Lines Matching defs:en
546 int auth_alg, int minor, uint64_t seqno, struct tls_enable *en)
550 memset(en, 0, sizeof(*en));
586 en->cipher_key = alloc_buffer(cipher_key_len);
587 debug_hexdump(tc, en->cipher_key, cipher_key_len, "cipher key");
588 en->iv = alloc_buffer(iv_len);
590 debug_hexdump(tc, en->iv, iv_len, "iv");
591 en->auth_key = alloc_buffer(auth_key_len);
593 debug_hexdump(tc, en->auth_key, auth_key_len, "auth key");
594 en->cipher_algorithm = cipher_alg;
595 en->cipher_key_len = cipher_key_len;
596 en->iv_len = iv_len;
597 en->auth_algorithm = auth_alg;
598 en->auth_key_len = auth_key_len;
599 en->tls_vmajor = TLS_MAJOR_VER_ONE;
600 en->tls_vminor = minor;
601 be64enc(en->rec_seq, seqno);
606 free_tls_enable(struct tls_enable *en)
608 free(__DECONST(void *, en->cipher_key));
609 free(__DECONST(void *, en->iv));
610 free(__DECONST(void *, en->auth_key));
614 tls_EVP_CIPHER(const struct tls_enable *en)
616 switch (en->cipher_algorithm) {
618 switch (en->cipher_key_len) {
628 switch (en->cipher_key_len) {
645 tls_EVP_MD(const struct tls_enable *en)
647 switch (en->auth_algorithm) {
660 tls_header_len(struct tls_enable *en)
665 switch (en->cipher_algorithm) {
667 if (en->tls_vminor != TLS_MINOR_VER_ZERO)
671 if (en->tls_vminor == TLS_MINOR_VER_TWO)
682 tls_mac_len(struct tls_enable *en)
684 switch (en->cipher_algorithm) {
686 switch (en->auth_algorithm) {
707 tls_trailer_len(struct tls_enable *en)
711 len = tls_mac_len(en);
712 if (en->cipher_algorithm == CRYPTO_AES_CBC)
714 if (en->tls_vminor == TLS_MINOR_VER_THREE)
721 tls_minimum_record_payload(struct tls_enable *en)
725 len = tls_header_len(en);
726 if (en->cipher_algorithm == CRYPTO_AES_CBC)
727 len += roundup2(tls_mac_len(en) + 1, AES_BLOCK_LEN);
729 len += tls_mac_len(en);
730 if (en->tls_vminor == TLS_MINOR_VER_THREE)
737 tls_mte_aad(struct tls_enable *en, size_t len,
748 tls_12_aead_aad(struct tls_enable *en, size_t len,
760 tls_13_aad(struct tls_enable *en, const struct tls_record_layer *hdr,
770 tls_12_gcm_nonce(struct tls_enable *en, const struct tls_record_layer *hdr,
773 memcpy(nonce, en->iv, TLS_AEAD_GCM_LEN);
778 tls_13_nonce(struct tls_enable *en, uint64_t seqno, char *nonce)
782 memcpy(nonce, en->iv, TLS_1_3_GCM_IV_LEN);
792 decrypt_tls_aes_cbc_mte(const atf_tc_t *tc, struct tls_enable *en,
804 hdr_len = tls_header_len(en);
805 mac_len = tls_mac_len(en);
807 ATF_REQUIRE_INTEQ(en->tls_vminor, hdr->tls_vminor);
814 if (en->tls_vminor == TLS_MINOR_VER_ZERO)
815 iv = en->iv;
819 ATF_REQUIRE(cbc_decrypt(tls_EVP_CIPHER(en), en->cipher_key, iv,
827 if (en->tls_vminor == TLS_MINOR_VER_ZERO)
828 memcpy(__DECONST(uint8_t *, en->iv), (const u_char *)src +
846 tls_mte_aad(en, payload_len, hdr, seqno, &aad);
848 ATF_REQUIRE(verify_hash(tls_EVP_MD(en), en->auth_key, en->auth_key_len,
859 decrypt_tls_12_aead(const atf_tc_t *tc, struct tls_enable *en, uint64_t seqno,
869 hdr_len = tls_header_len(en);
870 mac_len = tls_mac_len(en);
877 tls_12_aead_aad(en, payload_len, hdr, seqno, &aad);
879 if (en->cipher_algorithm == CRYPTO_AES_NIST_GCM_16)
880 tls_12_gcm_nonce(en, hdr, nonce);
882 tls_13_nonce(en, seqno, nonce);
885 ATF_REQUIRE(aead_decrypt(tls_EVP_CIPHER(en), en->cipher_key, nonce,
894 decrypt_tls_13_aead(const atf_tc_t *tc, struct tls_enable *en, uint64_t seqno,
905 hdr_len = tls_header_len(en);
906 mac_len = tls_mac_len(en);
917 tls_13_aad(en, hdr, seqno, &aad);
919 tls_13_nonce(en, seqno, nonce);
928 ATF_REQUIRE(aead_decrypt(tls_EVP_CIPHER(en), en->cipher_key, nonce,
944 decrypt_tls_aead(const atf_tc_t *tc, struct tls_enable *en, uint64_t seqno,
953 payload_len = len - (tls_header_len(en) + tls_trailer_len(en));
957 if (en->tls_vminor == TLS_MINOR_VER_TWO) {
958 ATF_REQUIRE_INTEQ(payload_len, decrypt_tls_12_aead(tc, en,
961 ATF_REQUIRE_INTEQ(payload_len, decrypt_tls_13_aead(tc, en,
969 decrypt_tls_record(const atf_tc_t *tc, struct tls_enable *en, uint64_t seqno,
972 if (en->cipher_algorithm == CRYPTO_AES_CBC)
973 return (decrypt_tls_aes_cbc_mte(tc, en, seqno, src, len, dst,
976 return (decrypt_tls_aead(tc, en, seqno, src, len, dst, avail,
988 encrypt_tls_aes_cbc_mte(const atf_tc_t *tc, struct tls_enable *en,
1004 hdr_len = tls_header_len(en);
1005 mac_len = tls_mac_len(en);
1017 hdr->tls_vminor = en->tls_vminor;
1028 tls_mte_aad(en, len, hdr, seqno, &aad);
1031 ATF_REQUIRE(compute_hash(tls_EVP_MD(en), en->auth_key, en->auth_key_len,
1042 ATF_REQUIRE(cbc_encrypt(tls_EVP_CIPHER(en), en->cipher_key, iv,
1050 encrypt_tls_12_aead(const atf_tc_t *tc, struct tls_enable *en,
1061 hdr_len = tls_header_len(en);
1062 mac_len = tls_mac_len(en);
1069 if (en->cipher_algorithm == CRYPTO_AES_NIST_GCM_16)
1072 tls_12_aead_aad(en, len, hdr, seqno, &aad);
1074 if (en->cipher_algorithm == CRYPTO_AES_NIST_GCM_16)
1075 tls_12_gcm_nonce(en, hdr, nonce);
1077 tls_13_nonce(en, seqno, nonce);
1081 ATF_REQUIRE(aead_encrypt(tls_EVP_CIPHER(en), en->cipher_key, nonce,
1090 encrypt_tls_13_aead(const atf_tc_t *tc, struct tls_enable *en,
1103 hdr_len = tls_header_len(en);
1104 mac_len = tls_mac_len(en);
1112 tls_13_aad(en, hdr, seqno, &aad);
1114 tls_13_nonce(en, seqno, nonce);
1127 ATF_REQUIRE(aead_encrypt(tls_EVP_CIPHER(en), en->cipher_key, nonce,
1138 encrypt_tls_aead(const atf_tc_t *tc, struct tls_enable *en,
1144 record_len = tls_header_len(en) + len + padding + tls_trailer_len(en);
1147 tls_header_len(en), len, padding, tls_trailer_len(en));
1149 if (en->tls_vminor == TLS_MINOR_VER_TWO) {
1151 ATF_REQUIRE_INTEQ(record_len, encrypt_tls_12_aead(tc, en,
1154 ATF_REQUIRE_INTEQ(record_len, encrypt_tls_13_aead(tc, en,
1161 encrypt_tls_record(const atf_tc_t *tc, struct tls_enable *en,
1165 if (en->cipher_algorithm == CRYPTO_AES_CBC)
1166 return (encrypt_tls_aes_cbc_mte(tc, en, record_type, seqno, src,
1169 return (encrypt_tls_aead(tc, en, record_type, seqno, src, len,
1174 test_ktls_transmit_app_data(const atf_tc_t *tc, struct tls_enable *en,
1188 outbuf_cap = tls_header_len(en) + TLS_MAX_MSG_SIZE_V10_2 +
1189 tls_trailer_len(en);
1197 ATF_REQUIRE(setsockopt(sockets[1], IPPROTO_TCP, TCP_TXTLS_ENABLE, en,
1198 sizeof(*en)) == 0);
1272 decrypted_len += decrypt_tls_record(tc, en,
1325 test_ktls_transmit_control(const atf_tc_t *tc, struct tls_enable *en,
1339 outbuf_cap = tls_header_len(en) + len + tls_trailer_len(en);
1345 ATF_REQUIRE(setsockopt(sockets[1], IPPROTO_TCP, TCP_TXTLS_ENABLE, en,
1346 sizeof(*en)) == 0);
1368 rv = decrypt_tls_record(tc, en, seqno, outbuf, record_len, decrypted,
1385 test_ktls_transmit_empty_fragment(const atf_tc_t *tc, struct tls_enable *en,
1395 outbuf_cap = tls_header_len(en) + tls_trailer_len(en);
1401 ATF_REQUIRE(setsockopt(sockets[1], IPPROTO_TCP, TCP_TXTLS_ENABLE, en,
1402 sizeof(*en)) == 0);
1414 ATF_REQUIRE_INTEQ(CRYPTO_AES_CBC, en->cipher_algorithm);
1415 ATF_REQUIRE_INTEQ(TLS_MINOR_VER_ZERO, en->tls_vminor);
1436 rv = decrypt_tls_record(tc, en, seqno, outbuf, record_len, NULL, 0,
1450 ktls_receive_tls_record(struct tls_enable *en, int fd, uint8_t record_type,
1482 ATF_REQUIRE_INTEQ(en->tls_vmajor, tgr->tls_vmajor);
1484 if (en->tls_vminor == TLS_MINOR_VER_THREE)
1487 ATF_REQUIRE_INTEQ(en->tls_vminor, tgr->tls_vminor);
1494 test_ktls_receive_app_data(const atf_tc_t *tc, struct tls_enable *en,
1505 outbuf_cap = tls_header_len(en) + TLS_MAX_MSG_SIZE_V10_2 +
1506 tls_trailer_len(en);
1513 ATF_REQUIRE(setsockopt(sockets[0], IPPROTO_TCP, TCP_RXTLS_ENABLE, en,
1514 sizeof(*en)) == 0);
1539 outbuf_len = encrypt_tls_record(tc, en,
1569 rv = ktls_receive_tls_record(en, ev.ident,
1615 test_ktls_receive_corrupted_record(const atf_tc_t *tc, struct tls_enable *en,
1626 outbuf_cap = tls_header_len(en) + len + tls_trailer_len(en);
1631 ATF_REQUIRE(setsockopt(sockets[0], IPPROTO_TCP, TCP_RXTLS_ENABLE, en,
1632 sizeof(*en)) == 0);
1638 outbuf_len = encrypt_tls_record(tc, en, TLS_RLTYPE_APP, seqno,
1658 test_ktls_receive_corrupted_iv(const atf_tc_t *tc, struct tls_enable *en,
1661 ATF_REQUIRE(tls_header_len(en) > sizeof(struct tls_record_layer));
1664 test_ktls_receive_corrupted_record(tc, en, seqno, len,
1669 test_ktls_receive_corrupted_data(const atf_tc_t *tc, struct tls_enable *en,
1675 test_ktls_receive_corrupted_record(tc, en, seqno, len,
1676 tls_header_len(en));
1680 test_ktls_receive_corrupted_mac(const atf_tc_t *tc, struct tls_enable *en,
1686 if (en->cipher_algorithm == CRYPTO_AES_CBC)
1687 offset = tls_header_len(en) + len;
1689 offset = -tls_mac_len(en);
1690 test_ktls_receive_corrupted_record(tc, en, seqno, len, offset);
1694 test_ktls_receive_corrupted_padding(const atf_tc_t *tc, struct tls_enable *en,
1697 ATF_REQUIRE_INTEQ(CRYPTO_AES_CBC, en->cipher_algorithm);
1700 test_ktls_receive_corrupted_record(tc, en, seqno, len, -1);
1704 test_ktls_receive_truncated_record(const atf_tc_t *tc, struct tls_enable *en,
1715 outbuf_cap = tls_header_len(en) + len + tls_trailer_len(en);
1720 ATF_REQUIRE(setsockopt(sockets[0], IPPROTO_TCP, TCP_RXTLS_ENABLE, en,
1721 sizeof(*en)) == 0);
1727 outbuf_len = encrypt_tls_record(tc, en, TLS_RLTYPE_APP, seqno,
1744 test_ktls_receive_bad_major(const atf_tc_t *tc, struct tls_enable *en,
1756 outbuf_cap = tls_header_len(en) + len + tls_trailer_len(en);
1761 ATF_REQUIRE(setsockopt(sockets[0], IPPROTO_TCP, TCP_RXTLS_ENABLE, en,
1762 sizeof(*en)) == 0);
1768 outbuf_len = encrypt_tls_record(tc, en, TLS_RLTYPE_APP, seqno,
1786 test_ktls_receive_bad_minor(const atf_tc_t *tc, struct tls_enable *en,
1798 outbuf_cap = tls_header_len(en) + len + tls_trailer_len(en);
1803 ATF_REQUIRE(setsockopt(sockets[0], IPPROTO_TCP, TCP_RXTLS_ENABLE, en,
1804 sizeof(*en)) == 0);
1810 outbuf_len = encrypt_tls_record(tc, en, TLS_RLTYPE_APP, seqno,
1828 test_ktls_receive_bad_type(const atf_tc_t *tc, struct tls_enable *en,
1838 ATF_REQUIRE_INTEQ(TLS_MINOR_VER_THREE, en->tls_vminor);
1841 outbuf_cap = tls_header_len(en) + len + tls_trailer_len(en);
1846 ATF_REQUIRE(setsockopt(sockets[0], IPPROTO_TCP, TCP_RXTLS_ENABLE, en,
1847 sizeof(*en)) == 0);
1853 outbuf_len = encrypt_tls_record(tc, en, 0x21 /* Alert */, seqno,
1871 test_ktls_receive_bad_size(const atf_tc_t *tc, struct tls_enable *en,
1885 ATF_REQUIRE(setsockopt(sockets[0], IPPROTO_TCP, TCP_RXTLS_ENABLE, en,
1886 sizeof(*en)) == 0);
1893 hdr->tls_vmajor = en->tls_vmajor;
1894 if (en->tls_vminor == TLS_MINOR_VER_THREE)
1897 hdr->tls_vminor = en->tls_vminor;
1982 struct tls_enable en; \
1988 seqno, &en); \
1989 test_ktls_transmit_app_data(tc, &en, seqno, len); \
1990 free_tls_enable(&en); \
2002 struct tls_enable en; \
2008 seqno, &en); \
2009 test_ktls_transmit_control(tc, &en, seqno, type, len); \
2010 free_tls_enable(&en); \
2022 struct tls_enable en; \
2028 seqno, &en); \
2029 test_ktls_transmit_empty_fragment(tc, &en, seqno); \
2030 free_tls_enable(&en); \
2161 struct tls_enable *en)
2168 TCP_TXTLS_ENABLE, en, sizeof(*en)) == -1);
2178 struct tls_enable en; \
2184 seqno, &en); \
2185 test_ktls_invalid_transmit_cipher_suite(tc, &en); \
2186 free_tls_enable(&en); \
2227 struct tls_enable en; \
2233 seqno, &en); \
2234 test_ktls_receive_app_data(tc, &en, seqno, len, padding); \
2235 free_tls_enable(&en); \
2247 struct tls_enable en; \
2253 seqno, &en); \
2254 test_ktls_receive_corrupted_data(tc, &en, seqno, len); \
2255 free_tls_enable(&en); \
2267 struct tls_enable en; \
2273 seqno, &en); \
2274 test_ktls_receive_corrupted_mac(tc, &en, seqno, len); \
2275 free_tls_enable(&en); \
2287 struct tls_enable en; \
2293 seqno, &en); \
2294 test_ktls_receive_truncated_record(tc, &en, seqno, len); \
2295 free_tls_enable(&en); \
2307 struct tls_enable en; \
2313 seqno, &en); \
2314 test_ktls_receive_bad_major(tc, &en, seqno, len); \
2315 free_tls_enable(&en); \
2327 struct tls_enable en; \
2333 seqno, &en); \
2334 test_ktls_receive_bad_minor(tc, &en, seqno, len); \
2335 free_tls_enable(&en); \
2347 struct tls_enable en; \
2353 seqno, &en); \
2354 test_ktls_receive_bad_size(tc, &en, seqno, (len)); \
2355 free_tls_enable(&en); \
2380 tls_minimum_record_payload(&en) - 1) \
2515 struct tls_enable en; \
2521 seqno, &en); \
2522 test_ktls_receive_corrupted_padding(tc, &en, seqno, len); \
2523 free_tls_enable(&en); \
2538 tls_minimum_record_payload(&en) + 1)
2572 struct tls_enable en; \
2578 seqno, &en); \
2579 test_ktls_receive_corrupted_iv(tc, &en, seqno, 64); \
2580 free_tls_enable(&en); \
2615 struct tls_enable en; \
2621 seqno, &en); \
2622 test_ktls_receive_bad_type(tc, &en, seqno, len); \
2623 free_tls_enable(&en); \
2657 struct tls_enable *en)
2664 TCP_RXTLS_ENABLE, en, sizeof(*en)) == -1);
2674 struct tls_enable en; \
2680 seqno, &en); \
2681 test_ktls_invalid_receive_cipher_suite(tc, &en); \
2682 free_tls_enable(&en); \
2696 struct tls_enable *en)
2703 TCP_RXTLS_ENABLE, en, sizeof(*en)) == -1);
2713 struct tls_enable en; \
2719 seqno, &en); \
2720 test_ktls_unsupported_receive_cipher_suite(tc, &en); \
2721 free_tls_enable(&en); \
2743 struct tls_enable en;
2753 TLS_MINOR_VER_THREE, (uint64_t)random(), &en);
2755 ATF_REQUIRE(setsockopt(s, IPPROTO_TCP, TCP_TXTLS_ENABLE, &en,
2756 sizeof(en)) == 0);
2780 struct tls_enable en;
2789 TLS_MINOR_VER_THREE, (uint64_t)random(), &en);
2790 ATF_REQUIRE(setsockopt(s, IPPROTO_TCP, TCP_TXTLS_ENABLE, &en,
2791 sizeof(en)) == 0);
2798 TLS_MINOR_VER_THREE, (uint64_t)random(), &en);
2799 ATF_REQUIRE(setsockopt(s, IPPROTO_TCP, TCP_RXTLS_ENABLE, &en,
2800 sizeof(en)) == 0);
2812 TLS_MINOR_VER_THREE, (uint64_t)random(), &en);
2814 setsockopt(s, IPPROTO_TCP, TCP_TXTLS_ENABLE, &en, sizeof(en)) != 0);
2816 setsockopt(s, IPPROTO_TCP, TCP_RXTLS_ENABLE, &en, sizeof(en)) != 0);