. struct iovec vec;
  141. vec.iov_base = data;
  142. vec.iov_len = len;
  143. memset(&msg, 0, sizeof(struct msghdr));
  144. msg.msg_iov = &vec;
  145. msg.msg_iovlen = 1;
  146. msg.msg_control = cbuf;
  147. msg.msg_controllen = sizeof(cbuf);
  148. cmsg = CMSG_FIRSTHDR(&msg);
  149. cmsg->cmsg_level = SOL_TLS;
  150. /* test sending non-record types. */
  151. cmsg->cmsg_type = TLS_SET_RECORD_TYPE;
  152. cmsg->cmsg_len = CMSG_LEN(cmsg_len);
  153. *CMSG_DATA(cmsg) = record_type;
  154. msg.msg_controllen = cmsg->cmsg_len;
  155. return sendmsg(fd, &msg, flags);
  156. }
  157. static int __tls_recv_cmsg(struct __test_metadata *_metadata,
  158. int fd, unsigned char *ctype,
  159. void *data, size_t len, int flags)
  160. {
  161. char cbuf[CMSG_SPACE(sizeof(char))];
  162. struct cmsghdr *cmsg;
  163. struct msghdr msg;
  164. struct iovec vec;
  165. int n;
  166. vec.iov_base = data;
  167. vec.iov_len = len;
  168. memset(&msg, 0, sizeof(struct msghdr));
  169. msg.msg_iov = &vec;
  170. msg.msg_iovlen = 1;
  171. msg.msg_control = cbuf;
  172. msg.msg_controllen = sizeof(cbuf);
  173. n = recvmsg(fd, &msg, flags);
  174. cmsg = CMSG_FIRSTHDR(&msg);
  175. EXPECT_NE(cmsg, NULL);
  176. EXPECT_EQ(cmsg->cmsg_level, SOL_TLS);
  177. EXPECT_EQ(cmsg->cmsg_type, TLS_GET_RECORD_TYPE);
  178. if (ctype)
  179. *ctype = *((unsigned char *)CMSG_DATA(cmsg));
  180. return n;
  181. }
  182. static int tls_recv_cmsg(struct __test_metadata *_metadata,
  183. int fd, unsigned char record_type,
  184. void *data, size_t len, int flags)
  185. {
  186. unsigned char ctype;
  187. int n;
  188. n = __tls_recv_cmsg(_metadata, fd, &ctype, data, len, flags);
  189. EXPECT_EQ(ctype, record_type);
  190. return n;
  191. }
  192. FIXTURE(tls_basic)
  193. {
  194. int fd, cfd;
  195. bool notls;
  196. };
  197. FIXTURE_SETUP(tls_basic)
  198. {
  199. ulp_sock_pair(_metadata, &self->fd, &self->cfd, &self->notls);
  200. }
  201. FIXTURE_TEARDOWN(tls_basic)
  202. {
  203. close(self->fd);
  204. close(self->cfd);
  205. }
  206. /* Send some data through with ULP but no keys */
  207. TEST_F(tls_basic, base_base)
  208. {
  209. char const *test_str = "test_read";
  210. int send_len = 10;
  211. char buf[10];
  212. ASSERT_EQ(strlen(test_str) + 1, send_len);
  213. EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
  214. EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1);
  215. EXPECT_EQ(memcmp(buf, test_str, send_len), 0);
  216. };
  217. TEST_F(tls_basic, bad_cipher)
  218. {
  219. struct tls_crypto_info_keys tls12;
  220. tls12.crypto_info.version = 200;
  221. tls12.crypto_info.cipher_type = TLS_CIPHER_AES_GCM_128;
  222. EXPECT_EQ(setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, sizeof(struct tls12_crypto_info_aes_gcm_128)), -1);
  223. tls12.crypto_info.version = TLS_1_2_VERSION;
  224. tls12.crypto_info.cipher_type = 50;
  225. EXPECT_EQ(setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, sizeof(struct tls12_crypto_info_aes_gcm_128)), -1);
  226. tls12.crypto_info.version = TLS_1_2_VERSION;
  227. tls12.crypto_info.cipher_type = 59;
  228. EXPECT_EQ(setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, sizeof(struct tls12_crypto_info_aes_gcm_128)), -1);
  229. tls12.crypto_info.version = TLS_1_2_VERSION;
  230. tls12.crypto_info.cipher_type = 10;
  231. EXPECT_EQ(setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, sizeof(struct tls12_crypto_info_aes_gcm_128)), -1);
  232. tls12.crypto_info.version = TLS_1_2_VERSION;
  233. tls12.crypto_info.cipher_type = 70;
  234. EXPECT_EQ(setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, sizeof(struct tls12_crypto_info_aes_gcm_128)), -1);
  235. }
  236. TEST_F(tls_basic, recseq_wrap)
  237. {
  238. struct tls_crypto_info_keys tls12;
  239. char const *test_str = "test_read";
  240. int send_len = 10;
  241. if (self->notls)
  242. SKIP(return, "no TLS support");
  243. tls_crypto_info_init(TLS_1_2_VERSION, TLS_CIPHER_AES_GCM_128, &tls12, 0);
  244. memset(&tls12.aes128.rec_seq, 0xff, sizeof(tls12.aes128.rec_seq));
  245. ASSERT_EQ(setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, tls12.len), 0);
  246. ASSERT_EQ(setsockopt(self->cfd, SOL_TLS, TLS_RX, &tls12, tls12.len), 0);
  247. EXPECT_EQ(send(self->fd, test_str, send_len, 0), -1);
  248. EXPECT_EQ(errno, EBADMSG);
  249. }
  250. FIXTURE(tls)
  251. {
  252. int fd, cfd;
  253. bool notls;
  254. };
  255. FIXTURE_VARIANT(tls)
  256. {
  257. uint16_t tls_version;
  258. uint16_t cipher_type;
  259. bool nopad, fips_non_compliant;
  260. };
  261. FIXTURE_VARIANT_ADD(tls, 12_aes_gcm)
  262. {
  263. .tls_version = TLS_1_2_VERSION,
  264. .cipher_type = TLS_CIPHER_AES_GCM_128,
  265. };
  266. FIXTURE_VARIANT_ADD(tls, 13_aes_gcm)
  267. {
  268. .tls_version = TLS_1_3_VERSION,
  269. .cipher_type = TLS_CIPHER_AES_GCM_128,
  270. };
  271. FIXTURE_VARIANT_ADD(tls, 12_chacha)
  272. {
  273. .tls_version = TLS_1_2_VERSION,
  274. .cipher_type = TLS_CIPHER_CHACHA20_POLY1305,
  275. .fips_non_compliant = true,
  276. };
  277. FIXTURE_VARIANT_ADD(tls, 13_chacha)
  278. {
  279. .tls_version = TLS_1_3_VERSION,
  280. .cipher_type = TLS_CIPHER_CHACHA20_POLY1305,
  281. .fips_non_compliant = true,
  282. };
  283. FIXTURE_VARIANT_ADD(tls, 13_sm4_gcm)
  284. {
  285. .tls_version = TLS_1_3_VERSION,
  286. .cipher_type = TLS_CIPHER_SM4_GCM,
  287. .fips_non_compliant = true,
  288. };
  289. FIXTURE_VARIANT_ADD(tls, 13_sm4_ccm)
  290. {
  291. .tls_version = TLS_1_3_VERSION,
  292. .cipher_type = TLS_CIPHER_SM4_CCM,
  293. .fips_non_compliant = true,
  294. };
  295. FIXTURE_VARIANT_ADD(tls, 12_aes_ccm)
  296. {
  297. .tls_version = TLS_1_2_VERSION,
  298. .cipher_type = TLS_CIPHER_AES_CCM_128,
  299. };
  300. FIXTURE_VARIANT_ADD(tls, 13_aes_ccm)
  301. {
  302. .tls_version = TLS_1_3_VERSION,
  303. .cipher_type = TLS_CIPHER_AES_CCM_128,
  304. };
  305. FIXTURE_VARIANT_ADD(tls, 12_aes_gcm_256)
  306. {
  307. .tls_version = TLS_1_2_VERSION,
  308. .cipher_type = TLS_CIPHER_AES_GCM_256,
  309. };
  310. FIXTURE_VARIANT_ADD(tls, 13_aes_gcm_256)
  311. {
  312. .tls_version = TLS_1_3_VERSION,
  313. .cipher_type = TLS_CIPHER_AES_GCM_256,
  314. };
  315. FIXTURE_VARIANT_ADD(tls, 13_nopad)
  316. {
  317. .tls_version = TLS_1_3_VERSION,
  318. .cipher_type = TLS_CIPHER_AES_GCM_128,
  319. .nopad = true,
  320. };
  321. FIXTURE_VARIANT_ADD(tls, 12_aria_gcm)
  322. {
  323. .tls_version = TLS_1_2_VERSION,
  324. .cipher_type = TLS_CIPHER_ARIA_GCM_128,
  325. };
  326. FIXTURE_VARIANT_ADD(tls, 12_aria_gcm_256)
  327. {
  328. .tls_version = TLS_1_2_VERSION,
  329. .cipher_type = TLS_CIPHER_ARIA_GCM_256,
  330. };
  331. FIXTURE_SETUP(tls)
  332. {
  333. struct tls_crypto_info_keys tls12;
  334. int one = 1;
  335. int ret;
  336. if (fips_enabled && variant->fips_non_compliant)
  337. SKIP(return, "Unsupported cipher in FIPS mode");
  338. tls_crypto_info_init(variant->tls_version, variant->cipher_type,
  339. &tls12, 0);
  340. ulp_sock_pair(_metadata, &self->fd, &self->cfd, &self->notls);
  341. if (self->notls)
  342. return;
  343. ret = setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, tls12.len);
  344. ASSERT_EQ(ret, 0);
  345. ret = setsockopt(self->cfd, SOL_TLS, TLS_RX, &tls12, tls12.len);
  346. ASSERT_EQ(ret, 0);
  347. if (variant->nopad) {
  348. ret = setsockopt(self->cfd, SOL_TLS, TLS_RX_EXPECT_NO_PAD,
  349. (void *)&one, sizeof(one));
  350. ASSERT_EQ(ret, 0);
  351. }
  352. }
  353. FIXTURE_TEARDOWN(tls)
  354. {
  355. close(self->fd);
  356. close(self->cfd);
  357. }
  358. TEST_F(tls, sendfile)
  359. {
  360. int filefd = open("/proc/self/exe", O_RDONLY);
  361. struct stat st;
  362. EXPECT_GE(filefd, 0);
  363. fstat(filefd, &st);
  364. EXPECT_GE(sendfile(self->fd, filefd, 0, st.st_size), 0);
  365. close(filefd);
  366. }
  367. TEST_F(tls, send_then_sendfile)
  368. {
  369. int filefd = open("/proc/self/exe", O_RDONLY);
  370. char const *test_str = "test_send";
  371. int to_send = strlen(test_str) + 1;
  372. char recv_buf[10];
  373. struct stat st;
  374. char *buf;
  375. EXPECT_GE(filefd, 0);
  376. fstat(filefd, &st);
  377. buf = (char *)malloc(st.st_size);
  378. EXPECT_EQ(send(self->fd, test_str, to_send, 0), to_send);
  379. EXPECT_EQ(recv(self->cfd, recv_buf, to_send, MSG_WAITALL), to_send);
  380. EXPECT_EQ(memcmp(test_str, recv_buf, to_send), 0);
  381. EXPECT_GE(sendfile(self->fd, filefd, 0, st.st_size), 0);
  382. EXPECT_EQ(recv(self->cfd, buf, st.st_size, MSG_WAITALL), st.st_size);
  383. free(buf);
  384. close(filefd);
  385. }
  386. static void chunked_sendfile(struct __test_metadata *_metadata,
  387. struct _test_data_tls *self,
  388. uint16_t chunk_size,
  389. uint16_t extra_payload_size)
  390. {
  391. char buf[TLS_PAYLOAD_MAX_LEN];
  392. uint16_t test_payload_size;
  393. int size = 0;
  394. int ret;
  395. char filename[] = "/tmp/mytemp.XXXXXX";
  396. int fd = mkstemp(filename);
  397. off_t offset = 0;
  398. unlink(filename);
  399. ASSERT_GE(fd, 0);
  400. EXPECT_GE(chunk_size, 1);
  401. test_payload_size = chunk_size + extra_payload_size;
  402. ASSERT_GE(TLS_PAYLOAD_MAX_LEN, test_payload_size);
  403. memset(buf, 1, test_payload_size);
  404. size = write(fd, buf, test_payload_size);
  405. EXPECT_EQ(size, test_payload_size);
  406. fsync(fd);
  407. while (size > 0) {
  408. ret = sendfile(self->fd, fd, &offset, chunk_size);
  409. EXPECT_GE(ret, 0);
  410. size -= ret;
  411. }
  412. EXPECT_EQ(recv(self->cfd, buf, test_payload_size, MSG_WAITALL),
  413. test_payload_size);
  414. close(fd);
  415. }
  416. TEST_F(tls, multi_chunk_sendfile)
  417. {
  418. chunked_sendfile(_metadata, self, 4096, 4096);
  419. chunked_sendfile(_metadata, self, 4096, 0);
  420. chunked_sendfile(_metadata, self, 4096, 1);
  421. chunked_sendfile(_metadata, self, 4096, 2048);
  422. chunked_sendfile(_metadata, self, 8192, 2048);
  423. chunked_sendfile(_metadata, self, 4096, 8192);
  424. chunked_sendfile(_metadata, self, 8192, 4096);
  425. chunked_sendfile(_metadata, self, 12288, 1024);
  426. chunked_sendfile(_metadata, self, 12288, 2000);
  427. chunked_sendfile(_metadata, self, 15360, 100);
  428. chunked_sendfile(_metadata, self, 15360, 300);
  429. chunked_sendfile(_metadata, self, 1, 4096);
  430. chunked_sendfile(_metadata, self, 2048, 4096);
  431. chunked_sendfile(_metadata, self, 2048, 8192);
  432. chunked_sendfile(_metadata, self, 4096, 8192);
  433. chunked_sendfile(_metadata, self, 1024, 12288);
  434. chunked_sendfile(_metadata, self, 2000, 12288);
  435. chunked_sendfile(_metadata, self, 100, 15360);
  436. chunked_sendfile(_metadata, self, 300, 15360);
  437. }
  438. TEST_F(tls, recv_max)
  439. {
  440. unsigned int send_len = TLS_PAYLOAD_MAX_LEN;
  441. char recv_mem[TLS_PAYLOAD_MAX_LEN];
  442. char buf[TLS_PAYLOAD_MAX_LEN];
  443. memrnd(buf, sizeof(buf));
  444. EXPECT_GE(send(self->fd, buf, send_len, 0), 0);
  445. EXPECT_NE(recv(self->cfd, recv_mem, send_len, 0), -1);
  446. EXPECT_EQ(memcmp(buf, recv_mem, send_len), 0);
  447. }
  448. TEST_F(tls, recv_small)
  449. {
  450. char const *test_str = "test_read";
  451. int send_len = 10;
  452. char buf[10];
  453. send_len = strlen(test_str) + 1;
  454. EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
  455. EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1);
  456. EXPECT_EQ(memcmp(buf, test_str, send_len), 0);
  457. }
  458. TEST_F(tls, msg_more)
  459. {
  460. char const *test_str = "test_read";
  461. int send_len = 10;
  462. char buf[10 * 2];
  463. EXPECT_EQ(send(self->fd, test_str, send_len, MSG_MORE), send_len);
  464. EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_DONTWAIT), -1);
  465. EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
  466. EXPECT_EQ(recv(self->cfd, buf, send_len * 2, MSG_WAITALL),
  467. send_len * 2);
  468. EXPECT_EQ(memcmp(buf, test_str, send_len), 0);
  469. }
  470. TEST_F(tls, cmsg_msg_more)
  471. {
  472. char *test_str = "test_read";
  473. char record_type = 100;
  474. int send_len = 10;
  475. /* we don't allow MSG_MORE with non-DATA records */
  476. EXPECT_EQ(tls_send_cmsg(self->fd, record_type, test_str, send_len,
  477. MSG_MORE), -1);
  478. EXPECT_EQ(errno, EINVAL);
  479. }
  480. TEST_F(tls, msg_more_then_cmsg)
  481. {
  482. char *test_str = "test_read";
  483. char record_type = 100;
  484. int send_len = 10;
  485. char buf[10 * 2];
  486. int ret;
  487. EXPECT_EQ(send(self->fd, test_str, send_len, MSG_MORE), send_len);
  488. EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_DONTWAIT), -1);
  489. ret = tls_send_cmsg(self->fd, record_type, test_str, send_len, 0);
  490. EXPECT_EQ(ret, send_len);
  491. /* initial DATA record didn't get merged with the non-DATA record */
  492. EXPECT_EQ(recv(self->cfd, buf, send_len * 2, 0), send_len);
  493. EXPECT_EQ(tls_recv_cmsg(_metadata, self->cfd, record_type,
  494. buf, sizeof(buf), MSG_WAITALL),
  495. send_len);
  496. }
  497. TEST_F(tls, msg_more_unsent)
  498. {
  499. char const *test_str = "test_read";
  500. int send_len = 10;
  501. char buf[10];
  502. EXPECT_EQ(send(self->fd, test_str, send_len, MSG_MORE), send_len);
  503. EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_DONTWAIT), -1);
  504. }
  505. TEST_F(tls, msg_eor)
  506. {
  507. char const *test_str = "test_read";
  508. int send_len = 10;
  509. char buf[10];
  510. EXPECT_EQ(send(self->fd, test_str, send_len, MSG_EOR), send_len);
  511. EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_WAITALL), send_len);
  512. EXPECT_EQ(memcmp(buf, test_str, send_len), 0);
  513. }
  514. TEST_F(tls, sendmsg_single)
  515. {
  516. struct msghdr msg;
  517. char const *test_str = "test_sendmsg";
  518. size_t send_len = 13;
  519. struct iovec vec;
  520. char buf[13];
  521. vec.iov_base = (char *)test_str;
  522. vec.iov_len = send_len;
  523. memset(&msg, 0, sizeof(struct msghdr));
  524. msg.msg_iov = &vec;
  525. msg.msg_iovlen = 1;
  526. EXPECT_EQ(sendmsg(self->fd, &msg, 0), send_len);
  527. EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_WAITALL), send_len);
  528. EXPECT_EQ(memcmp(buf, test_str, send_len), 0);
  529. }
  530. #define MAX_FRAGS 64
  531. #define SEND_LEN 13
  532. TEST_F(tls, sendmsg_fragmented)
  533. {
  534. char const *test_str = "test_sendmsg";
  535. char buf[SEND_LEN * MAX_FRAGS];
  536. struct iovec vec[MAX_FRAGS];
  537. struct msghdr msg;
  538. int i, frags;
  539. for (frags = 1; frags <= MAX_FRAGS; frags++) {
  540. for (i = 0; i < frags; i++) {
  541. vec[i].iov_base = (char *)test_str;
  542. vec[i].iov_len = SEND_LEN;
  543. }
  544. memset(&msg, 0, sizeof(struct msghdr));
  545. msg.msg_iov = vec;
  546. msg.msg_iovlen = frags;
  547. EXPECT_EQ(sendmsg(self->fd, &msg, 0), SEND_LEN * frags);
  548. EXPECT_EQ(recv(self->cfd, buf, SEND_LEN * frags, MSG_WAITALL),
  549. SEND_LEN * frags);
  550. for (i = 0; i < frags; i++)
  551. EXPECT_EQ(memcmp(buf + SEND_LEN * i,
  552. test_str, SEND_LEN), 0);
  553. }
  554. }
  555. #undef MAX_FRAGS
  556. #undef SEND_LEN
  557. TEST_F(tls, sendmsg_large)
  558. {
  559. void *mem = malloc(16384);
  560. size_t send_len = 16384;
  561. size_t sends = 128;
  562. struct msghdr msg;
  563. size_t recvs = 0;
  564. size_t sent = 0;
  565. memset(&msg, 0, sizeof(struct msghdr));
  566. while (sent++ < sends) {
  567. struct iovec vec = { (void *)mem, send_len };
  568. msg.msg_iov = &vec;
  569. msg.msg_iovlen = 1;
  570. EXPECT_EQ(sendmsg(self->fd, &msg, 0), send_len);
  571. }
  572. while (recvs++ < sends) {
  573. EXPECT_NE(recv(self->cfd, mem, send_len, 0), -1);
  574. }
  575. free(mem);
  576. }
  577. TEST_F(tls, sendmsg_multiple)
  578. {
  579. char const *test_str = "test_sendmsg_multiple";
  580. struct iovec vec[5];
  581. char *test_strs[5];
  582. struct msghdr msg;
  583. int total_len = 0;
  584. int len_cmp = 0;
  585. int iov_len = 5;
  586. char *buf;
  587. int i;
  588. memset(&msg, 0, sizeof(struct msghdr));
  589. for (i = 0; i < iov_len; i++) {
  590. test_strs[i] = (char *)malloc(strlen(test_str) + 1);
  591. snprintf(test_strs[i], strlen(test_str) + 1, "%s", test_str);
  592. vec[i].iov_base = (void *)test_strs[i];
  593. vec[i].iov_len = strlen(test_strs[i]) + 1;
  594. total_len += vec[i].iov_len;
  595. }
  596. msg.msg_iov = vec;
  597. msg.msg_iovlen = iov_len;
  598. EXPECT_EQ(sendmsg(self->fd, &msg, 0), total_len);
  599. buf = malloc(total_len);
  600. EXPECT_NE(recv(self->cfd, buf, total_len, 0), -1);
  601. for (i = 0; i < iov_len; i++) {
  602. EXPECT_EQ(memcmp(test_strs[i], buf + len_cmp,
  603. strlen(test_strs[i])),
  604. 0);
  605. len_cmp += strlen(buf + len_cmp) + 1;
  606. }
  607. for (i = 0; i < iov_len; i++)
  608. free(test_strs[i]);
  609. free(buf);
  610. }
  611. TEST_F(tls, sendmsg_multiple_stress)
  612. {
  613. char const *test_str = "abcdefghijklmno";
  614. struct iovec vec[1024];
  615. char *test_strs[1024];
  616. int iov_len = 1024;
  617. int total_len = 0;
  618. char buf[1 << 14];
  619. struct msghdr msg;
  620. int len_cmp = 0;
  621. int i;
  622. memset(&msg, 0, sizeof(struct msghdr));
  623. for (i = 0; i < iov_len; i++) {
  624. test_strs[i] = (char *)malloc(strlen(test_str) + 1);
  625. snprintf(test_strs[i], strlen(test_str) + 1, "%s", test_str);
  626. vec[i].iov_base = (void *)test_strs[i];
  627. vec[i].iov_len = strlen(test_strs[i]) + 1;
  628. total_len += vec[i].iov_len;
  629. }
  630. msg.msg_iov = vec;
  631. msg.msg_iovlen = iov_len;
  632. EXPECT_EQ(sendmsg(self->fd, &msg, 0), total_len);
  633. EXPECT_NE(recv(self->cfd, buf, total_len, 0), -1);
  634. for (i = 0; i < iov_len; i++)
  635. len_cmp += strlen(buf + len_cmp) + 1;
  636. for (i = 0; i < iov_len; i++)
  637. free(test_strs[i]);
  638. }
  639. TEST_F(tls, splice_from_pipe)
  640. {
  641. int send_len = TLS_PAYLOAD_MAX_LEN;
  642. char mem_send[TLS_PAYLOAD_MAX_LEN];
  643. char mem_recv[TLS_PAYLOAD_MAX_LEN];
  644. int p[2];
  645. ASSERT_GE(pipe(p), 0);
  646. EXPECT_GE(write(p[1], mem_send, send_len), 0);
  647. EXPECT_GE(splice(p[0], NULL, self->fd, NULL, send_len, 0), 0);
  648. EXPECT_EQ(recv(self->cfd, mem_recv, send_len, MSG_WAITALL), send_len);
  649. EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0);
  650. }
  651. TEST_F(tls, splice_more)
  652. {
  653. unsigned int f = SPLICE_F_NONBLOCK | SPLICE_F_MORE | SPLICE_F_GIFT;
  654. int send_len = TLS_PAYLOAD_MAX_LEN;
  655. char mem_send[TLS_PAYLOAD_MAX_LEN];
  656. int i, send_pipe = 1;
  657. int p[2];
  658. ASSERT_GE(pipe(p), 0);
  659. EXPECT_GE(write(p[1], mem_send, send_len), 0);
  660. for (i = 0; i < 32; i++)
  661. EXPECT_EQ(splice(p[0], NULL, self->fd, NULL, send_pipe, f), 1);
  662. }
  663. TEST_F(tls, splice_from_pipe2)
  664. {
  665. int send_len = 16000;
  666. char mem_send[16000];
  667. char mem_recv[16000];
  668. int p2[2];
  669. int p[2];
  670. memrnd(mem_send, sizeof(mem_send));
  671. ASSERT_GE(pipe(p), 0);
  672. ASSERT_GE(pipe(p2), 0);
  673. EXPECT_EQ(write(p[1], mem_send, 8000), 8000);
  674. EXPECT_EQ(splice(p[0], NULL, self->fd, NULL, 8000, 0), 8000);
  675. EXPECT_EQ(write(p2[1], mem_send + 8000, 8000), 8000);
  676. EXPECT_EQ(splice(p2[0], NULL, self->fd, NULL, 8000, 0), 8000);
  677. EXPECT_EQ(recv(self->cfd, mem_recv, send_len, MSG_WAITALL), send_len);
  678. EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0);
  679. }
  680. TEST_F(tls, send_and_splice)
  681. {
  682. int send_len = TLS_PAYLOAD_MAX_LEN;
  683. char mem_send[TLS_PAYLOAD_MAX_LEN];
  684. char mem_recv[TLS_PAYLOAD_MAX_LEN];
  685. char const *test_str = "test_read";
  686. int send_len2 = 10;
  687. char buf[10];
  688. int p[2];
  689. ASSERT_GE(pipe(p), 0);
  690. EXPECT_EQ(send(self->fd, test_str, send_len2, 0), send_len2);
  691. EXPECT_EQ(recv(self->cfd, buf, send_len2, MSG_WAITALL), send_len2);
  692. EXPECT_EQ(memcmp(test_str, buf, send_len2), 0);
  693. EXPECT_GE(write(p[1], mem_send, send_len), send_len);
  694. EXPECT_GE(splice(p[0], NULL, self->fd, NULL, send_len, 0), send_len);
  695. EXPECT_EQ(recv(self->cfd, mem_recv, send_len, MSG_WAITALL), send_len);
  696. EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0);
  697. }
  698. TEST_F(tls, splice_to_pipe)
  699. {
  700. int send_len = TLS_PAYLOAD_MAX_LEN;
  701. char mem_send[TLS_PAYLOAD_MAX_LEN];
  702. char mem_recv[TLS_PAYLOAD_MAX_LEN];
  703. int p[2];
  704. memrnd(mem_send, sizeof(mem_send));
  705. ASSERT_GE(pipe(p), 0);
  706. EXPECT_EQ(send(self->fd, mem_send, send_len, 0), send_len);
  707. EXPECT_EQ(splice(self->cfd, NULL, p[1], NULL, send_len, 0), send_len);
  708. EXPECT_EQ(read(p[0], mem_recv, send_len), send_len);
  709. EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0);
  710. }
  711. TEST_F(tls, splice_cmsg_to_pipe)
  712. {
  713. char *test_str = "test_read";
  714. char record_type = 100;
  715. int send_len = 10;
  716. char buf[10];
  717. int p[2];
  718. if (self->notls)
  719. SKIP(return, "no TLS support");
  720. ASSERT_GE(pipe(p), 0);
  721. EXPECT_EQ(tls_send_cmsg(self->fd, 100, test_str, send_len, 0), 10);
  722. EXPECT_EQ(splice(self->cfd, NULL, p[1], NULL, send_len, 0), -1);
  723. EXPECT_EQ(errno, EINVAL);
  724. EXPECT_EQ(recv(self->cfd, buf, send_len, 0), -1);
  725. EXPECT_EQ(errno, EIO);
  726. EXPECT_EQ(tls_recv_cmsg(_metadata, self->cfd, record_type,
  727. buf, sizeof(buf), MSG_WAITALL),
  728. send_len);
  729. EXPECT_EQ(memcmp(test_str, buf, send_len), 0);
  730. }
  731. TEST_F(tls, splice_dec_cmsg_to_pipe)
  732. {
  733. char *test_str = "test_read";
  734. char record_type = 100;
  735. int send_len = 10;
  736. char buf[10];
  737. int p[2];
  738. if (self->notls)
  739. SKIP(return, "no TLS support");
  740. ASSERT_GE(pipe(p), 0);
  741. EXPECT_EQ(tls_send_cmsg(self->fd, 100, test_str, send_len, 0), 10);
  742. EXPECT_EQ(recv(self->cfd, buf, send_len, 0), -1);
  743. EXPECT_EQ(errno, EIO);
  744. EXPECT_EQ(splice(self->cfd, NULL, p[1], NULL, send_len, 0), -1);
  745. EXPECT_EQ(errno, EINVAL);
  746. EXPECT_EQ(tls_recv_cmsg(_metadata, self->cfd, record_type,
  747. buf, sizeof(buf), MSG_WAITALL),
  748. send_len);
  749. EXPECT_EQ(memcmp(test_str, buf, send_len), 0);
  750. }
  751. TEST_F(tls, recv_and_splice)
  752. {
  753. int send_len = TLS_PAYLOAD_MAX_LEN;
  754. char mem_send[TLS_PAYLOAD_MAX_LEN];
  755. char mem_recv[TLS_PAYLOAD_MAX_LEN];
  756. int half = send_len / 2;
  757. int p[2];
  758. ASSERT_GE(pipe(p), 0);
  759. EXPECT_EQ(send(self->fd, mem_send, send_len, 0), send_len);
  760. /* Recv hald of the record, splice the other half */
  761. EXPECT_EQ(recv(self->cfd, mem_recv, half, MSG_WAITALL), half);
  762. EXPECT_EQ(splice(self->cfd, NULL, p[1], NULL, half, SPLICE_F_NONBLOCK),
  763. half);
  764. EXPECT_EQ(read(p[0], &mem_recv[half], half), half);
  765. EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0);
  766. }
  767. TEST_F(tls, peek_and_splice)
  768. {
  769. int send_len = TLS_PAYLOAD_MAX_LEN;
  770. char mem_send[TLS_PAYLOAD_MAX_LEN];
  771. char mem_recv[TLS_PAYLOAD_MAX_LEN];
  772. int chunk = TLS_PAYLOAD_MAX_LEN / 4;
  773. int n, i, p[2];
  774. memrnd(mem_send, sizeof(mem_send));
  775. ASSERT_GE(pipe(p), 0);
  776. for (i = 0; i < 4; i++)
  777. EXPECT_EQ(send(self->fd, &mem_send[chunk * i], chunk, 0),
  778. chunk);
  779. EXPECT_EQ(recv(self->cfd, mem_recv, chunk * 5 / 2,
  780. MSG_WAITALL | MSG_PEEK),
  781. chunk * 5 / 2);
  782. EXPECT_EQ(memcmp(mem_send, mem_recv, chunk * 5 / 2), 0);
  783. n = 0;
  784. while (n < send_len) {
  785. i = splice(self->cfd, NULL, p[1], NULL, send_len - n, 0);
  786. EXPECT_GT(i, 0);
  787. n += i;
  788. }
  789. EXPECT_EQ(n, send_len);
  790. EXPECT_EQ(read(p[0], mem_recv, send_len), send_len);
  791. EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0);
  792. }
  793. #define MAX_FRAGS 48
  794. TEST_F(tls, splice_short)
  795. {
  796. struct iovec sendchar_iov;
  797. char read_buf[0x10000];
  798. char sendbuf[0x100];
  799. char sendchar = 'S';
  800. int pipefds[2];
  801. int i;
  802. sendchar_iov.iov_base = &sendchar;
  803. sendchar_iov.iov_len = 1;
  804. memset(sendbuf, 's', sizeof(sendbuf));
  805. ASSERT_GE(pipe2(pipefds, O_NONBLOCK), 0);
  806. ASSERT_GE(fcntl(pipefds[0], F_SETPIPE_SZ, (MAX_FRAGS + 1) * 0x1000), 0);
  807. for (i = 0; i < MAX_FRAGS; i++)
  808. ASSERT_GE(vmsplice(pipefds[1], &sendchar_iov, 1, 0), 0);
  809. ASSERT_EQ(write(pipefds[1], sendbuf, sizeof(sendbuf)), sizeof(sendbuf));
  810. EXPECT_EQ(splice(pipefds[0], NULL, self->fd, NULL, MAX_FRAGS + 0x1000, 0),
  811. MAX_FRAGS + sizeof(sendbuf));
  812. EXPECT_EQ(recv(self->cfd, read_buf, sizeof(read_buf), 0), MAX_FRAGS + sizeof(sendbuf));
  813. EXPECT_EQ(recv(self->cfd, read_buf, sizeof(read_buf), MSG_DONTWAIT), -1);
  814. EXPECT_EQ(errno, EAGAIN);
  815. }
  816. #undef MAX_FRAGS
  817. TEST_F(tls, recvmsg_single)
  818. {
  819. char const *test_str = "test_recvmsg_single";
  820. int send_len = strlen(test_str) + 1;
  821. char buf[20];
  822. struct msghdr hdr;
  823. struct iovec vec;
  824. memset(&hdr, 0, sizeof(hdr));
  825. EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
  826. vec.iov_base = (char *)buf;
  827. vec.iov_len = send_len;
  828. hdr.msg_iovlen = 1;
  829. hdr.msg_iov = &vec;
  830. EXPECT_NE(recvmsg(self->cfd, &hdr, 0), -1);
  831. EXPECT_EQ(memcmp(test_str, buf, send_len), 0);
  832. }
  833. TEST_F(tls, recvmsg_single_max)
  834. {
  835. int send_len = TLS_PAYLOAD_MAX_LEN;
  836. char send_mem[TLS_PAYLOAD_MAX_LEN];
  837. char recv_mem[TLS_PAYLOAD_MAX_LEN];
  838. struct iovec vec;
  839. struct msghdr hdr;
  840. memrnd(send_mem, sizeof(send_mem));
  841. EXPECT_EQ(send(self->fd, send_mem, send_len, 0), send_len);
  842. vec.iov_base = (char *)recv_mem;
  843. vec.iov_len = TLS_PAYLOAD_MAX_LEN;
  844. hdr.msg_iovlen = 1;
  845. hdr.msg_iov = &vec;
  846. EXPECT_NE(recvmsg(self->cfd, &hdr, 0), -1);
  847. EXPECT_EQ(memcmp(send_mem, recv_mem, send_len), 0);
  848. }
  849. TEST_F(tls, recvmsg_multiple)
  850. {
  851. unsigned int msg_iovlen = 1024;
  852. struct iovec vec[1024];
  853. char *iov_base[1024];
  854. unsigned int iov_len = 16;
  855. int send_len = 1 << 14;
  856. char buf[1 << 14];
  857. struct msghdr hdr;
  858. int i;
  859. memrnd(buf, sizeof(buf));
  860. EXPECT_EQ(send(self->fd, buf, send_len, 0), send_len);
  861. for (i = 0; i < msg_iovlen; i++) {
  862. iov_base[i] = (char *)malloc(iov_len);
  863. vec[i].iov_base = iov_base[i];
  864. vec[i].iov_len = iov_len;
  865. }
  866. hdr.msg_iovlen = msg_iovlen;
  867. hdr.msg_iov = vec;
  868. EXPECT_NE(recvmsg(self->cfd, &hdr, 0), -1);
  869. for (i = 0; i < msg_iovlen; i++)
  870. free(iov_base[i]);
  871. }
  872. TEST_F(tls, single_send_multiple_recv)
  873. {
  874. unsigned int total_len = TLS_PAYLOAD_MAX_LEN * 2;
  875. unsigned int send_len = TLS_PAYLOAD_MAX_LEN;
  876. char send_mem[TLS_PAYLOAD_MAX_LEN * 2];
  877. char recv_mem[TLS_PAYLOAD_MAX_LEN * 2];
  878. memrnd(send_mem, sizeof(send_mem));
  879. EXPECT_GE(send(self->fd, send_mem, total_len, 0), 0);
  880. memset(recv_mem, 0, total_len);
  881. EXPECT_NE(recv(self->cfd, recv_mem, send_len, 0), -1);
  882. EXPECT_NE(recv(self->cfd, recv_mem + send_len, send_len, 0), -1);
  883. EXPECT_EQ(memcmp(send_mem, recv_mem, total_len), 0);
  884. }
  885. TEST_F(tls, multiple_send_single_recv)
  886. {
  887. unsigned int total_len = 2 * 10;
  888. unsigned int send_len = 10;
  889. char recv_mem[2 * 10];
  890. char send_mem[10];
  891. memrnd(send_mem, sizeof(send_mem));
  892. EXPECT_GE(send(self->fd, send_mem, send_len, 0), 0);
  893. EXPECT_GE(send(self->fd, send_mem, send_len, 0), 0);
  894. memset(recv_mem, 0, total_len);
  895. EXPECT_EQ(recv(self->cfd, recv_mem, total_len, MSG_WAITALL), total_len);
  896. EXPECT_EQ(memcmp(send_mem, recv_mem, send_len), 0);
  897. EXPECT_EQ(memcmp(send_mem, recv_mem + send_len, send_len), 0);
  898. }
  899. TEST_F(tls, single_send_multiple_recv_non_align)
  900. {
  901. const unsigned int total_len = 15;
  902. const unsigned int recv_len = 10;
  903. char recv_mem[recv_len * 2];
  904. char send_mem[total_len];
  905. memrnd(send_mem, sizeof(send_mem));
  906. EXPECT_GE(send(self->fd, send_mem, total_len, 0), 0);
  907. memset(recv_mem, 0, total_len);
  908. EXPECT_EQ(recv(self->cfd, recv_mem, recv_len, 0), recv_len);
  909. EXPECT_EQ(recv(self->cfd, recv_mem + recv_len, recv_len, 0), 5);
  910. EXPECT_EQ(memcmp(send_mem, recv_mem, total_len), 0);
  911. }
  912. TEST_F(tls, recv_partial)
  913. {
  914. char const *test_str = "test_read_partial";
  915. char const *test_str_first = "test_read";
  916. char const *test_str_second = "_partial";
  917. int send_len = strlen(test_str) + 1;
  918. char recv_mem[18];
  919. memset(recv_mem, 0, sizeof(recv_mem));
  920. EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
  921. EXPECT_EQ(recv(self->cfd, recv_mem, strlen(test_str_first),
  922. MSG_WAITALL), strlen(test_str_first));
  923. EXPECT_EQ(memcmp(test_str_first, recv_mem, strlen(test_str_first)), 0);
  924. memset(recv_mem, 0, sizeof(recv_mem));
  925. EXPECT_EQ(recv(self->cfd, recv_mem, strlen(test_str_second),
  926. MSG_WAITALL), strlen(test_str_second));
  927. EXPECT_EQ(memcmp(test_str_second, recv_mem, strlen(test_str_second)),
  928. 0);
  929. }
  930. TEST_F(tls, recv_nonblock)
  931. {
  932. char buf[4096];
  933. bool err;
  934. EXPECT_EQ(recv(self->cfd, buf, sizeof(buf), MSG_DONTWAIT), -1);
  935. err = (errno == EAGAIN || errno == EWOULDBLOCK);
  936. EXPECT_EQ(err, true);
  937. }
  938. TEST_F(tls, recv_peek)
  939. {
  940. char const *test_str = "test_read_peek";
  941. int send_len = strlen(test_str) + 1;
  942. char buf[15];
  943. EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
  944. EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_PEEK), send_len);
  945. EXPECT_EQ(memcmp(test_str, buf, send_len), 0);
  946. memset(buf, 0, sizeof(buf));
  947. EXPECT_EQ(recv(self->cfd, buf, send_len, 0), send_len);
  948. EXPECT_EQ(memcmp(test_str, buf, send_len), 0);
  949. }
  950. TEST_F(tls, recv_peek_multiple)
  951. {
  952. char const *test_str = "test_read_peek";
  953. int send_len = strlen(test_str) + 1;
  954. unsigned int num_peeks = 100;
  955. char buf[15];
  956. int i;
  957. EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
  958. for (i = 0; i < num_peeks; i++) {
  959. EXPECT_NE(recv(self->cfd, buf, send_len, MSG_PEEK), -1);
  960. EXPECT_EQ(memcmp(test_str, buf, send_len), 0);
  961. memset(buf, 0, sizeof(buf));
  962. }
  963. EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1);
  964. EXPECT_EQ(memcmp(test_str, buf, send_len), 0);
  965. }
  966. TEST_F(tls, recv_peek_multiple_records)
  967. {
  968. char const *test_str = "test_read_peek_mult_recs";
  969. char const *test_str_first = "test_read_peek";
  970. char const *test_str_second = "_mult_recs";
  971. int len;
  972. char buf[64];
  973. len = strlen(test_str_first);
  974. EXPECT_EQ(send(self->fd, test_str_first, len, 0), len);
  975. len = strlen(test_str_second) + 1;
  976. EXPECT_EQ(send(self->fd, test_str_second, len, 0), len);
  977. len = strlen(test_str_first);
  978. memset(buf, 0, len);
  979. EXPECT_EQ(recv(self->cfd, buf, len, MSG_PEEK | MSG_WAITALL), len);
  980. /* MSG_PEEK can only peek into the current record. */
  981. len = strlen(test_str_first);
  982. EXPECT_EQ(memcmp(test_str_first, buf, len), 0);
  983. len = strlen(test_str) + 1;
  984. memset(buf, 0, len);
  985. EXPECT_EQ(recv(self->cfd, buf, len, MSG_WAITALL), len);
  986. /* Non-MSG_PEEK will advance strparser (and therefore record)
  987. * however.
  988. */
  989. len = strlen(test_str) + 1;
  990. EXPECT_EQ(memcmp(test_str, buf, len), 0);
  991. /* MSG_MORE will hold current record open, so later MSG_PEEK
  992. * will see everything.
  993. */
  994. len = strlen(test_str_first);
  995. EXPECT_EQ(send(self->fd, test_str_first, len, MSG_MORE), len);
  996. len = strlen(test_str_second) + 1;
  997. EXPECT_EQ(send(self->fd, test_str_second, len, 0), len);
  998. len = strlen(test_str) + 1;
  999. memset(buf, 0, len);
  1000. EXPECT_EQ(recv(self->cfd, buf, len, MSG_PEEK | MSG_WAITALL), len);
  1001. len = strlen(test_str) + 1;
  1002. EXPECT_EQ(memcmp(test_str, buf, len), 0);
  1003. }
  1004. TEST_F(tls, recv_peek_large_buf_mult_recs)
  1005. {
  1006. char const *test_str = "test_read_peek_mult_recs";
  1007. char const *test_str_first = "test_read_peek";
  1008. char const *test_str_second = "_mult_recs";
  1009. int len;
  1010. char buf[64];
  1011. len = strlen(test_str_first);
  1012. EXPECT_EQ(send(self->fd, test_str_first, len, 0), len);
  1013. len = strlen(test_str_second) + 1;
  1014. EXPECT_EQ(send(self->fd, test_str_second, len, 0), len);
  1015. len = strlen(test_str) + 1;
  1016. memset(buf, 0, len);
  1017. EXPECT_NE((len = recv(self->cfd, buf, len,
  1018. MSG_PEEK | MSG_WAITALL)), -1);
  1019. len = strlen(test_str) + 1;
  1020. EXPECT_EQ(memcmp(test_str, buf, len), 0);
  1021. }
  1022. TEST_F(tls, recv_lowat)
  1023. {
  1024. char send_mem[10] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 };
  1025. char recv_mem[20];
  1026. int lowat = 8;
  1027. EXPECT_EQ(send(self->fd, send_mem, 10, 0), 10);
  1028. EXPECT_EQ(send(self->fd, send_mem, 5, 0), 5);
  1029. memset(recv_mem, 0, 20);
  1030. EXPECT_EQ(setsockopt(self->cfd, SOL_SOCKET, SO_RCVLOWAT,
  1031. &lowat, sizeof(lowat)), 0);
  1032. EXPECT_EQ(recv(self->cfd, recv_mem, 1, MSG_WAITALL), 1);
  1033. EXPECT_EQ(recv(self->cfd, recv_mem + 1, 6, MSG_WAITALL), 6);
  1034. EXPECT_EQ(recv(self->cfd, recv_mem + 7, 10, 0), 8);
  1035. EXPECT_EQ(memcmp(send_mem, recv_mem, 10), 0);
  1036. EXPECT_EQ(memcmp(send_mem, recv_mem + 10, 5), 0);
  1037. }
  1038. TEST_F(tls, bidir)
  1039. {
  1040. char const *test_str = "test_read";
  1041. int send_len = 10;
  1042. char buf[10];
  1043. int ret;
  1044. if (!self->notls) {
  1045. struct tls_crypto_info_keys tls12;
  1046. tls_crypto_info_init(variant->tls_version, variant->cipher_type,
  1047. &tls12, 0);
  1048. ret = setsockopt(self->fd, SOL_TLS, TLS_RX, &tls12,
  1049. tls12.len);
  1050. ASSERT_EQ(ret, 0);
  1051. ret = setsockopt(self->cfd, SOL_TLS, TLS_TX, &tls12,
  1052. tls12.len);
  1053. ASSERT_EQ(ret, 0);
  1054. }
  1055. ASSERT_EQ(strlen(test_str) + 1, send_len);
  1056. EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
  1057. EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1);
  1058. EXPECT_EQ(memcmp(buf, test_str, send_len), 0);
  1059. memset(buf, 0, sizeof(buf));
  1060. EXPECT_EQ(send(self->cfd, test_str, send_len, 0), send_len);
  1061. EXPECT_NE(recv(self->fd, buf, send_len, 0), -1);
  1062. EXPECT_EQ(memcmp(buf, test_str, send_len), 0);
  1063. };
  1064. TEST_F(tls, pollin)
  1065. {
  1066. char const *test_str = "test_poll";
  1067. struct pollfd fd = { 0, 0, 0 };
  1068. char buf[10];
  1069. int send_len = 10;
  1070. EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
  1071. fd.fd = self->cfd;
  1072. fd.events = POLLIN;
  1073. EXPECT_EQ(poll(&fd, 1, 20), 1);
  1074. EXPECT_EQ(fd.revents & POLLIN, 1);
  1075. EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_WAITALL), send_len);
  1076. /* Test timing out */
  1077. EXPECT_EQ(poll(&fd, 1, 20), 0);
  1078. }
  1079. TEST_F(tls, poll_wait)
  1080. {
  1081. char const *test_str = "test_poll_wait";
  1082. int send_len = strlen(test_str) + 1;
  1083. struct pollfd fd = { 0, 0, 0 };
  1084. char recv_mem[15];
  1085. fd.fd = self->cfd;
  1086. fd.events = POLLIN;
  1087. EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
  1088. /* Set timeout to inf. secs */
  1089. EXPECT_EQ(poll(&fd, 1, -1), 1);
  1090. EXPECT_EQ(fd.revents & POLLIN, 1);
  1091. EXPECT_EQ(recv(self->cfd, recv_mem, send_len, MSG_WAITALL), send_len);
  1092. }
  1093. TEST_F(tls, poll_wait_split)
  1094. {
  1095. struct pollfd fd = { 0, 0, 0 };
  1096. char send_mem[20] = {};
  1097. char recv_mem[15];
  1098. fd.fd = self->cfd;
  1099. fd.events = POLLIN;
  1100. /* Send 20 bytes */
  1101. EXPECT_EQ(send(self->fd, send_mem, sizeof(send_mem), 0),
  1102. sizeof(send_mem));
  1103. /* Poll with inf. timeout */
  1104. EXPECT_EQ(poll(&fd, 1, -1), 1);
  1105. EXPECT_EQ(fd.revents & POLLIN, 1);
  1106. EXPECT_EQ(recv(self->cfd, recv_mem, sizeof(recv_mem), MSG_WAITALL),
  1107. sizeof(recv_mem));
  1108. /* Now the remaining 5 bytes of record data are in TLS ULP */
  1109. fd.fd = self->cfd;
  1110. fd.events = POLLIN;
  1111. EXPECT_EQ(poll(&fd, 1, -1), 1);
  1112. EXPECT_EQ(fd.revents & POLLIN, 1);
  1113. EXPECT_EQ(recv(self->cfd, recv_mem, sizeof(recv_mem), 0),
  1114. sizeof(send_mem) - sizeof(recv_mem));
  1115. }
  1116. TEST_F(tls, blocking)
  1117. {
  1118. size_t data = 100000;
  1119. int res = fork();
  1120. EXPECT_NE(res, -1);
  1121. if (res) {
  1122. /* parent */
  1123. size_t left = data;
  1124. char buf[16384];
  1125. int status;
  1126. int pid2;
  1127. while (left) {
  1128. int res = send(self->fd, buf,
  1129. left > 16384 ? 16384 : left, 0);
  1130. EXPECT_GE(res, 0);
  1131. left -= res;
  1132. }
  1133. pid2 = wait(&status);
  1134. EXPECT_EQ(status, 0);
  1135. EXPECT_EQ(res, pid2);
  1136. } else {
  1137. /* child */
  1138. size_t left = data;
  1139. char buf[16384];
  1140. while (left) {
  1141. int res = recv(self->cfd, buf,
  1142. left > 16384 ? 16384 : left, 0);
  1143. EXPECT_GE(res, 0);
  1144. left -= res;
  1145. }
  1146. }
  1147. }
  1148. TEST_F(tls, nonblocking)
  1149. {
  1150. size_t data = 100000;
  1151. int sendbuf = 100;
  1152. int flags;
  1153. int res;
  1154. flags = fcntl(self->fd, F_GETFL, 0);
  1155. fcntl(self->fd, F_SETFL, flags | O_NONBLOCK);
  1156. fcntl(self->cfd, F_SETFL, flags | O_NONBLOCK);
  1157. /* Ensure nonblocking behavior by imposing a small send
  1158. * buffer.
  1159. */
  1160. EXPECT_EQ(setsockopt(self->fd, SOL_SOCKET, SO_SNDBUF,
  1161. &sendbuf, sizeof(sendbuf)), 0);
  1162. res = fork();
  1163. EXPECT_NE(res, -1);
  1164. if (res) {
  1165. /* parent */
  1166. bool eagain = false;
  1167. size_t left = data;
  1168. char buf[16384];
  1169. int status;
  1170. int pid2;
  1171. while (left) {
  1172. int res = send(self->fd, buf,
  1173. left > 16384 ? 16384 : left, 0);
  1174. if (res == -1 && errno == EAGAIN) {
  1175. eagain = true;
  1176. usleep(10000);
  1177. continue;
  1178. }
  1179. EXPECT_GE(res, 0);
  1180. left -= res;
  1181. }
  1182. EXPECT_TRUE(eagain);
  1183. pid2 = wait(&status);
  1184. EXPECT_EQ(status, 0);
  1185. EXPECT_EQ(res, pid2);
  1186. } else {
  1187. /* child */
  1188. bool eagain = false;
  1189. size_t left = data;
  1190. char buf[16384];
  1191. while (left) {
  1192. int res = recv(self->cfd, buf,
  1193. left > 16384 ? 16384 : left, 0);
  1194. if (res == -1 && errno == EAGAIN) {
  1195. eagain = true;
  1196. usleep(10000);
  1197. continue;
  1198. }
  1199. EXPECT_GE(res, 0);
  1200. left -= res;
  1201. }
  1202. EXPECT_TRUE(eagain);
  1203. }
  1204. }
  1205. static void
  1206. test_mutliproc(struct __test_metadata *_metadata, struct _test_data_tls *self,
  1207. bool sendpg, unsigned int n_readers, unsigned int n_writers)
  1208. {
  1209. const unsigned int n_children = n_readers + n_writers;
  1210. const size_t data = 6 * 1000 * 1000;
  1211. const size_t file_sz = data / 100;
  1212. size_t read_bias, write_bias;
  1213. int i, fd, child_id;
  1214. char buf[file_sz];
  1215. pid_t pid;
  1216. /* Only allow multiples for simplicity */
  1217. ASSERT_EQ(!(n_readers % n_writers) || !(n_writers % n_readers), true);
  1218. read_bias = n_writers / n_readers ?: 1;
  1219. write_bias = n_readers / n_writers ?: 1;
  1220. /* prep a file to send */
  1221. fd = open("/tmp/", O_TMPFILE | O_RDWR, 0600);
  1222. ASSERT_GE(fd, 0);
  1223. memset(buf, 0xac, file_sz);
  1224. ASSERT_EQ(write(fd, buf, file_sz), file_sz);
  1225. /* spawn children */
  1226. for (child_id = 0; child_id < n_children; child_id++) {
  1227. pid = fork();
  1228. ASSERT_NE(pid, -1);
  1229. if (!pid)
  1230. break;
  1231. }
  1232. /* parent waits for all children */
  1233. if (pid) {
  1234. for (i = 0; i < n_children; i++) {
  1235. int status;
  1236. wait(&status);
  1237. EXPECT_EQ(status, 0);
  1238. }
  1239. return;
  1240. }
  1241. /* Split threads for reading and writing */
  1242. if (child_id < n_readers) {
  1243. size_t left = data * read_bias;
  1244. char rb[8001];
  1245. while (left) {
  1246. int res;
  1247. res = recv(self->cfd, rb,
  1248. left > sizeof(rb) ? sizeof(rb) : left, 0);
  1249. EXPECT_GE(res, 0);
  1250. left -= res;
  1251. }
  1252. } else {
  1253. size_t left = data * write_bias;
  1254. while (left) {
  1255. int res;
  1256. ASSERT_EQ(lseek(fd, 0, SEEK_SET), 0);
  1257. if (sendpg)
  1258. res = sendfile(self->fd, fd, NULL,
  1259. left > file_sz ? file_sz : left);
  1260. else
  1261. res = send(self->fd, buf,
  1262. left > file_sz ? file_sz : left, 0);
  1263. EXPECT_GE(res, 0);
  1264. left -= res;
  1265. }
  1266. }
  1267. }
  1268. TEST_F(tls, mutliproc_even)
  1269. {
  1270. test_mutliproc(_metadata, self, false, 6, 6);
  1271. }
  1272. TEST_F(tls, mutliproc_readers)
  1273. {
  1274. test_mutliproc(_metadata, self, false, 4, 12);
  1275. }
  1276. TEST_F(tls, mutliproc_writers)
  1277. {
  1278. test_mutliproc(_metadata, self, false, 10, 2);
  1279. }
  1280. TEST_F(tls, mutliproc_sendpage_even)
  1281. {
  1282. test_mutliproc(_metadata, self, true, 6, 6);
  1283. }
  1284. TEST_F(tls, mutliproc_sendpage_readers)
  1285. {
  1286. test_mutliproc(_metadata, self, true, 4, 12);
  1287. }
  1288. TEST_F(tls, mutliproc_sendpage_writers)
  1289. {
  1290. test_mutliproc(_metadata, self, true, 10, 2);
  1291. }
  1292. TEST_F(tls, control_msg)
  1293. {
  1294. char *test_str = "test_read";
  1295. char record_type = 100;
  1296. int send_len = 10;
  1297. char buf[10];
  1298. if (self->notls)
  1299. SKIP(return, "no TLS support");
  1300. EXPECT_EQ(tls_send_cmsg(self->fd, record_type, test_str, send_len, 0),
  1301. send_len);
  1302. /* Should fail because we didn't provide a control message */
  1303. EXPECT_EQ(recv(self->cfd, buf, send_len, 0), -1);
  1304. EXPECT_EQ(tls_recv_cmsg(_metadata, self->cfd, record_type,
  1305. buf, sizeof(buf), MSG_WAITALL | MSG_PEEK),
  1306. send_len);
  1307. EXPECT_EQ(memcmp(buf, test_str, send_len), 0);
  1308. /* Recv the message again without MSG_PEEK */
  1309. memset(buf, 0, sizeof(buf));
  1310. EXPECT_EQ(tls_recv_cmsg(_metadata, self->cfd, record_type,
  1311. buf, sizeof(buf), MSG_WAITALL),
  1312. send_len);
  1313. EXPECT_EQ(memcmp(buf, test_str, send_len), 0);
  1314. }
  1315. TEST_F(tls, control_msg_nomerge)
  1316. {
  1317. char *rec1 = "1111";
  1318. char *rec2 = "2222";
  1319. int send_len = 5;
  1320. char buf[15];
  1321. if (self->notls)
  1322. SKIP(return, "no TLS support");
  1323. EXPECT_EQ(tls_send_cmsg(self->fd, 100, rec1, send_len, 0), send_len);
  1324. EXPECT_EQ(tls_send_cmsg(self->fd, 100, rec2, send_len, 0), send_len);
  1325. EXPECT_EQ(tls_recv_cmsg(_metadata, self->cfd, 100, buf, sizeof(buf), MSG_PEEK), send_len);
  1326. EXPECT_EQ(memcmp(buf, rec1, send_len), 0);
  1327. EXPECT_EQ(tls_recv_cmsg(_metadata, self->cfd, 100, buf, sizeof(buf), MSG_PEEK), send_len);
  1328. EXPECT_EQ(memcmp(buf, rec1, send_len), 0);
  1329. EXPECT_EQ(tls_recv_cmsg(_metadata, self->cfd, 100, buf, sizeof(buf), 0), send_len);
  1330. EXPECT_EQ(memcmp(buf, rec1, send_len), 0);
  1331. EXPECT_EQ(tls_recv_cmsg(_metadata, self->cfd, 100, buf, sizeof(buf), 0), send_len);
  1332. EXPECT_EQ(memcmp(buf, rec2, send_len), 0);
  1333. }
  1334. TEST_F(tls, data_control_data)
  1335. {
  1336. char *rec1 = "1111";
  1337. char *rec2 = "2222";
  1338. char *rec3 = "3333";
  1339. int send_len = 5;
  1340. char buf[15];
  1341. if (self->notls)
  1342. SKIP(return, "no TLS support");
  1343. EXPECT_EQ(send(self->fd, rec1, send_len, 0), send_len);
  1344. EXPECT_EQ(tls_send_cmsg(self->fd, 100, rec2, send_len, 0), send_len);
  1345. EXPECT_EQ(send(self->fd, rec3, send_len, 0), send_len);
  1346. EXPECT_EQ(recv(self->cfd, buf, sizeof(buf), MSG_PEEK), send_len);
  1347. EXPECT_EQ(recv(self->cfd, buf, sizeof(buf), MSG_PEEK), send_len);
  1348. }
  1349. TEST_F(tls, shutdown)
  1350. {
  1351. char const *test_str = "test_read";
  1352. int send_len = 10;
  1353. char buf[10];
  1354. ASSERT_EQ(strlen(test_str) + 1, send_len);
  1355. EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
  1356. EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1);
  1357. EXPECT_EQ(memcmp(buf, test_str, send_len), 0);
  1358. shutdown(self->fd, SHUT_RDWR);
  1359. shutdown(self->cfd, SHUT_RDWR);
  1360. }
  1361. TEST_F(tls, shutdown_unsent)
  1362. {
  1363. char const *test_str = "test_read";
  1364. int send_len = 10;
  1365. EXPECT_EQ(send(self->fd, test_str, send_len, MSG_MORE), send_len);
  1366. shutdown(self->fd, SHUT_RDWR);
  1367. shutdown(self->cfd, SHUT_RDWR);
  1368. }
  1369. TEST_F(tls, shutdown_reuse)
  1370. {
  1371. struct sockaddr_in addr;
  1372. int ret;
  1373. shutdown(self->fd, SHUT_RDWR);
  1374. shutdown(self->cfd, SHUT_RDWR);
  1375. close(self->cfd);
  1376. addr.sin_family = AF_INET;
  1377. addr.sin_addr.s_addr = htonl(INADDR_ANY);
  1378. addr.sin_port = 0;
  1379. ret = bind(self->fd, &addr, sizeof(addr));
  1380. EXPECT_EQ(ret, 0);
  1381. ret = listen(self->fd, 10);
  1382. EXPECT_EQ(ret, -1);
  1383. EXPECT_EQ(errno, EINVAL);
  1384. ret = connect(self->fd, &addr, sizeof(addr));
  1385. EXPECT_EQ(ret, -1);
  1386. EXPECT_EQ(errno, EISCONN);
  1387. }
  1388. TEST_F(tls, getsockopt)
  1389. {
  1390. struct tls_crypto_info_keys expect, get;
  1391. socklen_t len;
  1392. /* get only the version/cipher */
  1393. len = sizeof(struct tls_crypto_info);
  1394. memrnd(&get, sizeof(get));
  1395. EXPECT_EQ(getsockopt(self->fd, SOL_TLS, TLS_TX, &get, &len), 0);
  1396. EXPECT_EQ(len, sizeof(struct tls_crypto_info));
  1397. EXPECT_EQ(get.crypto_info.version, variant->tls_version);
  1398. EXPECT_EQ(get.crypto_info.cipher_type, variant->cipher_type);
  1399. /* get the full crypto_info */
  1400. tls_crypto_info_init(variant->tls_version, variant->cipher_type, &expect, 0);
  1401. len = expect.len;
  1402. memrnd(&get, sizeof(get));
  1403. EXPECT_EQ(getsockopt(self->fd, SOL_TLS, TLS_TX, &get, &len), 0);
  1404. EXPECT_EQ(len, expect.len);
  1405. EXPECT_EQ(get.crypto_info.version, variant->tls_version);
  1406. EXPECT_EQ(get.crypto_info.cipher_type, variant->cipher_type);
  1407. EXPECT_EQ(memcmp(&get, &expect, expect.len), 0);
  1408. /* short get should fail */
  1409. len = sizeof(struct tls_crypto_info) - 1;
  1410. EXPECT_EQ(getsockopt(self->fd, SOL_TLS, TLS_TX, &get, &len), -1);
  1411. EXPECT_EQ(errno, EINVAL);
  1412. /* partial get of the cipher data should fail */
  1413. len = expect.len - 1;
  1414. EXPECT_EQ(getsockopt(self->fd, SOL_TLS, TLS_TX, &get, &len), -1);
  1415. EXPECT_EQ(errno, EINVAL);
  1416. }
  1417. TEST_F(tls, recv_efault)
  1418. {
  1419. char *rec1 = "1111111111";
  1420. char *rec2 = "2222222222";
  1421. struct msghdr hdr = {};
  1422. struct iovec iov[2];
  1423. char recv_mem[12];
  1424. int ret;
  1425. if (self->notls)
  1426. SKIP(return, "no TLS support");
  1427. EXPECT_EQ(send(self->fd, rec1, 10, 0), 10);
  1428. EXPECT_EQ(send(self->fd, rec2, 10, 0), 10);
  1429. iov[0].iov_base = recv_mem;
  1430. iov[0].iov_len = sizeof(recv_mem);
  1431. iov[1].iov_base = NULL; /* broken iov to make process_rx_list fail */
  1432. iov[1].iov_len = 1;
  1433. hdr.msg_iovlen = 2;
  1434. hdr.msg_iov = iov;
  1435. EXPECT_EQ(recv(self->cfd, recv_mem, 1, 0), 1);
  1436. EXPECT_EQ(recv_mem[0], rec1[0]);
  1437. ret = recvmsg(self->cfd, &hdr, 0);
  1438. EXPECT_LE(ret, sizeof(recv_mem));
  1439. EXPECT_GE(ret, 9);
  1440. EXPECT_EQ(memcmp(rec1, recv_mem, 9), 0);
  1441. if (ret > 9)
  1442. EXPECT_EQ(memcmp(rec2, recv_mem + 9, ret - 9), 0);
  1443. }
  1444. #define TLS_RECORD_TYPE_HANDSHAKE 0x16
  1445. /* key_update, length 1, update_not_requested */
  1446. static const char key_update_msg[] = "\x18\x00\x00\x01\x00";
  1447. static void tls_send_keyupdate(struct __test_metadata *_metadata, int fd)
  1448. {
  1449. size_t len = sizeof(key_update_msg);
  1450. EXPECT_EQ(tls_send_cmsg(fd, TLS_RECORD_TYPE_HANDSHAKE,
  1451. (char *)key_update_msg, len, 0),
  1452. len);
  1453. }
  1454. static void tls_recv_keyupdate(struct __test_metadata *_metadata, int fd, int flags)
  1455. {
  1456. char buf[100];
  1457. EXPECT_EQ(tls_recv_cmsg(_metadata, fd, TLS_RECORD_TYPE_HANDSHAKE, buf, sizeof(buf), flags),
  1458. sizeof(key_update_msg));
  1459. EXPECT_EQ(memcmp(buf, key_update_msg, sizeof(key_update_msg)), 0);
  1460. }
  1461. /* set the key to 0 then 1 for RX, immediately to 1 for TX */
  1462. TEST_F(tls_basic, rekey_rx)
  1463. {
  1464. struct tls_crypto_info_keys tls12_0, tls12_1;
  1465. char const *test_str = "test_message";
  1466. int send_len = strlen(test_str) + 1;
  1467. char buf[20];
  1468. int ret;
  1469. if (self->notls)
  1470. return;
  1471. tls_crypto_info_init(TLS_1_3_VERSION, TLS_CIPHER_AES_GCM_128,
  1472. &tls12_0, 0);
  1473. tls_crypto_info_init(TLS_1_3_VERSION, TLS_CIPHER_AES_GCM_128,
  1474. &tls12_1, 1);
  1475. ret = setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12_1, tls12_1.len);
  1476. ASSERT_EQ(ret, 0);
  1477. ret = setsockopt(self->cfd, SOL_TLS, TLS_RX, &tls12_0, tls12_0.len);
  1478. ASSERT_EQ(ret, 0);
  1479. ret = setsockopt(self->cfd, SOL_TLS, TLS_RX, &tls12_1, tls12_1.len);
  1480. EXPECT_EQ(ret, 0);
  1481. EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
  1482. EXPECT_EQ(recv(self->cfd, buf, send_len, 0), send_len);
  1483. EXPECT_EQ(memcmp(buf, test_str, send_len), 0);
  1484. }
  1485. /* set the key to 0 then 1 for TX, immediately to 1 for RX */
  1486. TEST_F(tls_basic, rekey_tx)
  1487. {
  1488. struct tls_crypto_info_keys tls12_0, tls12_1;
  1489. char const *test_str = "test_message";
  1490. int send_len = strlen(test_str) + 1;
  1491. char buf[20];
  1492. int ret;
  1493. if (self->notls)
  1494. return;
  1495. tls_crypto_info_init(TLS_1_3_VERSION, TLS_CIPHER_AES_GCM_128,
  1496. &tls12_0, 0);
  1497. tls_crypto_info_init(TLS_1_3_VERSION, TLS_CIPHER_AES_GCM_128,
  1498. &tls12_1, 1);
  1499. ret = setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12_0, tls12_0.len);
  1500. ASSERT_EQ(ret, 0);
  1501. ret = setsockopt(self->cfd, SOL_TLS, TLS_RX, &tls12_1, tls12_1.len);
  1502. ASSERT_EQ(ret, 0);
  1503. ret = setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12_1, tls12_1.len);
  1504. EXPECT_EQ(ret, 0);
  1505. EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
  1506. EXPECT_EQ(recv(self->cfd, buf, send_len, 0), send_len);
  1507. EXPECT_EQ(memcmp(buf, test_str, send_len), 0);
  1508. }
  1509. TEST_F(tls_basic, disconnect)
  1510. {
  1511. char const *test_str = "test_message";
  1512. int send_len = strlen(test_str) + 1;
  1513. struct tls_crypto_info_keys key;
  1514. struct sockaddr_in addr;
  1515. char buf[20];
  1516. int ret;
  1517. if (self->notls)
  1518. return;
  1519. tls_crypto_info_init(TLS_1_3_VERSION, TLS_CIPHER_AES_GCM_128,
  1520. &key, 0);
  1521. ret = setsockopt(self->fd, SOL_TLS, TLS_TX, &key, key.len);
  1522. ASSERT_EQ(ret, 0);
  1523. /* Pre-queue the data so that setsockopt parses it but doesn't
  1524. * dequeue it from the TCP socket. recvmsg would dequeue.
  1525. */
  1526. EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
  1527. ret = setsockopt(self->cfd, SOL_TLS, TLS_RX, &key, key.len);
  1528. ASSERT_EQ(ret, 0);
  1529. addr.sin_family = AF_UNSPEC;
  1530. addr.sin_addr.s_addr = htonl(INADDR_ANY);
  1531. addr.sin_port = 0;
  1532. ret = connect(self->cfd, &addr, sizeof(addr));
  1533. EXPECT_EQ(ret, -1);
  1534. EXPECT_EQ(errno, EOPNOTSUPP);
  1535. EXPECT_EQ(recv(self->cfd, buf, send_len, 0), send_len);
  1536. }
  1537. TEST_F(tls, rekey)
  1538. {
  1539. char const *test_str_1 = "test_message_before_rekey";
  1540. char const *test_str_2 = "test_message_after_rekey";
  1541. struct tls_crypto_info_keys tls12;
  1542. int send_len;
  1543. char buf[100];
  1544. if (variant->tls_version != TLS_1_3_VERSION)
  1545. return;
  1546. /* initial send/recv */
  1547. send_len = strlen(test_str_1) + 1;
  1548. EXPECT_EQ(send(self->fd, test_str_1, send_len, 0), send_len);
  1549. EXPECT_EQ(recv(self->cfd, buf, send_len, 0), send_len);
  1550. EXPECT_EQ(memcmp(buf, test_str_1, send_len), 0);
  1551. /* update TX key */
  1552. tls_send_keyupdate(_metadata, self->fd);
  1553. tls_crypto_info_init(variant->tls_version, variant->cipher_type, &tls12, 1);
  1554. EXPECT_EQ(setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, tls12.len), 0);
  1555. /* send after rekey */
  1556. send_len = strlen(test_str_2) + 1;
  1557. EXPECT_EQ(send(self->fd, test_str_2, send_len, 0), send_len);
  1558. /* can't receive the KeyUpdate without a control message */
  1559. EXPECT_EQ(recv(self->cfd, buf, send_len, 0), -1);
  1560. /* get KeyUpdate */
  1561. tls_recv_keyupdate(_metadata, self->cfd, 0);
  1562. /* recv blocking -> -EKEYEXPIRED */
  1563. EXPECT_EQ(recv(self->cfd, buf, sizeof(buf), 0), -1);
  1564. EXPECT_EQ(errno, EKEYEXPIRED);
  1565. /* recv non-blocking -> -EKEYEXPIRED */
  1566. EXPECT_EQ(recv(self->cfd, buf, sizeof(buf), MSG_DONTWAIT), -1);
  1567. EXPECT_EQ(errno, EKEYEXPIRED);
  1568. /* update RX key */
  1569. EXPECT_EQ(setsockopt(self->cfd, SOL_TLS, TLS_RX, &tls12, tls12.len), 0);
  1570. /* recv after rekey */
  1571. EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1);
  1572. EXPECT_EQ(memcmp(buf, test_str_2, send_len), 0);
  1573. }
  1574. TEST_F(tls, rekey_fail)
  1575. {
  1576. char const *test_str_1 = "test_message_before_rekey";
  1577. char const *test_str_2 = "test_message_after_rekey";
  1578. struct tls_crypto_info_keys tls12;
  1579. int send_len;
  1580. char buf[100];
  1581. /* initial send/recv */
  1582. send_len = strlen(test_str_1) + 1;
  1583. EXPECT_EQ(send(self->fd, test_str_1, send_len, 0), send_len);
  1584. EXPECT_EQ(recv(self->cfd, buf, send_len, 0), send_len);
  1585. EXPECT_EQ(memcmp(buf, test_str_1, send_len), 0);
  1586. /* update TX key */
  1587. tls_send_keyupdate(_metadata, self->fd);
  1588. if (variant->tls_version != TLS_1_3_VERSION) {
  1589. /* just check that rekey is not supported and return */
  1590. tls_crypto_info_init(variant->tls_version, variant->cipher_type, &tls12, 1);
  1591. EXPECT_EQ(setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, tls12.len), -1);
  1592. EXPECT_EQ(errno, EBUSY);
  1593. return;
  1594. }
  1595. /* successful update */
  1596. tls_crypto_info_init(variant->tls_version, variant->cipher_type, &tls12, 1);
  1597. EXPECT_EQ(setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, tls12.len), 0);
  1598. /* invalid update: change of version */
  1599. tls_crypto_info_init(TLS_1_2_VERSION, variant->cipher_type, &tls12, 1);
  1600. EXPECT_EQ(setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, tls12.len), -1);
  1601. EXPECT_EQ(errno, EINVAL);
  1602. /* invalid update (RX socket): change of version */
  1603. tls_crypto_info_init(TLS_1_2_VERSION, variant->cipher_type, &tls12, 1);
  1604. EXPECT_EQ(setsockopt(self->cfd, SOL_TLS, TLS_RX, &tls12, tls12.len), -1);
  1605. EXPECT_EQ(errno, EINVAL);
  1606. /* invalid update: change of cipher */
  1607. if (variant->cipher_type == TLS_CIPHER_AES_GCM_256)
  1608. tls_crypto_info_init(variant->tls_version, TLS_CIPHER_CHACHA20_POLY1305, &tls12, 1);
  1609. else
  1610. tls_crypto_info_init(variant->tls_version, TLS_CIPHER_AES_GCM_256, &tls12, 1);
  1611. EXPECT_EQ(setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, tls12.len), -1);
  1612. EXPECT_EQ(errno, EINVAL);
  1613. /* send after rekey, the invalid updates shouldn't have an effect */
  1614. send_len = strlen(test_str_2) + 1;
  1615. EXPECT_EQ(send(self->fd, test_str_2, send_len, 0), send_len);
  1616. /* can't receive the KeyUpdate without a control message */
  1617. EXPECT_EQ(recv(self->cfd, buf, send_len, 0), -1);
  1618. /* get KeyUpdate */
  1619. tls_recv_keyupdate(_metadata, self->cfd, 0);
  1620. /* recv blocking -> -EKEYEXPIRED */
  1621. EXPECT_EQ(recv(self->cfd, buf, sizeof(buf), 0), -1);
  1622. EXPECT_EQ(errno, EKEYEXPIRED);
  1623. /* recv non-blocking -> -EKEYEXPIRED */
  1624. EXPECT_EQ(recv(self->cfd, buf, sizeof(buf), MSG_DONTWAIT), -1);
  1625. EXPECT_EQ(errno, EKEYEXPIRED);
  1626. /* update RX key */
  1627. tls_crypto_info_init(variant->tls_version, variant->cipher_type, &tls12, 1);
  1628. EXPECT_EQ(setsockopt(self->cfd, SOL_TLS, TLS_RX, &tls12, tls12.len), 0);
  1629. /* recv after rekey */
  1630. EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1);
  1631. EXPECT_EQ(memcmp(buf, test_str_2, send_len), 0);
  1632. }
  1633. TEST_F(tls, rekey_peek)
  1634. {
  1635. char const *test_str_1 = "test_message_before_rekey";
  1636. struct tls_crypto_info_keys tls12;
  1637. int send_len;
  1638. char buf[100];
  1639. if (variant->tls_version != TLS_1_3_VERSION)
  1640. return;
  1641. send_len = strlen(test_str_1) + 1;
  1642. EXPECT_EQ(send(self->fd, test_str_1, send_len, 0), send_len);
  1643. /* update TX key */
  1644. tls_send_keyupdate(_metadata, self->fd);
  1645. tls_crypto_info_init(variant->tls_version, variant->cipher_type, &tls12, 1);
  1646. EXPECT_EQ(setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, tls12.len), 0);
  1647. EXPECT_EQ(recv(self->cfd, buf, sizeof(buf), MSG_PEEK), send_len);
  1648. EXPECT_EQ(memcmp(buf, test_str_1, send_len), 0);
  1649. EXPECT_EQ(recv(self->cfd, buf, send_len, 0), send_len);
  1650. EXPECT_EQ(memcmp(buf, test_str_1, send_len), 0);
  1651. /* can't receive the KeyUpdate without a control message */
  1652. EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_PEEK), -1);
  1653. /* peek KeyUpdate */
  1654. tls_recv_keyupdate(_metadata, self->cfd, MSG_PEEK);
  1655. /* get KeyUpdate */
  1656. tls_recv_keyupdate(_metadata, self->cfd, 0);
  1657. /* update RX key */
  1658. EXPECT_EQ(setsockopt(self->cfd, SOL_TLS, TLS_RX, &tls12, tls12.len), 0);
  1659. }
  1660. TEST_F(tls, splice_rekey)
  1661. {
  1662. int send_len = TLS_PAYLOAD_MAX_LEN / 2;
  1663. char mem_send[TLS_PAYLOAD_MAX_LEN];
  1664. char mem_recv[TLS_PAYLOAD_MAX_LEN];
  1665. struct tls_crypto_info_keys tls12;
  1666. int p[2];
  1667. if (variant->tls_version != TLS_1_3_VERSION)
  1668. return;
  1669. memrnd(mem_send, sizeof(mem_send));
  1670. ASSERT_GE(pipe(p), 0);
  1671. EXPECT_EQ(send(self->fd, mem_send, send_len, 0), send_len);
  1672. /* update TX key */
  1673. tls_send_keyupdate(_metadata, self->fd);
  1674. tls_crypto_info_init(variant->tls_version, variant->cipher_type, &tls12, 1);
  1675. EXPECT_EQ(setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, tls12.len), 0);
  1676. EXPECT_EQ(send(self->fd, mem_send, send_len, 0), send_len);
  1677. EXPECT_EQ(splice(self->cfd, NULL, p[1], NULL, TLS_PAYLOAD_MAX_LEN, 0), send_len);
  1678. EXPECT_EQ(read(p[0], mem_recv, send_len), send_len);
  1679. EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0);
  1680. /* can't splice the KeyUpdate */
  1681. EXPECT_EQ(splice(self->cfd, NULL, p[1], NULL, TLS_PAYLOAD_MAX_LEN, 0), -1);
  1682. EXPECT_EQ(errno, EINVAL);
  1683. /* peek KeyUpdate */
  1684. tls_recv_keyupdate(_metadata, self->cfd, MSG_PEEK);
  1685. /* get KeyUpdate */
  1686. tls_recv_keyupdate(_metadata, self->cfd, 0);
  1687. /* can't splice before updating the key */
  1688. EXPECT_EQ(splice(self->cfd, NULL, p[1], NULL, TLS_PAYLOAD_MAX_LEN, 0), -1);
  1689. EXPECT_EQ(errno, EKEYEXPIRED);
  1690. /* update RX key */
  1691. EXPECT_EQ(setsockopt(self->cfd, SOL_TLS, TLS_RX, &tls12, tls12.len), 0);
  1692. EXPECT_EQ(splice(self->cfd, NULL, p[1], NULL, TLS_PAYLOAD_MAX_LEN, 0), send_len);
  1693. EXPECT_EQ(read(p[0], mem_recv, send_len), send_len);
  1694. EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0);
  1695. }
  1696. TEST_F(tls, rekey_peek_splice)
  1697. {
  1698. char const *test_str_1 = "test_message_before_rekey";
  1699. struct tls_crypto_info_keys tls12;
  1700. int send_len;
  1701. char buf[100];
  1702. char mem_recv[TLS_PAYLOAD_MAX_LEN];
  1703. int p[2];
  1704. if (variant->tls_version != TLS_1_3_VERSION)
  1705. return;
  1706. ASSERT_GE(pipe(p), 0);
  1707. send_len = strlen(test_str_1) + 1;
  1708. EXPECT_EQ(send(self->fd, test_str_1, send_len, 0), send_len);
  1709. /* update TX key */
  1710. tls_send_keyupdate(_metadata, self->fd);
  1711. tls_crypto_info_init(variant->tls_version, variant->cipher_type, &tls12, 1);
  1712. EXPECT_EQ(setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, tls12.len), 0);
  1713. EXPECT_EQ(recv(self->cfd, buf, sizeof(buf), MSG_PEEK), send_len);
  1714. EXPECT_EQ(memcmp(buf, test_str_1, send_len), 0);
  1715. EXPECT_EQ(splice(self->cfd, NULL, p[1], NULL, TLS_PAYLOAD_MAX_LEN, 0), send_len);
  1716. EXPECT_EQ(read(p[0], mem_recv, send_len), send_len);
  1717. EXPECT_EQ(memcmp(mem_recv, test_str_1, send_len), 0);
  1718. }
  1719. TEST_F(tls, rekey_getsockopt)
  1720. {
  1721. struct tls_crypto_info_keys tls12;
  1722. struct tls_crypto_info_keys tls12_get;
  1723. socklen_t len;
  1724. tls_crypto_info_init(variant->tls_version, variant->cipher_type, &tls12, 0);
  1725. len = tls12.len;
  1726. EXPECT_EQ(getsockopt(self->fd, SOL_TLS, TLS_TX, &tls12_get, &len), 0);
  1727. EXPECT_EQ(len, tls12.len);
  1728. EXPECT_EQ(memcmp(&tls12_get, &tls12, tls12.len), 0);
  1729. len = tls12.len;
  1730. EXPECT_EQ(getsockopt(self->cfd, SOL_TLS, TLS_RX, &tls12_get, &len), 0);
  1731. EXPECT_EQ(len, tls12.len);
  1732. EXPECT_EQ(memcmp(&tls12_get, &tls12, tls12.len), 0);
  1733. if (variant->tls_version != TLS_1_3_VERSION)
  1734. return;
  1735. tls_send_keyupdate(_metadata, self->fd);
  1736. tls_crypto_info_init(variant->tls_version, variant->cipher_type, &tls12, 1);
  1737. EXPECT_EQ(setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, tls12.len), 0);
  1738. tls_recv_keyupdate(_metadata, self->cfd, 0);
  1739. EXPECT_EQ(setsockopt(self->cfd, SOL_TLS, TLS_RX, &tls12, tls12.len), 0);
  1740. len = tls12.len;
  1741. EXPECT_EQ(getsockopt(self->fd, SOL_TLS, TLS_TX, &tls12_get, &len), 0);
  1742. EXPECT_EQ(len, tls12.len);
  1743. EXPECT_EQ(memcmp(&tls12_get, &tls12, tls12.len), 0);
  1744. len = tls12.len;
  1745. EXPECT_EQ(getsockopt(self->cfd, SOL_TLS, TLS_RX, &tls12_get, &len), 0);
  1746. EXPECT_EQ(len, tls12.len);
  1747. EXPECT_EQ(memcmp(&tls12_get, &tls12, tls12.len), 0);
  1748. }
  1749. TEST_F(tls, rekey_poll_pending)
  1750. {
  1751. char const *test_str = "test_message_after_rekey";
  1752. struct tls_crypto_info_keys tls12;
  1753. struct pollfd pfd = { };
  1754. int send_len;
  1755. int ret;
  1756. if (variant->tls_version != TLS_1_3_VERSION)
  1757. return;
  1758. /* update TX key */
  1759. tls_send_keyupdate(_metadata, self->fd);
  1760. tls_crypto_info_init(variant->tls_version, variant->cipher_type, &tls12, 1);
  1761. EXPECT_EQ(setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, tls12.len), 0);
  1762. /* get KeyUpdate */
  1763. tls_recv_keyupdate(_metadata, self->cfd, 0);
  1764. /* send immediately after rekey */
  1765. send_len = strlen(test_str) + 1;
  1766. EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
  1767. /* key hasn't been updated, expect cfd to be non-readable */
  1768. pfd.fd = self->cfd;
  1769. pfd.events = POLLIN;
  1770. EXPECT_EQ(poll(&pfd, 1, 0), 0);
  1771. ret = fork();
  1772. ASSERT_GE(ret, 0);
  1773. if (ret) {
  1774. int pid2, status;
  1775. /* wait before installing the new key */
  1776. sleep(1);
  1777. /* update RX key while poll() is sleeping */
  1778. EXPECT_EQ(setsockopt(self->cfd, SOL_TLS, TLS_RX, &tls12, tls12.len), 0);
  1779. pid2 = wait(&status);
  1780. EXPECT_EQ(pid2, ret);
  1781. EXPECT_EQ(status, 0);
  1782. } else {
  1783. pfd.fd = self->cfd;
  1784. pfd.events = POLLIN;
  1785. EXPECT_EQ(poll(&pfd, 1, 5000), 1);
  1786. exit(!__test_passed(_metadata));
  1787. }
  1788. }
  1789. TEST_F(tls, rekey_poll_delay)
  1790. {
  1791. char const *test_str = "test_message_after_rekey";
  1792. struct tls_crypto_info_keys tls12;
  1793. struct pollfd pfd = { };
  1794. int send_len;
  1795. int ret;
  1796. if (variant->tls_version != TLS_1_3_VERSION)
  1797. return;
  1798. /* update TX key */
  1799. tls_send_keyupdate(_metadata, self->fd);
  1800. tls_crypto_info_init(variant->tls_version, variant->cipher_type, &tls12, 1);
  1801. EXPECT_EQ(setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, tls12.len), 0);
  1802. /* get KeyUpdate */
  1803. tls_recv_keyupdate(_metadata, self->cfd, 0);
  1804. ret = fork();
  1805. ASSERT_GE(ret, 0);
  1806. if (ret) {
  1807. int pid2, status;
  1808. /* wait before installing the new key */
  1809. sleep(1);
  1810. /* update RX key while poll() is sleeping */
  1811. EXPECT_EQ(setsockopt(self->cfd, SOL_TLS, TLS_RX, &tls12, tls12.len), 0);
  1812. sleep(1);
  1813. send_len = strlen(test_str) + 1;
  1814. EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
  1815. pid2 = wait(&status);
  1816. EXPECT_EQ(pid2, ret);
  1817. EXPECT_EQ(status, 0);
  1818. } else {
  1819. pfd.fd = self->cfd;
  1820. pfd.events = POLLIN;
  1821. EXPECT_EQ(poll(&pfd, 1, 5000), 1);
  1822. exit(!__test_passed(_metadata));
  1823. }
  1824. }
  1825. struct raw_rec {
  1826. unsigned int plain_len;
  1827. unsigned char plain_data[100];
  1828. unsigned int cipher_len;
  1829. unsigned char cipher_data[128];
  1830. };
  1831. /* TLS 1.2, AES_CCM, data, seqno:0, plaintext: 'Hello world' */
  1832. static const struct raw_rec id0_data_l11 = {
  1833. .plain_len = 11,
  1834. .plain_data = {
  1835. 0x48, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x77, 0x6f,
  1836. 0x72, 0x6c, 0x64,
  1837. },
  1838. .cipher_len = 40,
  1839. .cipher_data = {
  1840. 0x17, 0x03, 0x03, 0x00, 0x23, 0x00, 0x00, 0x00,
  1841. 0x00, 0x00, 0x00, 0x00, 0x00, 0x26, 0xa2, 0x33,
  1842. 0xde, 0x8d, 0x94, 0xf0, 0x29, 0x6c, 0xb1, 0xaf,
  1843. 0x6a, 0x75, 0xb2, 0x93, 0xad, 0x45, 0xd5, 0xfd,
  1844. 0x03, 0x51, 0x57, 0x8f, 0xf9, 0xcc, 0x3b, 0x42,
  1845. },
  1846. };
  1847. /* TLS 1.2, AES_CCM, ctrl, seqno:0, plaintext: '' */
  1848. static const struct raw_rec id0_ctrl_l0 = {
  1849. .plain_len = 0,
  1850. .plain_data = {
  1851. },
  1852. .cipher_len = 29,
  1853. .cipher_data = {
  1854. 0x16, 0x03, 0x03, 0x00, 0x18, 0x00, 0x00, 0x00,
  1855. 0x00, 0x00, 0x00, 0x00, 0x00, 0x13, 0x38, 0x7b,
  1856. 0xa6, 0x1c, 0xdd, 0xa7, 0x19, 0x33, 0xab, 0xae,
  1857. 0x88, 0xe1, 0xd2, 0x08, 0x4f,
  1858. },
  1859. };
  1860. /* TLS 1.2, AES_CCM, data, seqno:0, plaintext: '' */
  1861. static const struct raw_rec id0_data_l0 = {
  1862. .plain_len = 0,
  1863. .plain_data = {
  1864. },
  1865. .cipher_len = 29,
  1866. .cipher_data = {
  1867. 0x17, 0x03, 0x03, 0x00, 0x18, 0x00, 0x00, 0x00,
  1868. 0x00, 0x00, 0x00, 0x00, 0x00, 0xc5, 0x37, 0x90,
  1869. 0x70, 0x45, 0x89, 0xfb, 0x5c, 0xc7, 0x89, 0x03,
  1870. 0x68, 0x80, 0xd3, 0xd8, 0xcc,
  1871. },
  1872. };
  1873. /* TLS 1.2, AES_CCM, data, seqno:1, plaintext: 'Hello world' */
  1874. static const struct raw_rec id1_data_l11 = {
  1875. .plain_len = 11,
  1876. .plain_data = {
  1877. 0x48, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x77, 0x6f,
  1878. 0x72, 0x6c, 0x64,
  1879. },
  1880. .cipher_len = 40,
  1881. .cipher_data = {
  1882. 0x17, 0x03, 0x03, 0x00, 0x23, 0x00, 0x00, 0x00,
  1883. 0x00, 0x00, 0x00, 0x00, 0x01, 0x3a, 0x1a, 0x9c,
  1884. 0xd0, 0xa8, 0x9a, 0xd6, 0x69, 0xd6, 0x1a, 0xe3,
  1885. 0xb5, 0x1f, 0x0d, 0x2c, 0xe2, 0x97, 0x46, 0xff,
  1886. 0x2b, 0xcc, 0x5a, 0xc4, 0xa3, 0xb9, 0xef, 0xba,
  1887. },
  1888. };
  1889. /* TLS 1.2, AES_CCM, ctrl, seqno:1, plaintext: '' */
  1890. static const struct raw_rec id1_ctrl_l0 = {
  1891. .plain_len = 0,
  1892. .plain_data = {
  1893. },
  1894. .cipher_len = 29,
  1895. .cipher_data = {
  1896. 0x16, 0x03, 0x03, 0x00, 0x18, 0x00, 0x00, 0x00,
  1897. 0x00, 0x00, 0x00, 0x00, 0x01, 0x3e, 0xf0, 0xfe,
  1898. 0xee, 0xd9, 0xe2, 0x5d, 0xc7, 0x11, 0x4c, 0xe6,
  1899. 0xb4, 0x7e, 0xef, 0x40, 0x2b,
  1900. },
  1901. };
  1902. /* TLS 1.2, AES_CCM, data, seqno:1, plaintext: '' */
  1903. static const struct raw_rec id1_data_l0 = {
  1904. .plain_len = 0,
  1905. .plain_data = {
  1906. },
  1907. .cipher_len = 29,
  1908. .cipher_data = {
  1909. 0x17, 0x03, 0x03, 0x00, 0x18, 0x00, 0x00, 0x00,
  1910. 0x00, 0x00, 0x00, 0x00, 0x01, 0xce, 0xfc, 0x86,
  1911. 0xc8, 0xf0, 0x55, 0xf9, 0x47, 0x3f, 0x74, 0xdc,
  1912. 0xc9, 0xbf, 0xfe, 0x5b, 0xb1,
  1913. },
  1914. };
  1915. /* TLS 1.2, AES_CCM, ctrl, seqno:2, plaintext: 'Hello world' */
  1916. static const struct raw_rec id2_ctrl_l11 = {
  1917. .plain_len = 11,
  1918. .plain_data = {
  1919. 0x48, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x77, 0x6f,
  1920. 0x72, 0x6c, 0x64,
  1921. },
  1922. .cipher_len = 40,
  1923. .cipher_data = {
  1924. 0x16, 0x03, 0x03, 0x00, 0x23, 0x00, 0x00, 0x00,
  1925. 0x00, 0x00, 0x00, 0x00, 0x02, 0xe5, 0x3d, 0x19,
  1926. 0x3d, 0xca, 0xb8, 0x16, 0xb6, 0xff, 0x79, 0x87,
  1927. 0x2a, 0x04, 0x11, 0x3d, 0xf8, 0x64, 0x5f, 0x36,
  1928. 0x8b, 0xa8, 0xee, 0x4c, 0x6d, 0x62, 0xa5, 0x00,
  1929. },
  1930. };
  1931. /* TLS 1.2, AES_CCM, data, seqno:2, plaintext: 'Hello world' */
  1932. static const struct raw_rec id2_data_l11 = {
  1933. .plain_len = 11,
  1934. .plain_data = {
  1935. 0x48, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x77, 0x6f,
  1936. 0x72, 0x6c, 0x64,
  1937. },
  1938. .cipher_len = 40,
  1939. .cipher_data = {
  1940. 0x17, 0x03, 0x03, 0x00, 0x23, 0x00, 0x00, 0x00,
  1941. 0x00, 0x00, 0x00, 0x00, 0x02, 0xe5, 0x3d, 0x19,
  1942. 0x3d, 0xca, 0xb8, 0x16, 0xb6, 0xff, 0x79, 0x87,
  1943. 0x8e, 0xa1, 0xd0, 0xcd, 0x33, 0xb5, 0x86, 0x2b,
  1944. 0x17, 0xf1, 0x52, 0x2a, 0x55, 0x62, 0x65, 0x11,
  1945. },
  1946. };
  1947. /* TLS 1.2, AES_CCM, ctrl, seqno:2, plaintext: '' */
  1948. static const struct raw_rec id2_ctrl_l0 = {
  1949. .plain_len = 0,
  1950. .plain_data = {
  1951. },
  1952. .cipher_len = 29,
  1953. .cipher_data = {
  1954. 0x16, 0x03, 0x03, 0x00, 0x18, 0x00, 0x00, 0x00,
  1955. 0x00, 0x00, 0x00, 0x00, 0x02, 0xdc, 0x5c, 0x0e,
  1956. 0x41, 0xdd, 0xba, 0xd3, 0xcc, 0xcf, 0x6d, 0xd9,
  1957. 0x06, 0xdb, 0x79, 0xe5, 0x5d,
  1958. },
  1959. };
  1960. /* TLS 1.2, AES_CCM, data, seqno:2, plaintext: '' */
  1961. static const struct raw_rec id2_data_l0 = {
  1962. .plain_len = 0,
  1963. .plain_data = {
  1964. },
  1965. .cipher_len = 29,
  1966. .cipher_data = {
  1967. 0x17, 0x03, 0x03, 0x00, 0x18, 0x00, 0x00, 0x00,
  1968. 0x00, 0x00, 0x00, 0x00, 0x02, 0xc3, 0xca, 0x26,
  1969. 0x22, 0xe4, 0x25, 0xfb, 0x5f, 0x6d, 0xbf, 0x83,
  1970. 0x30, 0x48, 0x69, 0x1a, 0x47,
  1971. },
  1972. };
  1973. FIXTURE(zero_len)
  1974. {
  1975. int fd, cfd;
  1976. bool notls;
  1977. };
  1978. FIXTURE_VARIANT(zero_len)
  1979. {
  1980. const struct raw_rec *recs[4];
  1981. ssize_t recv_ret[4];
  1982. };
  1983. FIXTURE_VARIANT_ADD(zero_len, data_data_data)
  1984. {
  1985. .recs = { &id0_data_l11, &id1_data_l11, &id2_data_l11, },
  1986. .recv_ret = { 33, -EAGAIN, },
  1987. };
  1988. FIXTURE_VARIANT_ADD(zero_len, data_0ctrl_data)
  1989. {
  1990. .recs = { &id0_data_l11, &id1_ctrl_l0, &id2_data_l11, },
  1991. .recv_ret = { 11, 0, 11, -EAGAIN, },
  1992. };
  1993. FIXTURE_VARIANT_ADD(zero_len, 0data_0data_0data)
  1994. {
  1995. .recs = { &id0_data_l0, &id1_data_l0, &id2_data_l0, },
  1996. .recv_ret = { -EAGAIN, },
  1997. };
  1998. FIXTURE_VARIANT_ADD(zero_len, 0data_0data_ctrl)
  1999. {
  2000. .recs = { &id0_data_l0, &id1_data_l0, &id2_ctrl_l11, },
  2001. .recv_ret = { 0, 11, -EAGAIN, },
  2002. };
  2003. FIXTURE_VARIANT_ADD(zero_len, 0data_0data_0ctrl)
  2004. {
  2005. .recs = { &id0_data_l0, &id1_data_l0, &id2_ctrl_l0, },
  2006. .recv_ret = { 0, 0, -EAGAIN, },
  2007. };
  2008. FIXTURE_VARIANT_ADD(zero_len, 0ctrl_0ctrl_0ctrl)
  2009. {
  2010. .recs = { &id0_ctrl_l0, &id1_ctrl_l0, &id2_ctrl_l0, },
  2011. .recv_ret = { 0, 0, 0, -EAGAIN, },
  2012. };
  2013. FIXTURE_VARIANT_ADD(zero_len, 0data_0data_data)
  2014. {
  2015. .recs = { &id0_data_l0, &id1_data_l0, &id2_data_l11, },
  2016. .recv_ret = { 11, -EAGAIN, },
  2017. };
  2018. FIXTURE_VARIANT_ADD(zero_len, data_0data_0data)
  2019. {
  2020. .recs = { &id0_data_l11, &id1_data_l0, &id2_data_l0, },
  2021. .recv_ret = { 11, -EAGAIN, },
  2022. };
  2023. FIXTURE_SETUP(zero_len)
  2024. {
  2025. struct tls_crypto_info_keys tls12;
  2026. int ret;
  2027. tls_crypto_info_init(TLS_1_2_VERSION, TLS_CIPHER_AES_CCM_128,
  2028. &tls12, 0);
  2029. ulp_sock_pair(_metadata, &self->fd, &self->cfd, &self->notls);
  2030. if (self->notls)
  2031. return;
  2032. /* Don't install keys on fd, we'll send raw records */
  2033. ret = setsockopt(self->cfd, SOL_TLS, TLS_RX, &tls12, tls12.len);
  2034. ASSERT_EQ(ret, 0);
  2035. }
  2036. FIXTURE_TEARDOWN(zero_len)
  2037. {
  2038. close(self->fd);
  2039. close(self->cfd);
  2040. }
  2041. TEST_F(zero_len, test)
  2042. {
  2043. const struct raw_rec *const *rec;
  2044. unsigned char buf[128];
  2045. int rec_off;
  2046. int i;
  2047. for (i = 0; i < 4 && variant->recs[i]; i++)
  2048. EXPECT_EQ(send(self->fd, variant->recs[i]->cipher_data,
  2049. variant->recs[i]->cipher_len, 0),
  2050. variant->recs[i]->cipher_len);
  2051. rec = &variant->recs[0];
  2052. rec_off = 0;
  2053. for (i = 0; i < 4; i++) {
  2054. int j, ret;
  2055. ret = variant->recv_ret[i] >= 0 ? variant->recv_ret[i] : -1;
  2056. EXPECT_EQ(__tls_recv_cmsg(_metadata, self->cfd, NULL,
  2057. buf, sizeof(buf), MSG_DONTWAIT), ret);
  2058. if (ret == -1)
  2059. EXPECT_EQ(errno, -variant->recv_ret[i]);
  2060. if (variant->recv_ret[i] == -EAGAIN)
  2061. break;
  2062. for (j = 0; j < ret; j++) {
  2063. while (rec_off == (*rec)->plain_len) {
  2064. rec++;
  2065. rec_off = 0;
  2066. }
  2067. EXPECT_EQ(buf[j], (*rec)->plain_data[rec_off]);
  2068. rec_off++;
  2069. }
  2070. }
  2071. };
  2072. FIXTURE(tls_err)
  2073. {
  2074. int fd, cfd;
  2075. int fd2, cfd2;
  2076. bool notls;
  2077. };
  2078. FIXTURE_VARIANT(tls_err)
  2079. {
  2080. uint16_t tls_version;
  2081. };
  2082. FIXTURE_VARIANT_ADD(tls_err, 12_aes_gcm)
  2083. {
  2084. .tls_version = TLS_1_2_VERSION,
  2085. };
  2086. FIXTURE_VARIANT_ADD(tls_err, 13_aes_gcm)
  2087. {
  2088. .tls_version = TLS_1_3_VERSION,
  2089. };
  2090. FIXTURE_SETUP(tls_err)
  2091. {
  2092. struct tls_crypto_info_keys tls12;
  2093. int ret;
  2094. tls_crypto_info_init(variant->tls_version, TLS_CIPHER_AES_GCM_128,
  2095. &tls12, 0);
  2096. ulp_sock_pair(_metadata, &self->fd, &self->cfd, &self->notls);
  2097. ulp_sock_pair(_metadata, &self->fd2, &self->cfd2, &self->notls);
  2098. if (self->notls)
  2099. return;
  2100. ret = setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, tls12.len);
  2101. ASSERT_EQ(ret, 0);
  2102. ret = setsockopt(self->cfd2, SOL_TLS, TLS_RX, &tls12, tls12.len);
  2103. ASSERT_EQ(ret, 0);
  2104. }
  2105. FIXTURE_TEARDOWN(tls_err)
  2106. {
  2107. close(self->fd);
  2108. close(self->cfd);
  2109. close(self->fd2);
  2110. close(self->cfd2);
  2111. }
  2112. TEST_F(tls_err, bad_rec)
  2113. {
  2114. char buf[64];
  2115. if (self->notls)
  2116. SKIP(return, "no TLS support");
  2117. memset(buf, 0x55, sizeof(buf));
  2118. EXPECT_EQ(send(self->fd2, buf, sizeof(buf), 0), sizeof(buf));
  2119. EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1);
  2120. EXPECT_EQ(errno, EMSGSIZE);
  2121. EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), MSG_DONTWAIT), -1);
  2122. EXPECT_EQ(errno, EAGAIN);
  2123. }
  2124. TEST_F(tls_err, bad_auth)
  2125. {
  2126. char buf[128];
  2127. int n;
  2128. if (self->notls)
  2129. SKIP(return, "no TLS support");
  2130. memrnd(buf, sizeof(buf) / 2);
  2131. EXPECT_EQ(send(self->fd, buf, sizeof(buf) / 2, 0), sizeof(buf) / 2);
  2132. n = recv(self->cfd, buf, sizeof(buf), 0);
  2133. EXPECT_GT(n, sizeof(buf) / 2);
  2134. buf[n - 1]++;
  2135. EXPECT_EQ(send(self->fd2, buf, n, 0), n);
  2136. EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1);
  2137. EXPECT_EQ(errno, EBADMSG);
  2138. EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1);
  2139. EXPECT_EQ(errno, EBADMSG);
  2140. }
  2141. TEST_F(tls_err, bad_in_large_read)
  2142. {
  2143. char txt[3][64];
  2144. char cip[3][128];
  2145. char buf[3 * 128];
  2146. int i, n;
  2147. if (self->notls)
  2148. SKIP(return, "no TLS support");
  2149. /* Put 3 records in the sockets */
  2150. for (i = 0; i < 3; i++) {
  2151. memrnd(txt[i], sizeof(txt[i]));
  2152. EXPECT_EQ(send(self->fd, txt[i], sizeof(txt[i]), 0),
  2153. sizeof(txt[i]));
  2154. n = recv(self->cfd, cip[i], sizeof(cip[i]), 0);
  2155. EXPECT_GT(n, sizeof(txt[i]));
  2156. /* Break the third message */
  2157. if (i == 2)
  2158. cip[2][n - 1]++;
  2159. EXPECT_EQ(send(self->fd2, cip[i], n, 0), n);
  2160. }
  2161. /* We should be able to receive the first two messages */
  2162. EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), sizeof(txt[0]) * 2);
  2163. EXPECT_EQ(memcmp(buf, txt[0], sizeof(txt[0])), 0);
  2164. EXPECT_EQ(memcmp(buf + sizeof(txt[0]), txt[1], sizeof(txt[1])), 0);
  2165. /* Third mesasge is bad */
  2166. EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1);
  2167. EXPECT_EQ(errno, EBADMSG);
  2168. EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1);
  2169. EXPECT_EQ(errno, EBADMSG);
  2170. }
  2171. TEST_F(tls_err, bad_cmsg)
  2172. {
  2173. char *test_str = "test_read";
  2174. int send_len = 10;
  2175. char cip[128];
  2176. char buf[128];
  2177. char txt[64];
  2178. int n;
  2179. if (self->notls)
  2180. SKIP(return, "no TLS support");
  2181. /* Queue up one data record */
  2182. memrnd(txt, sizeof(txt));
  2183. EXPECT_EQ(send(self->fd, txt, sizeof(txt), 0), sizeof(txt));
  2184. n = recv(self->cfd, cip, sizeof(cip), 0);
  2185. EXPECT_GT(n, sizeof(txt));
  2186. EXPECT_EQ(send(self->fd2, cip, n, 0), n);
  2187. EXPECT_EQ(tls_send_cmsg(self->fd, 100, test_str, send_len, 0), 10);
  2188. n = recv(self->cfd, cip, sizeof(cip), 0);
  2189. cip[n - 1]++; /* Break it */
  2190. EXPECT_GT(n, send_len);
  2191. EXPECT_EQ(send(self->fd2, cip, n, 0), n);
  2192. EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), sizeof(txt));
  2193. EXPECT_EQ(memcmp(buf, txt, sizeof(txt)), 0);
  2194. EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1);
  2195. EXPECT_EQ(errno, EBADMSG);
  2196. EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1);
  2197. EXPECT_EQ(errno, EBADMSG);
  2198. }
  2199. TEST_F(tls_err, timeo)
  2200. {
  2201. struct timeval tv = { .tv_usec = 10000, };
  2202. char buf[128];
  2203. int ret;
  2204. if (self->notls)
  2205. SKIP(return, "no TLS support");
  2206. ret = setsockopt(self->cfd2, SOL_SOCKET, SO_RCVTIMEO, &tv, sizeof(tv));
  2207. ASSERT_EQ(ret, 0);
  2208. ret = fork();
  2209. ASSERT_GE(ret, 0);
  2210. if (ret) {
  2211. usleep(1000); /* Give child a head start */
  2212. EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1);
  2213. EXPECT_EQ(errno, EAGAIN);
  2214. EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1);
  2215. EXPECT_EQ(errno, EAGAIN);
  2216. wait(&ret);
  2217. } else {
  2218. EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1);
  2219. EXPECT_EQ(errno, EAGAIN);
  2220. exit(0);
  2221. }
  2222. }
  2223. TEST_F(tls_err, poll_partial_rec)
  2224. {
  2225. struct pollfd pfd = { };
  2226. ssize_t rec_len;
  2227. char rec[256];
  2228. char buf[128];
  2229. if (self->notls)
  2230. SKIP(return, "no TLS support");
  2231. pfd.fd = self->cfd2;
  2232. pfd.events = POLLIN;
  2233. EXPECT_EQ(poll(&pfd, 1, 1), 0);
  2234. memrnd(buf, sizeof(buf));
  2235. EXPECT_EQ(send(self->fd, buf, sizeof(buf), 0), sizeof(buf));
  2236. rec_len = recv(self->cfd, rec, sizeof(rec), 0);
  2237. EXPECT_GT(rec_len, sizeof(buf));
  2238. /* Write 100B, not the full record ... */
  2239. EXPECT_EQ(send(self->fd2, rec, 100, 0), 100);
  2240. /* ... no full record should mean no POLLIN */
  2241. pfd.fd = self->cfd2;
  2242. pfd.events = POLLIN;
  2243. EXPECT_EQ(poll(&pfd, 1, 1), 0);
  2244. /* Now write the rest, and it should all pop out of the other end. */
  2245. EXPECT_EQ(send(self->fd2, rec + 100, rec_len - 100, 0), rec_len - 100);
  2246. pfd.fd = self->cfd2;
  2247. pfd.events = POLLIN;
  2248. EXPECT_EQ(poll(&pfd, 1, 1), 1);
  2249. EXPECT_EQ(recv(self->cfd2, rec, sizeof(rec), 0), sizeof(buf));
  2250. EXPECT_EQ(memcmp(buf, rec, sizeof(buf)), 0);
  2251. }
  2252. TEST_F(tls_err, epoll_partial_rec)
  2253. {
  2254. struct epoll_event ev, events[10];
  2255. ssize_t rec_len;
  2256. char rec[256];
  2257. char buf[128];
  2258. int epollfd;
  2259. if (self->notls)
  2260. SKIP(return, "no TLS support");
  2261. epollfd = epoll_create1(0);
  2262. ASSERT_GE(epollfd, 0);
  2263. memset(&ev, 0, sizeof(ev));
  2264. ev.events = EPOLLIN;
  2265. ev.data.fd = self->cfd2;
  2266. ASSERT_GE(epoll_ctl(epollfd, EPOLL_CTL_ADD, self->cfd2, &ev), 0);
  2267. EXPECT_EQ(epoll_wait(epollfd, events, 10, 0), 0);
  2268. memrnd(buf, sizeof(buf));
  2269. EXPECT_EQ(send(self->fd, buf, sizeof(buf), 0), sizeof(buf));
  2270. rec_len = recv(self->cfd, rec, sizeof(rec), 0);
  2271. EXPECT_GT(rec_len, sizeof(buf));
  2272. /* Write 100B, not the full record ... */
  2273. EXPECT_EQ(send(self->fd2, rec, 100, 0), 100);
  2274. /* ... no full record should mean no POLLIN */
  2275. EXPECT_EQ(epoll_wait(epollfd, events, 10, 0), 0);
  2276. /* Now write the rest, and it should all pop out of the other end. */
  2277. EXPECT_EQ(send(self->fd2, rec + 100, rec_len - 100, 0), rec_len - 100);
  2278. EXPECT_EQ(epoll_wait(epollfd, events, 10, 0), 1);
  2279. EXPECT_EQ(recv(self->cfd2, rec, sizeof(rec), 0), sizeof(buf));
  2280. EXPECT_EQ(memcmp(buf, rec, sizeof(buf)), 0);
  2281. close(epollfd);
  2282. }
  2283. TEST_F(tls_err, poll_partial_rec_async)
  2284. {
  2285. struct pollfd pfd = { };
  2286. char token = '\0';
  2287. ssize_t rec_len;
  2288. char rec[256];
  2289. char buf[128];
  2290. int p[2];
  2291. int ret;
  2292. if (self->notls)
  2293. SKIP(return, "no TLS support");
  2294. ASSERT_GE(pipe(p), 0);
  2295. memrnd(buf, sizeof(buf));
  2296. EXPECT_EQ(send(self->fd, buf, sizeof(buf), 0), sizeof(buf));
  2297. rec_len = recv(self->cfd, rec, sizeof(rec), 0);
  2298. EXPECT_GT(rec_len, sizeof(buf));
  2299. ret = fork();
  2300. ASSERT_GE(ret, 0);
  2301. if (ret) {
  2302. int status, pid2;
  2303. close(p[1]);
  2304. usleep(1000); /* Give child a head start */
  2305. EXPECT_EQ(send(self->fd2, rec, 100, 0), 100);
  2306. EXPECT_EQ(read(p[0], &token, 1), 1); /* Barrier #1 */
  2307. EXPECT_EQ(send(self->fd2, rec + 100, rec_len - 100, 0),
  2308. rec_len - 100);
  2309. pid2 = wait(&status);
  2310. EXPECT_EQ(pid2, ret);
  2311. EXPECT_EQ(status, 0);
  2312. } else {
  2313. close(p[0]);
  2314. /* Child should sleep in poll(), never get a wake */
  2315. pfd.fd = self->cfd2;
  2316. pfd.events = POLLIN;
  2317. EXPECT_EQ(poll(&pfd, 1, 20), 0);
  2318. EXPECT_EQ(write(p[1], &token, 1), 1); /* Barrier #1 */
  2319. pfd.fd = self->cfd2;
  2320. pfd.events = POLLIN;
  2321. EXPECT_EQ(poll(&pfd, 1, 20), 1);
  2322. exit(!__test_passed(_metadata));
  2323. }
  2324. }
  2325. /* Use OOB+large send to trigger copy mode due to memory pressure.
  2326. * OOB causes a short read.
  2327. */
  2328. TEST_F(tls_err, oob_pressure)
  2329. {
  2330. char buf[1<<16];
  2331. int i;
  2332. memrnd(buf, sizeof(buf));
  2333. EXPECT_EQ(send(self->fd2, buf, 5, MSG_OOB), 5);
  2334. EXPECT_EQ(send(self->fd2, buf, sizeof(buf), 0), sizeof(buf));
  2335. for (i = 0; i < 64; i++)
  2336. EXPECT_EQ(send(self->fd2, buf, 5, MSG_OOB), 5);
  2337. }
  2338. /*
  2339. * Parse a stream of TLS records and ensure that each record respects
  2340. * the specified @max_payload_len.
  2341. */
  2342. static size_t parse_tls_records(struct __test_metadata *_metadata,
  2343. const __u8 *rx_buf, int rx_len, int overhead,
  2344. __u16 max_payload_len)
  2345. {
  2346. const __u8 *rec = rx_buf;
  2347. size_t total_plaintext_rx = 0;
  2348. const __u8 rec_header_len = 5;
  2349. while (rec < rx_buf + rx_len) {
  2350. __u16 record_payload_len;
  2351. __u16 plaintext_len;
  2352. /* Sanity check that it's a TLS header for application data */
  2353. ASSERT_EQ(rec[0], 23);
  2354. ASSERT_EQ(rec[1], 0x3);
  2355. ASSERT_EQ(rec[2], 0x3);
  2356. memcpy(&record_payload_len, rec + 3, 2);
  2357. record_payload_len = ntohs(record_payload_len);
  2358. ASSERT_GE(record_payload_len, overhead);
  2359. plaintext_len = record_payload_len - overhead;
  2360. total_plaintext_rx += plaintext_len;
  2361. /* Plaintext must not exceed the specified limit */
  2362. ASSERT_LE(plaintext_len, max_payload_len);
  2363. rec += rec_header_len + record_payload_len;
  2364. }
  2365. return total_plaintext_rx;
  2366. }
  2367. TEST(tls_12_tx_max_payload_len)
  2368. {
  2369. struct tls_crypto_info_keys tls12;
  2370. int cfd, ret, fd, overhead;
  2371. size_t total_plaintext_rx = 0;
  2372. __u8 tx[1024], rx[2000];
  2373. __u16 limit = 128;
  2374. __u16 opt = 0;
  2375. unsigned int optlen = sizeof(opt);
  2376. bool notls;
  2377. tls_crypto_info_init(TLS_1_2_VERSION, TLS_CIPHER_AES_CCM_128,
  2378. &tls12, 0);
  2379. ulp_sock_pair(_metadata, &fd, &cfd, &notls);
  2380. if (notls)
  2381. exit(KSFT_SKIP);
  2382. /* Don't install keys on fd, we'll parse raw records */
  2383. ret = setsockopt(cfd, SOL_TLS, TLS_TX, &tls12, tls12.len);
  2384. ASSERT_EQ(ret, 0);
  2385. ret = setsockopt(cfd, SOL_TLS, TLS_TX_MAX_PAYLOAD_LEN, &limit,
  2386. sizeof(limit));
  2387. ASSERT_EQ(ret, 0);
  2388. ret = getsockopt(cfd, SOL_TLS, TLS_TX_MAX_PAYLOAD_LEN, &opt, &optlen);
  2389. EXPECT_EQ(ret, 0);
  2390. EXPECT_EQ(limit, opt);
  2391. EXPECT_EQ(optlen, sizeof(limit));
  2392. memset(tx, 0, sizeof(tx));
  2393. ASSERT_EQ(send(cfd, tx, sizeof(tx), 0), sizeof(tx));
  2394. close(cfd);
  2395. ret = recv(fd, rx, sizeof(rx), 0);
  2396. /*
  2397. * 16B tag + 8B IV -- record header (5B) is not counted but we'll
  2398. * need it to walk the record stream
  2399. */
  2400. overhead = 16 + 8;
  2401. total_plaintext_rx = parse_tls_records(_metadata, rx, ret, overhead,
  2402. limit);
  2403. ASSERT_EQ(total_plaintext_rx, sizeof(tx));
  2404. close(fd);
  2405. }
  2406. TEST(tls_12_tx_max_payload_len_open_rec)
  2407. {
  2408. struct tls_crypto_info_keys tls12;
  2409. int cfd, ret, fd, overhead;
  2410. size_t total_plaintext_rx = 0;
  2411. __u8 tx[1024], rx[2000];
  2412. __u16 tx_partial = 256;
  2413. __u16 og_limit = 512, limit = 128;
  2414. bool notls;
  2415. tls_crypto_info_init(TLS_1_2_VERSION, TLS_CIPHER_AES_CCM_128,
  2416. &tls12, 0);
  2417. ulp_sock_pair(_metadata, &fd, &cfd, &notls);
  2418. if (notls)
  2419. exit(KSFT_SKIP);
  2420. /* Don't install keys on fd, we'll parse raw records */
  2421. ret = setsockopt(cfd, SOL_TLS, TLS_TX, &tls12, tls12.len);
  2422. ASSERT_EQ(ret, 0);
  2423. ret = setsockopt(cfd, SOL_TLS, TLS_TX_MAX_PAYLOAD_LEN, &og_limit,
  2424. sizeof(og_limit));
  2425. ASSERT_EQ(ret, 0);
  2426. memset(tx, 0, sizeof(tx));
  2427. ASSERT_EQ(send(cfd, tx, tx_partial, MSG_MORE), tx_partial);
  2428. /*
  2429. * Changing the payload limit with a pending open record should
  2430. * not be allowed.
  2431. */
  2432. ret = setsockopt(cfd, SOL_TLS, TLS_TX_MAX_PAYLOAD_LEN, &limit,
  2433. sizeof(limit));
  2434. ASSERT_EQ(ret, -1);
  2435. ASSERT_EQ(errno, EBUSY);
  2436. ASSERT_EQ(send(cfd, tx + tx_partial, sizeof(tx) - tx_partial, MSG_EOR),
  2437. sizeof(tx) - tx_partial);
  2438. close(cfd);
  2439. ret = recv(fd, rx, sizeof(rx), 0);
  2440. /*
  2441. * 16B tag + 8B IV -- record header (5B) is not counted but we'll
  2442. * need it to walk the record stream
  2443. */
  2444. overhead = 16 + 8;
  2445. total_plaintext_rx = parse_tls_records(_metadata, rx, ret, overhead,
  2446. og_limit);
  2447. ASSERT_EQ(total_plaintext_rx, sizeof(tx));
  2448. close(fd);
  2449. }
  2450. TEST(non_established) {
  2451. struct tls12_crypto_info_aes_gcm_256 tls12;
  2452. struct sockaddr_in addr;
  2453. int sfd, ret, fd;
  2454. socklen_t len;
  2455. len = sizeof(addr);
  2456. memset(&tls12, 0, sizeof(tls12));
  2457. tls12.info.version = TLS_1_2_VERSION;
  2458. tls12.info.cipher_type = TLS_CIPHER_AES_GCM_256;
  2459. addr.sin_family = AF_INET;
  2460. addr.sin_addr.s_addr = htonl(INADDR_ANY);
  2461. addr.sin_port = 0;
  2462. fd = socket(AF_INET, SOCK_STREAM, 0);
  2463. sfd = socket(AF_INET, SOCK_STREAM, 0);
  2464. ret = bind(sfd, &addr, sizeof(addr));
  2465. ASSERT_EQ(ret, 0);
  2466. ret = listen(sfd, 10);
  2467. ASSERT_EQ(ret, 0);
  2468. ret = setsockopt(fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls"));
  2469. EXPECT_EQ(ret, -1);
  2470. /* TLS ULP not supported */
  2471. if (errno == ENOENT)
  2472. return;
  2473. EXPECT_EQ(errno, ENOTCONN);
  2474. ret = setsockopt(sfd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls"));
  2475. EXPECT_EQ(ret, -1);
  2476. EXPECT_EQ(errno, ENOTCONN);
  2477. ret = getsockname(sfd, &addr, &len);
  2478. ASSERT_EQ(ret, 0);
  2479. ret = connect(fd, &addr, sizeof(addr));
  2480. ASSERT_EQ(ret, 0);
  2481. ret = setsockopt(fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls"));
  2482. ASSERT_EQ(ret, 0);
  2483. ret = setsockopt(fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls"));
  2484. EXPECT_EQ(ret, -1);
  2485. EXPECT_EQ(errno, EEXIST);
  2486. close(fd);
  2487. close(sfd);
  2488. }
  2489. TEST(keysizes) {
  2490. struct tls12_crypto_info_aes_gcm_256 tls12;
  2491. int ret, fd, cfd;
  2492. bool notls;
  2493. memset(&tls12, 0, sizeof(tls12));
  2494. tls12.info.version = TLS_1_2_VERSION;
  2495. tls12.info.cipher_type = TLS_CIPHER_AES_GCM_256;
  2496. ulp_sock_pair(_metadata, &fd, &cfd, &notls);
  2497. if (!notls) {
  2498. ret = setsockopt(fd, SOL_TLS, TLS_TX, &tls12,
  2499. sizeof(tls12));
  2500. EXPECT_EQ(ret, 0);
  2501. ret = setsockopt(cfd, SOL_TLS, TLS_RX, &tls12,
  2502. sizeof(tls12));
  2503. EXPECT_EQ(ret, 0);
  2504. }
  2505. close(fd);
  2506. close(cfd);
  2507. }
  2508. TEST(no_pad) {
  2509. struct tls12_crypto_info_aes_gcm_256 tls12;
  2510. int ret, fd, cfd, val;
  2511. socklen_t len;
  2512. bool notls;
  2513. memset(&tls12, 0, sizeof(tls12));
  2514. tls12.info.version = TLS_1_3_VERSION;
  2515. tls12.info.cipher_type = TLS_CIPHER_AES_GCM_256;
  2516. ulp_sock_pair(_metadata, &fd, &cfd, &notls);
  2517. if (notls)
  2518. exit(KSFT_SKIP);
  2519. ret = setsockopt(fd, SOL_TLS, TLS_TX, &tls12, sizeof(tls12));
  2520. EXPECT_EQ(ret, 0);
  2521. ret = setsockopt(cfd, SOL_TLS, TLS_RX, &tls12, sizeof(tls12));
  2522. EXPECT_EQ(ret, 0);
  2523. val = 1;
  2524. ret = setsockopt(cfd, SOL_TLS, TLS_RX_EXPECT_NO_PAD,
  2525. (void *)&val, sizeof(val));
  2526. EXPECT_EQ(ret, 0);
  2527. len = sizeof(val);
  2528. val = 2;
  2529. ret = getsockopt(cfd, SOL_TLS, TLS_RX_EXPECT_NO_PAD,
  2530. (void *)&val, &len);
  2531. EXPECT_EQ(ret, 0);
  2532. EXPECT_EQ(val, 1);
  2533. EXPECT_EQ(len, 4);
  2534. val = 0;
  2535. ret = setsockopt(cfd, SOL_TLS, TLS_RX_EXPECT_NO_PAD,
  2536. (void *)&val, sizeof(val));
  2537. EXPECT_EQ(ret, 0);
  2538. len = sizeof(val);
  2539. val = 2;
  2540. ret = getsockopt(cfd, SOL_TLS, TLS_RX_EXPECT_NO_PAD,
  2541. (void *)&val, &len);
  2542. EXPECT_EQ(ret, 0);
  2543. EXPECT_EQ(val, 0);
  2544. EXPECT_EQ(len, 4);
  2545. close(fd);
  2546. close(cfd);
  2547. }
  2548. TEST(tls_v6ops) {
  2549. struct tls_crypto_info_keys tls12;
  2550. struct sockaddr_in6 addr, addr2;
  2551. int sfd, ret, fd;
  2552. socklen_t len, len2;
  2553. tls_crypto_info_init(TLS_1_2_VERSION, TLS_CIPHER_AES_GCM_128, &tls12, 0);
  2554. addr.sin6_family = AF_INET6;
  2555. addr.sin6_addr = in6addr_any;
  2556. addr.sin6_port = 0;
  2557. fd = socket(AF_INET6, SOCK_STREAM, 0);
  2558. sfd = socket(AF_INET6, SOCK_STREAM, 0);
  2559. ret = bind(sfd, &addr, sizeof(addr));
  2560. ASSERT_EQ(ret, 0);
  2561. ret = listen(sfd, 10);
  2562. ASSERT_EQ(ret, 0);
  2563. len = sizeof(addr);
  2564. ret = getsockname(sfd, &addr, &len);
  2565. ASSERT_EQ(ret, 0);
  2566. ret = connect(fd, &addr, sizeof(addr));
  2567. ASSERT_EQ(ret, 0);
  2568. len = sizeof(addr);
  2569. ret = getsockname(fd, &addr, &len);
  2570. ASSERT_EQ(ret, 0);
  2571. ret = setsockopt(fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls"));
  2572. if (ret) {
  2573. ASSERT_EQ(errno, ENOENT);
  2574. SKIP(return, "no TLS support");
  2575. }
  2576. ASSERT_EQ(ret, 0);
  2577. ret = setsockopt(fd, SOL_TLS, TLS_TX, &tls12, tls12.len);
  2578. ASSERT_EQ(ret, 0);
  2579. ret = setsockopt(fd, SOL_TLS, TLS_RX, &tls12, tls12.len);
  2580. ASSERT_EQ(ret, 0);
  2581. len2 = sizeof(addr2);
  2582. ret = getsockname(fd, &addr2, &len2);
  2583. ASSERT_EQ(ret, 0);
  2584. EXPECT_EQ(len2, len);
  2585. EXPECT_EQ(memcmp(&addr, &addr2, len), 0);
  2586. close(fd);
  2587. close(sfd);
  2588. }
  2589. TEST(prequeue) {
  2590. struct tls_crypto_info_keys tls12;
  2591. char buf[20000], buf2[20000];
  2592. struct sockaddr_in addr;
  2593. int sfd, cfd, ret, fd;
  2594. socklen_t len;
  2595. len = sizeof(addr);
  2596. memrnd(buf, sizeof(buf));
  2597. tls_crypto_info_init(TLS_1_2_VERSION, TLS_CIPHER_AES_GCM_256, &tls12, 0);
  2598. addr.sin_family = AF_INET;
  2599. addr.sin_addr.s_addr = htonl(INADDR_ANY);
  2600. addr.sin_port = 0;
  2601. fd = socket(AF_INET, SOCK_STREAM, 0);
  2602. sfd = socket(AF_INET, SOCK_STREAM, 0);
  2603. ASSERT_EQ(bind(sfd, &addr, sizeof(addr)), 0);
  2604. ASSERT_EQ(listen(sfd, 10), 0);
  2605. ASSERT_EQ(getsockname(sfd, &addr, &len), 0);
  2606. ASSERT_EQ(connect(fd, &addr, sizeof(addr)), 0);
  2607. ASSERT_GE(cfd = accept(sfd, &addr, &len), 0);
  2608. close(sfd);
  2609. ret = setsockopt(fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls"));
  2610. if (ret) {
  2611. ASSERT_EQ(errno, ENOENT);
  2612. SKIP(return, "no TLS support");
  2613. }
  2614. ASSERT_EQ(setsockopt(fd, SOL_TLS, TLS_TX, &tls12, tls12.len), 0);
  2615. EXPECT_EQ(send(fd, buf, sizeof(buf), MSG_DONTWAIT), sizeof(buf));
  2616. ASSERT_EQ(setsockopt(cfd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")), 0);
  2617. ASSERT_EQ(setsockopt(cfd, SOL_TLS, TLS_RX, &tls12, tls12.len), 0);
  2618. EXPECT_EQ(recv(cfd, buf2, sizeof(buf2), MSG_WAITALL), sizeof(buf2));
  2619. EXPECT_EQ(memcmp(buf, buf2, sizeof(buf)), 0);
  2620. close(fd);
  2621. close(cfd);
  2622. }
  2623. TEST(data_steal) {
  2624. struct tls_crypto_info_keys tls;
  2625. char buf[20000], buf2[20000];
  2626. struct sockaddr_in addr;
  2627. int sfd, cfd, ret, fd;
  2628. int pid, status;
  2629. socklen_t len;
  2630. len = sizeof(addr);
  2631. memrnd(buf, sizeof(buf));
  2632. tls_crypto_info_init(TLS_1_2_VERSION, TLS_CIPHER_AES_GCM_256, &tls, 0);
  2633. addr.sin_family = AF_INET;
  2634. addr.sin_addr.s_addr = htonl(INADDR_ANY);
  2635. addr.sin_port = 0;
  2636. fd = socket(AF_INET, SOCK_STREAM, 0);
  2637. sfd = socket(AF_INET, SOCK_STREAM, 0);
  2638. ASSERT_EQ(bind(sfd, &addr, sizeof(addr)), 0);
  2639. ASSERT_EQ(listen(sfd, 10), 0);
  2640. ASSERT_EQ(getsockname(sfd, &addr, &len), 0);
  2641. ASSERT_EQ(connect(fd, &addr, sizeof(addr)), 0);
  2642. ASSERT_GE(cfd = accept(sfd, &addr, &len), 0);
  2643. close(sfd);
  2644. ret = setsockopt(fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls"));
  2645. if (ret) {
  2646. ASSERT_EQ(errno, ENOENT);
  2647. SKIP(return, "no TLS support");
  2648. }
  2649. ASSERT_EQ(setsockopt(cfd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")), 0);
  2650. /* Spawn a child and get it into the read wait path of the underlying
  2651. * TCP socket (before kernel .recvmsg is replaced with the TLS one).
  2652. */
  2653. pid = fork();
  2654. ASSERT_GE(pid, 0);
  2655. if (!pid) {
  2656. EXPECT_EQ(recv(cfd, buf, sizeof(buf) / 2 + 1, MSG_WAITALL),
  2657. sizeof(buf) / 2 + 1);
  2658. exit(!__test_passed(_metadata));
  2659. }
  2660. /* Send a sync byte and poll until it's consumed to ensure
  2661. * the child is in recv() before we proceed to install TLS.
  2662. */
  2663. ASSERT_EQ(send(fd, buf, 1, 0), 1);
  2664. do {
  2665. usleep(500);
  2666. } while (recv(cfd, buf, 1, MSG_PEEK | MSG_DONTWAIT) == 1);
  2667. EXPECT_EQ(errno, EAGAIN);
  2668. ASSERT_EQ(setsockopt(fd, SOL_TLS, TLS_TX, &tls, tls.len), 0);
  2669. ASSERT_EQ(setsockopt(cfd, SOL_TLS, TLS_RX, &tls, tls.len), 0);
  2670. EXPECT_EQ(send(fd, buf, sizeof(buf), 0), sizeof(buf));
  2671. EXPECT_EQ(wait(&status), pid);
  2672. EXPECT_EQ(status, 0);
  2673. EXPECT_EQ(recv(cfd, buf2, sizeof(buf2), MSG_DONTWAIT), -1);
  2674. /* Don't check errno, the error will be different depending
  2675. * on what random bytes TLS interpreted as the record length.
  2676. */
  2677. close(fd);
  2678. close(cfd);
  2679. }
  2680. static void __attribute__((constructor)) fips_check(void) {
  2681. int res;
  2682. FILE *f;
  2683. f = fopen("/proc/sys/crypto/fips_enabled", "r");
  2684. if (f) {
  2685. res = fscanf(f, "%d", &fips_enabled);
  2686. if (res != 1)
  2687. ksft_print_msg("ERROR: Couldn't read /proc/sys/crypto/fips_enabled\n");
  2688. fclose(f);
  2689. }
  2690. }
  2691. TEST_HARNESS_MAIN