1 // SPDX-License-Identifier: GPL-2.0 2 3 #define _GNU_SOURCE 4 5 #include <arpa/inet.h> 6 #include <errno.h> 7 #include <error.h> 8 #include <fcntl.h> 9 #include <poll.h> 10 #include <stdio.h> 11 #include <stdlib.h> 12 #include <unistd.h> 13 14 #include <linux/tls.h> 15 #include <linux/tcp.h> 16 #include <linux/socket.h> 17 18 #include <sys/epoll.h> 19 #include <sys/types.h> 20 #include <sys/sendfile.h> 21 #include <sys/socket.h> 22 #include <sys/stat.h> 23 24 #include "../kselftest_harness.h" 25 26 #define TLS_PAYLOAD_MAX_LEN 16384 27 #define SOL_TLS 282 28 29 static int fips_enabled; 30 31 struct tls_crypto_info_keys { 32 union { 33 struct tls_crypto_info crypto_info; 34 struct tls12_crypto_info_aes_gcm_128 aes128; 35 struct tls12_crypto_info_chacha20_poly1305 chacha20; 36 struct tls12_crypto_info_sm4_gcm sm4gcm; 37 struct tls12_crypto_info_sm4_ccm sm4ccm; 38 struct tls12_crypto_info_aes_ccm_128 aesccm128; 39 struct tls12_crypto_info_aes_gcm_256 aesgcm256; 40 struct tls12_crypto_info_aria_gcm_128 ariagcm128; 41 struct tls12_crypto_info_aria_gcm_256 ariagcm256; 42 }; 43 size_t len; 44 }; 45 46 static void tls_crypto_info_init(uint16_t tls_version, uint16_t cipher_type, 47 struct tls_crypto_info_keys *tls12, 48 char key_generation) 49 { 50 memset(tls12, key_generation, sizeof(*tls12)); 51 memset(tls12, 0, sizeof(struct tls_crypto_info)); 52 53 switch (cipher_type) { 54 case TLS_CIPHER_CHACHA20_POLY1305: 55 tls12->len = sizeof(struct tls12_crypto_info_chacha20_poly1305); 56 tls12->chacha20.info.version = tls_version; 57 tls12->chacha20.info.cipher_type = cipher_type; 58 break; 59 case TLS_CIPHER_AES_GCM_128: 60 tls12->len = sizeof(struct tls12_crypto_info_aes_gcm_128); 61 tls12->aes128.info.version = tls_version; 62 tls12->aes128.info.cipher_type = cipher_type; 63 break; 64 case TLS_CIPHER_SM4_GCM: 65 tls12->len = sizeof(struct tls12_crypto_info_sm4_gcm); 66 tls12->sm4gcm.info.version = tls_version; 67 tls12->sm4gcm.info.cipher_type = cipher_type; 68 break; 69 case TLS_CIPHER_SM4_CCM: 70 tls12->len = sizeof(struct tls12_crypto_info_sm4_ccm); 71 tls12->sm4ccm.info.version = tls_version; 72 tls12->sm4ccm.info.cipher_type = cipher_type; 73 break; 74 case TLS_CIPHER_AES_CCM_128: 75 tls12->len = sizeof(struct tls12_crypto_info_aes_ccm_128); 76 tls12->aesccm128.info.version = tls_version; 77 tls12->aesccm128.info.cipher_type = cipher_type; 78 break; 79 case TLS_CIPHER_AES_GCM_256: 80 tls12->len = sizeof(struct tls12_crypto_info_aes_gcm_256); 81 tls12->aesgcm256.info.version = tls_version; 82 tls12->aesgcm256.info.cipher_type = cipher_type; 83 break; 84 case TLS_CIPHER_ARIA_GCM_128: 85 tls12->len = sizeof(struct tls12_crypto_info_aria_gcm_128); 86 tls12->ariagcm128.info.version = tls_version; 87 tls12->ariagcm128.info.cipher_type = cipher_type; 88 break; 89 case TLS_CIPHER_ARIA_GCM_256: 90 tls12->len = sizeof(struct tls12_crypto_info_aria_gcm_256); 91 tls12->ariagcm256.info.version = tls_version; 92 tls12->ariagcm256.info.cipher_type = cipher_type; 93 break; 94 default: 95 break; 96 } 97 } 98 99 static void memrnd(void *s, size_t n) 100 { 101 int *dword = s; 102 char *byte; 103 104 for (; n >= 4; n -= 4) 105 *dword++ = rand(); 106 byte = (void *)dword; 107 while (n--) 108 *byte++ = rand(); 109 } 110 111 static void ulp_sock_pair(struct __test_metadata *_metadata, 112 int *fd, int *cfd, bool *notls) 113 { 114 struct sockaddr_in addr; 115 socklen_t len; 116 int sfd, ret; 117 118 *notls = false; 119 len = sizeof(addr); 120 121 addr.sin_family = AF_INET; 122 addr.sin_addr.s_addr = htonl(INADDR_ANY); 123 addr.sin_port = 0; 124 125 *fd = socket(AF_INET, SOCK_STREAM, 0); 126 sfd = socket(AF_INET, SOCK_STREAM, 0); 127 128 ret = bind(sfd, &addr, sizeof(addr)); 129 ASSERT_EQ(ret, 0); 130 ret = listen(sfd, 10); 131 ASSERT_EQ(ret, 0); 132 133 ret = getsockname(sfd, &addr, &len); 134 ASSERT_EQ(ret, 0); 135 136 ret = connect(*fd, &addr, sizeof(addr)); 137 ASSERT_EQ(ret, 0); 138 139 *cfd = accept(sfd, &addr, &len); 140 ASSERT_GE(*cfd, 0); 141 142 close(sfd); 143 144 ret = setsockopt(*fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")); 145 if (ret != 0) { 146 ASSERT_EQ(errno, ENOENT); 147 *notls = true; 148 printf("Failure setting TCP_ULP, testing without tls\n"); 149 return; 150 } 151 152 ret = setsockopt(*cfd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")); 153 ASSERT_EQ(ret, 0); 154 } 155 156 /* Produce a basic cmsg */ 157 static int tls_send_cmsg(int fd, unsigned char record_type, 158 void *data, size_t len, int flags) 159 { 160 char cbuf[CMSG_SPACE(sizeof(char))]; 161 int cmsg_len = sizeof(char); 162 struct cmsghdr *cmsg; 163 struct msghdr msg; 164 struct iovec vec; 165 166 vec.iov_base = data; 167 vec.iov_len = len; 168 memset(&msg, 0, sizeof(struct msghdr)); 169 msg.msg_iov = &vec; 170 msg.msg_iovlen = 1; 171 msg.msg_control = cbuf; 172 msg.msg_controllen = sizeof(cbuf); 173 cmsg = CMSG_FIRSTHDR(&msg); 174 cmsg->cmsg_level = SOL_TLS; 175 /* test sending non-record types. */ 176 cmsg->cmsg_type = TLS_SET_RECORD_TYPE; 177 cmsg->cmsg_len = CMSG_LEN(cmsg_len); 178 *CMSG_DATA(cmsg) = record_type; 179 msg.msg_controllen = cmsg->cmsg_len; 180 181 return sendmsg(fd, &msg, flags); 182 } 183 184 static int __tls_recv_cmsg(struct __test_metadata *_metadata, 185 int fd, unsigned char *ctype, 186 void *data, size_t len, int flags) 187 { 188 char cbuf[CMSG_SPACE(sizeof(char))]; 189 struct cmsghdr *cmsg; 190 struct msghdr msg; 191 struct iovec vec; 192 int n; 193 194 vec.iov_base = data; 195 vec.iov_len = len; 196 memset(&msg, 0, sizeof(struct msghdr)); 197 msg.msg_iov = &vec; 198 msg.msg_iovlen = 1; 199 msg.msg_control = cbuf; 200 msg.msg_controllen = sizeof(cbuf); 201 202 n = recvmsg(fd, &msg, flags); 203 204 cmsg = CMSG_FIRSTHDR(&msg); 205 EXPECT_NE(cmsg, NULL); 206 EXPECT_EQ(cmsg->cmsg_level, SOL_TLS); 207 EXPECT_EQ(cmsg->cmsg_type, TLS_GET_RECORD_TYPE); 208 if (ctype) 209 *ctype = *((unsigned char *)CMSG_DATA(cmsg)); 210 211 return n; 212 } 213 214 static int tls_recv_cmsg(struct __test_metadata *_metadata, 215 int fd, unsigned char record_type, 216 void *data, size_t len, int flags) 217 { 218 unsigned char ctype; 219 int n; 220 221 n = __tls_recv_cmsg(_metadata, fd, &ctype, data, len, flags); 222 EXPECT_EQ(ctype, record_type); 223 224 return n; 225 } 226 227 FIXTURE(tls_basic) 228 { 229 int fd, cfd; 230 bool notls; 231 }; 232 233 FIXTURE_SETUP(tls_basic) 234 { 235 ulp_sock_pair(_metadata, &self->fd, &self->cfd, &self->notls); 236 } 237 238 FIXTURE_TEARDOWN(tls_basic) 239 { 240 close(self->fd); 241 close(self->cfd); 242 } 243 244 /* Send some data through with ULP but no keys */ 245 TEST_F(tls_basic, base_base) 246 { 247 char const *test_str = "test_read"; 248 int send_len = 10; 249 char buf[10]; 250 251 ASSERT_EQ(strlen(test_str) + 1, send_len); 252 253 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 254 EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1); 255 EXPECT_EQ(memcmp(buf, test_str, send_len), 0); 256 }; 257 258 TEST_F(tls_basic, bad_cipher) 259 { 260 struct tls_crypto_info_keys tls12; 261 262 tls12.crypto_info.version = 200; 263 tls12.crypto_info.cipher_type = TLS_CIPHER_AES_GCM_128; 264 EXPECT_EQ(setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, sizeof(struct tls12_crypto_info_aes_gcm_128)), -1); 265 266 tls12.crypto_info.version = TLS_1_2_VERSION; 267 tls12.crypto_info.cipher_type = 50; 268 EXPECT_EQ(setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, sizeof(struct tls12_crypto_info_aes_gcm_128)), -1); 269 270 tls12.crypto_info.version = TLS_1_2_VERSION; 271 tls12.crypto_info.cipher_type = 59; 272 EXPECT_EQ(setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, sizeof(struct tls12_crypto_info_aes_gcm_128)), -1); 273 274 tls12.crypto_info.version = TLS_1_2_VERSION; 275 tls12.crypto_info.cipher_type = 10; 276 EXPECT_EQ(setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, sizeof(struct tls12_crypto_info_aes_gcm_128)), -1); 277 278 tls12.crypto_info.version = TLS_1_2_VERSION; 279 tls12.crypto_info.cipher_type = 70; 280 EXPECT_EQ(setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, sizeof(struct tls12_crypto_info_aes_gcm_128)), -1); 281 } 282 283 TEST_F(tls_basic, recseq_wrap) 284 { 285 struct tls_crypto_info_keys tls12; 286 char const *test_str = "test_read"; 287 int send_len = 10; 288 289 if (self->notls) 290 SKIP(return, "no TLS support"); 291 292 tls_crypto_info_init(TLS_1_2_VERSION, TLS_CIPHER_AES_GCM_128, &tls12, 0); 293 memset(&tls12.aes128.rec_seq, 0xff, sizeof(tls12.aes128.rec_seq)); 294 295 ASSERT_EQ(setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, tls12.len), 0); 296 ASSERT_EQ(setsockopt(self->cfd, SOL_TLS, TLS_RX, &tls12, tls12.len), 0); 297 298 EXPECT_EQ(send(self->fd, test_str, send_len, 0), -1); 299 EXPECT_EQ(errno, EBADMSG); 300 } 301 302 FIXTURE(tls) 303 { 304 int fd, cfd; 305 bool notls; 306 }; 307 308 FIXTURE_VARIANT(tls) 309 { 310 uint16_t tls_version; 311 uint16_t cipher_type; 312 bool nopad, fips_non_compliant; 313 }; 314 315 FIXTURE_VARIANT_ADD(tls, 12_aes_gcm) 316 { 317 .tls_version = TLS_1_2_VERSION, 318 .cipher_type = TLS_CIPHER_AES_GCM_128, 319 }; 320 321 FIXTURE_VARIANT_ADD(tls, 13_aes_gcm) 322 { 323 .tls_version = TLS_1_3_VERSION, 324 .cipher_type = TLS_CIPHER_AES_GCM_128, 325 }; 326 327 FIXTURE_VARIANT_ADD(tls, 12_chacha) 328 { 329 .tls_version = TLS_1_2_VERSION, 330 .cipher_type = TLS_CIPHER_CHACHA20_POLY1305, 331 .fips_non_compliant = true, 332 }; 333 334 FIXTURE_VARIANT_ADD(tls, 13_chacha) 335 { 336 .tls_version = TLS_1_3_VERSION, 337 .cipher_type = TLS_CIPHER_CHACHA20_POLY1305, 338 .fips_non_compliant = true, 339 }; 340 341 FIXTURE_VARIANT_ADD(tls, 13_sm4_gcm) 342 { 343 .tls_version = TLS_1_3_VERSION, 344 .cipher_type = TLS_CIPHER_SM4_GCM, 345 .fips_non_compliant = true, 346 }; 347 348 FIXTURE_VARIANT_ADD(tls, 13_sm4_ccm) 349 { 350 .tls_version = TLS_1_3_VERSION, 351 .cipher_type = TLS_CIPHER_SM4_CCM, 352 .fips_non_compliant = true, 353 }; 354 355 FIXTURE_VARIANT_ADD(tls, 12_aes_ccm) 356 { 357 .tls_version = TLS_1_2_VERSION, 358 .cipher_type = TLS_CIPHER_AES_CCM_128, 359 }; 360 361 FIXTURE_VARIANT_ADD(tls, 13_aes_ccm) 362 { 363 .tls_version = TLS_1_3_VERSION, 364 .cipher_type = TLS_CIPHER_AES_CCM_128, 365 }; 366 367 FIXTURE_VARIANT_ADD(tls, 12_aes_gcm_256) 368 { 369 .tls_version = TLS_1_2_VERSION, 370 .cipher_type = TLS_CIPHER_AES_GCM_256, 371 }; 372 373 FIXTURE_VARIANT_ADD(tls, 13_aes_gcm_256) 374 { 375 .tls_version = TLS_1_3_VERSION, 376 .cipher_type = TLS_CIPHER_AES_GCM_256, 377 }; 378 379 FIXTURE_VARIANT_ADD(tls, 13_nopad) 380 { 381 .tls_version = TLS_1_3_VERSION, 382 .cipher_type = TLS_CIPHER_AES_GCM_128, 383 .nopad = true, 384 }; 385 386 FIXTURE_VARIANT_ADD(tls, 12_aria_gcm) 387 { 388 .tls_version = TLS_1_2_VERSION, 389 .cipher_type = TLS_CIPHER_ARIA_GCM_128, 390 }; 391 392 FIXTURE_VARIANT_ADD(tls, 12_aria_gcm_256) 393 { 394 .tls_version = TLS_1_2_VERSION, 395 .cipher_type = TLS_CIPHER_ARIA_GCM_256, 396 }; 397 398 FIXTURE_SETUP(tls) 399 { 400 struct tls_crypto_info_keys tls12; 401 int one = 1; 402 int ret; 403 404 if (fips_enabled && variant->fips_non_compliant) 405 SKIP(return, "Unsupported cipher in FIPS mode"); 406 407 tls_crypto_info_init(variant->tls_version, variant->cipher_type, 408 &tls12, 0); 409 410 ulp_sock_pair(_metadata, &self->fd, &self->cfd, &self->notls); 411 412 if (self->notls) 413 return; 414 415 ret = setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, tls12.len); 416 ASSERT_EQ(ret, 0); 417 418 ret = setsockopt(self->cfd, SOL_TLS, TLS_RX, &tls12, tls12.len); 419 ASSERT_EQ(ret, 0); 420 421 if (variant->nopad) { 422 ret = setsockopt(self->cfd, SOL_TLS, TLS_RX_EXPECT_NO_PAD, 423 (void *)&one, sizeof(one)); 424 ASSERT_EQ(ret, 0); 425 } 426 } 427 428 FIXTURE_TEARDOWN(tls) 429 { 430 close(self->fd); 431 close(self->cfd); 432 } 433 434 TEST_F(tls, sendfile) 435 { 436 int filefd = open("/proc/self/exe", O_RDONLY); 437 struct stat st; 438 439 EXPECT_GE(filefd, 0); 440 fstat(filefd, &st); 441 EXPECT_GE(sendfile(self->fd, filefd, 0, st.st_size), 0); 442 443 close(filefd); 444 } 445 446 TEST_F(tls, send_then_sendfile) 447 { 448 int filefd = open("/proc/self/exe", O_RDONLY); 449 char const *test_str = "test_send"; 450 int to_send = strlen(test_str) + 1; 451 char recv_buf[10]; 452 struct stat st; 453 char *buf; 454 455 EXPECT_GE(filefd, 0); 456 fstat(filefd, &st); 457 buf = (char *)malloc(st.st_size); 458 459 EXPECT_EQ(send(self->fd, test_str, to_send, 0), to_send); 460 EXPECT_EQ(recv(self->cfd, recv_buf, to_send, MSG_WAITALL), to_send); 461 EXPECT_EQ(memcmp(test_str, recv_buf, to_send), 0); 462 463 EXPECT_GE(sendfile(self->fd, filefd, 0, st.st_size), 0); 464 EXPECT_EQ(recv(self->cfd, buf, st.st_size, MSG_WAITALL), st.st_size); 465 466 free(buf); 467 close(filefd); 468 } 469 470 static void chunked_sendfile(struct __test_metadata *_metadata, 471 struct _test_data_tls *self, 472 uint16_t chunk_size, 473 uint16_t extra_payload_size) 474 { 475 char buf[TLS_PAYLOAD_MAX_LEN]; 476 uint16_t test_payload_size; 477 int size = 0; 478 int ret; 479 char filename[] = "/tmp/mytemp.XXXXXX"; 480 int fd = mkstemp(filename); 481 off_t offset = 0; 482 483 unlink(filename); 484 ASSERT_GE(fd, 0); 485 EXPECT_GE(chunk_size, 1); 486 test_payload_size = chunk_size + extra_payload_size; 487 ASSERT_GE(TLS_PAYLOAD_MAX_LEN, test_payload_size); 488 memset(buf, 1, test_payload_size); 489 size = write(fd, buf, test_payload_size); 490 EXPECT_EQ(size, test_payload_size); 491 fsync(fd); 492 493 while (size > 0) { 494 ret = sendfile(self->fd, fd, &offset, chunk_size); 495 EXPECT_GE(ret, 0); 496 size -= ret; 497 } 498 499 EXPECT_EQ(recv(self->cfd, buf, test_payload_size, MSG_WAITALL), 500 test_payload_size); 501 502 close(fd); 503 } 504 505 TEST_F(tls, multi_chunk_sendfile) 506 { 507 chunked_sendfile(_metadata, self, 4096, 4096); 508 chunked_sendfile(_metadata, self, 4096, 0); 509 chunked_sendfile(_metadata, self, 4096, 1); 510 chunked_sendfile(_metadata, self, 4096, 2048); 511 chunked_sendfile(_metadata, self, 8192, 2048); 512 chunked_sendfile(_metadata, self, 4096, 8192); 513 chunked_sendfile(_metadata, self, 8192, 4096); 514 chunked_sendfile(_metadata, self, 12288, 1024); 515 chunked_sendfile(_metadata, self, 12288, 2000); 516 chunked_sendfile(_metadata, self, 15360, 100); 517 chunked_sendfile(_metadata, self, 15360, 300); 518 chunked_sendfile(_metadata, self, 1, 4096); 519 chunked_sendfile(_metadata, self, 2048, 4096); 520 chunked_sendfile(_metadata, self, 2048, 8192); 521 chunked_sendfile(_metadata, self, 4096, 8192); 522 chunked_sendfile(_metadata, self, 1024, 12288); 523 chunked_sendfile(_metadata, self, 2000, 12288); 524 chunked_sendfile(_metadata, self, 100, 15360); 525 chunked_sendfile(_metadata, self, 300, 15360); 526 } 527 528 TEST_F(tls, recv_max) 529 { 530 unsigned int send_len = TLS_PAYLOAD_MAX_LEN; 531 char recv_mem[TLS_PAYLOAD_MAX_LEN]; 532 char buf[TLS_PAYLOAD_MAX_LEN]; 533 534 memrnd(buf, sizeof(buf)); 535 536 EXPECT_GE(send(self->fd, buf, send_len, 0), 0); 537 EXPECT_NE(recv(self->cfd, recv_mem, send_len, 0), -1); 538 EXPECT_EQ(memcmp(buf, recv_mem, send_len), 0); 539 } 540 541 TEST_F(tls, recv_small) 542 { 543 char const *test_str = "test_read"; 544 int send_len = 10; 545 char buf[10]; 546 547 send_len = strlen(test_str) + 1; 548 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 549 EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1); 550 EXPECT_EQ(memcmp(buf, test_str, send_len), 0); 551 } 552 553 TEST_F(tls, msg_more) 554 { 555 char const *test_str = "test_read"; 556 int send_len = 10; 557 char buf[10 * 2]; 558 559 EXPECT_EQ(send(self->fd, test_str, send_len, MSG_MORE), send_len); 560 EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_DONTWAIT), -1); 561 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 562 EXPECT_EQ(recv(self->cfd, buf, send_len * 2, MSG_WAITALL), 563 send_len * 2); 564 EXPECT_EQ(memcmp(buf, test_str, send_len), 0); 565 } 566 567 TEST_F(tls, msg_more_unsent) 568 { 569 char const *test_str = "test_read"; 570 int send_len = 10; 571 char buf[10]; 572 573 EXPECT_EQ(send(self->fd, test_str, send_len, MSG_MORE), send_len); 574 EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_DONTWAIT), -1); 575 } 576 577 TEST_F(tls, msg_eor) 578 { 579 char const *test_str = "test_read"; 580 int send_len = 10; 581 char buf[10]; 582 583 EXPECT_EQ(send(self->fd, test_str, send_len, MSG_EOR), send_len); 584 EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_WAITALL), send_len); 585 EXPECT_EQ(memcmp(buf, test_str, send_len), 0); 586 } 587 588 TEST_F(tls, sendmsg_single) 589 { 590 struct msghdr msg; 591 592 char const *test_str = "test_sendmsg"; 593 size_t send_len = 13; 594 struct iovec vec; 595 char buf[13]; 596 597 vec.iov_base = (char *)test_str; 598 vec.iov_len = send_len; 599 memset(&msg, 0, sizeof(struct msghdr)); 600 msg.msg_iov = &vec; 601 msg.msg_iovlen = 1; 602 EXPECT_EQ(sendmsg(self->fd, &msg, 0), send_len); 603 EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_WAITALL), send_len); 604 EXPECT_EQ(memcmp(buf, test_str, send_len), 0); 605 } 606 607 #define MAX_FRAGS 64 608 #define SEND_LEN 13 609 TEST_F(tls, sendmsg_fragmented) 610 { 611 char const *test_str = "test_sendmsg"; 612 char buf[SEND_LEN * MAX_FRAGS]; 613 struct iovec vec[MAX_FRAGS]; 614 struct msghdr msg; 615 int i, frags; 616 617 for (frags = 1; frags <= MAX_FRAGS; frags++) { 618 for (i = 0; i < frags; i++) { 619 vec[i].iov_base = (char *)test_str; 620 vec[i].iov_len = SEND_LEN; 621 } 622 623 memset(&msg, 0, sizeof(struct msghdr)); 624 msg.msg_iov = vec; 625 msg.msg_iovlen = frags; 626 627 EXPECT_EQ(sendmsg(self->fd, &msg, 0), SEND_LEN * frags); 628 EXPECT_EQ(recv(self->cfd, buf, SEND_LEN * frags, MSG_WAITALL), 629 SEND_LEN * frags); 630 631 for (i = 0; i < frags; i++) 632 EXPECT_EQ(memcmp(buf + SEND_LEN * i, 633 test_str, SEND_LEN), 0); 634 } 635 } 636 #undef MAX_FRAGS 637 #undef SEND_LEN 638 639 TEST_F(tls, sendmsg_large) 640 { 641 void *mem = malloc(16384); 642 size_t send_len = 16384; 643 size_t sends = 128; 644 struct msghdr msg; 645 size_t recvs = 0; 646 size_t sent = 0; 647 648 memset(&msg, 0, sizeof(struct msghdr)); 649 while (sent++ < sends) { 650 struct iovec vec = { (void *)mem, send_len }; 651 652 msg.msg_iov = &vec; 653 msg.msg_iovlen = 1; 654 EXPECT_EQ(sendmsg(self->fd, &msg, 0), send_len); 655 } 656 657 while (recvs++ < sends) { 658 EXPECT_NE(recv(self->cfd, mem, send_len, 0), -1); 659 } 660 661 free(mem); 662 } 663 664 TEST_F(tls, sendmsg_multiple) 665 { 666 char const *test_str = "test_sendmsg_multiple"; 667 struct iovec vec[5]; 668 char *test_strs[5]; 669 struct msghdr msg; 670 int total_len = 0; 671 int len_cmp = 0; 672 int iov_len = 5; 673 char *buf; 674 int i; 675 676 memset(&msg, 0, sizeof(struct msghdr)); 677 for (i = 0; i < iov_len; i++) { 678 test_strs[i] = (char *)malloc(strlen(test_str) + 1); 679 snprintf(test_strs[i], strlen(test_str) + 1, "%s", test_str); 680 vec[i].iov_base = (void *)test_strs[i]; 681 vec[i].iov_len = strlen(test_strs[i]) + 1; 682 total_len += vec[i].iov_len; 683 } 684 msg.msg_iov = vec; 685 msg.msg_iovlen = iov_len; 686 687 EXPECT_EQ(sendmsg(self->fd, &msg, 0), total_len); 688 buf = malloc(total_len); 689 EXPECT_NE(recv(self->cfd, buf, total_len, 0), -1); 690 for (i = 0; i < iov_len; i++) { 691 EXPECT_EQ(memcmp(test_strs[i], buf + len_cmp, 692 strlen(test_strs[i])), 693 0); 694 len_cmp += strlen(buf + len_cmp) + 1; 695 } 696 for (i = 0; i < iov_len; i++) 697 free(test_strs[i]); 698 free(buf); 699 } 700 701 TEST_F(tls, sendmsg_multiple_stress) 702 { 703 char const *test_str = "abcdefghijklmno"; 704 struct iovec vec[1024]; 705 char *test_strs[1024]; 706 int iov_len = 1024; 707 int total_len = 0; 708 char buf[1 << 14]; 709 struct msghdr msg; 710 int len_cmp = 0; 711 int i; 712 713 memset(&msg, 0, sizeof(struct msghdr)); 714 for (i = 0; i < iov_len; i++) { 715 test_strs[i] = (char *)malloc(strlen(test_str) + 1); 716 snprintf(test_strs[i], strlen(test_str) + 1, "%s", test_str); 717 vec[i].iov_base = (void *)test_strs[i]; 718 vec[i].iov_len = strlen(test_strs[i]) + 1; 719 total_len += vec[i].iov_len; 720 } 721 msg.msg_iov = vec; 722 msg.msg_iovlen = iov_len; 723 724 EXPECT_EQ(sendmsg(self->fd, &msg, 0), total_len); 725 EXPECT_NE(recv(self->cfd, buf, total_len, 0), -1); 726 727 for (i = 0; i < iov_len; i++) 728 len_cmp += strlen(buf + len_cmp) + 1; 729 730 for (i = 0; i < iov_len; i++) 731 free(test_strs[i]); 732 } 733 734 TEST_F(tls, splice_from_pipe) 735 { 736 int send_len = TLS_PAYLOAD_MAX_LEN; 737 char mem_send[TLS_PAYLOAD_MAX_LEN]; 738 char mem_recv[TLS_PAYLOAD_MAX_LEN]; 739 int p[2]; 740 741 ASSERT_GE(pipe(p), 0); 742 EXPECT_GE(write(p[1], mem_send, send_len), 0); 743 EXPECT_GE(splice(p[0], NULL, self->fd, NULL, send_len, 0), 0); 744 EXPECT_EQ(recv(self->cfd, mem_recv, send_len, MSG_WAITALL), send_len); 745 EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0); 746 } 747 748 TEST_F(tls, splice_more) 749 { 750 unsigned int f = SPLICE_F_NONBLOCK | SPLICE_F_MORE | SPLICE_F_GIFT; 751 int send_len = TLS_PAYLOAD_MAX_LEN; 752 char mem_send[TLS_PAYLOAD_MAX_LEN]; 753 int i, send_pipe = 1; 754 int p[2]; 755 756 ASSERT_GE(pipe(p), 0); 757 EXPECT_GE(write(p[1], mem_send, send_len), 0); 758 for (i = 0; i < 32; i++) 759 EXPECT_EQ(splice(p[0], NULL, self->fd, NULL, send_pipe, f), 1); 760 } 761 762 TEST_F(tls, splice_from_pipe2) 763 { 764 int send_len = 16000; 765 char mem_send[16000]; 766 char mem_recv[16000]; 767 int p2[2]; 768 int p[2]; 769 770 memrnd(mem_send, sizeof(mem_send)); 771 772 ASSERT_GE(pipe(p), 0); 773 ASSERT_GE(pipe(p2), 0); 774 EXPECT_EQ(write(p[1], mem_send, 8000), 8000); 775 EXPECT_EQ(splice(p[0], NULL, self->fd, NULL, 8000, 0), 8000); 776 EXPECT_EQ(write(p2[1], mem_send + 8000, 8000), 8000); 777 EXPECT_EQ(splice(p2[0], NULL, self->fd, NULL, 8000, 0), 8000); 778 EXPECT_EQ(recv(self->cfd, mem_recv, send_len, MSG_WAITALL), send_len); 779 EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0); 780 } 781 782 TEST_F(tls, send_and_splice) 783 { 784 int send_len = TLS_PAYLOAD_MAX_LEN; 785 char mem_send[TLS_PAYLOAD_MAX_LEN]; 786 char mem_recv[TLS_PAYLOAD_MAX_LEN]; 787 char const *test_str = "test_read"; 788 int send_len2 = 10; 789 char buf[10]; 790 int p[2]; 791 792 ASSERT_GE(pipe(p), 0); 793 EXPECT_EQ(send(self->fd, test_str, send_len2, 0), send_len2); 794 EXPECT_EQ(recv(self->cfd, buf, send_len2, MSG_WAITALL), send_len2); 795 EXPECT_EQ(memcmp(test_str, buf, send_len2), 0); 796 797 EXPECT_GE(write(p[1], mem_send, send_len), send_len); 798 EXPECT_GE(splice(p[0], NULL, self->fd, NULL, send_len, 0), send_len); 799 800 EXPECT_EQ(recv(self->cfd, mem_recv, send_len, MSG_WAITALL), send_len); 801 EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0); 802 } 803 804 TEST_F(tls, splice_to_pipe) 805 { 806 int send_len = TLS_PAYLOAD_MAX_LEN; 807 char mem_send[TLS_PAYLOAD_MAX_LEN]; 808 char mem_recv[TLS_PAYLOAD_MAX_LEN]; 809 int p[2]; 810 811 memrnd(mem_send, sizeof(mem_send)); 812 813 ASSERT_GE(pipe(p), 0); 814 EXPECT_EQ(send(self->fd, mem_send, send_len, 0), send_len); 815 EXPECT_EQ(splice(self->cfd, NULL, p[1], NULL, send_len, 0), send_len); 816 EXPECT_EQ(read(p[0], mem_recv, send_len), send_len); 817 EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0); 818 } 819 820 TEST_F(tls, splice_cmsg_to_pipe) 821 { 822 char *test_str = "test_read"; 823 char record_type = 100; 824 int send_len = 10; 825 char buf[10]; 826 int p[2]; 827 828 if (self->notls) 829 SKIP(return, "no TLS support"); 830 831 ASSERT_GE(pipe(p), 0); 832 EXPECT_EQ(tls_send_cmsg(self->fd, 100, test_str, send_len, 0), 10); 833 EXPECT_EQ(splice(self->cfd, NULL, p[1], NULL, send_len, 0), -1); 834 EXPECT_EQ(errno, EINVAL); 835 EXPECT_EQ(recv(self->cfd, buf, send_len, 0), -1); 836 EXPECT_EQ(errno, EIO); 837 EXPECT_EQ(tls_recv_cmsg(_metadata, self->cfd, record_type, 838 buf, sizeof(buf), MSG_WAITALL), 839 send_len); 840 EXPECT_EQ(memcmp(test_str, buf, send_len), 0); 841 } 842 843 TEST_F(tls, splice_dec_cmsg_to_pipe) 844 { 845 char *test_str = "test_read"; 846 char record_type = 100; 847 int send_len = 10; 848 char buf[10]; 849 int p[2]; 850 851 if (self->notls) 852 SKIP(return, "no TLS support"); 853 854 ASSERT_GE(pipe(p), 0); 855 EXPECT_EQ(tls_send_cmsg(self->fd, 100, test_str, send_len, 0), 10); 856 EXPECT_EQ(recv(self->cfd, buf, send_len, 0), -1); 857 EXPECT_EQ(errno, EIO); 858 EXPECT_EQ(splice(self->cfd, NULL, p[1], NULL, send_len, 0), -1); 859 EXPECT_EQ(errno, EINVAL); 860 EXPECT_EQ(tls_recv_cmsg(_metadata, self->cfd, record_type, 861 buf, sizeof(buf), MSG_WAITALL), 862 send_len); 863 EXPECT_EQ(memcmp(test_str, buf, send_len), 0); 864 } 865 866 TEST_F(tls, recv_and_splice) 867 { 868 int send_len = TLS_PAYLOAD_MAX_LEN; 869 char mem_send[TLS_PAYLOAD_MAX_LEN]; 870 char mem_recv[TLS_PAYLOAD_MAX_LEN]; 871 int half = send_len / 2; 872 int p[2]; 873 874 ASSERT_GE(pipe(p), 0); 875 EXPECT_EQ(send(self->fd, mem_send, send_len, 0), send_len); 876 /* Recv hald of the record, splice the other half */ 877 EXPECT_EQ(recv(self->cfd, mem_recv, half, MSG_WAITALL), half); 878 EXPECT_EQ(splice(self->cfd, NULL, p[1], NULL, half, SPLICE_F_NONBLOCK), 879 half); 880 EXPECT_EQ(read(p[0], &mem_recv[half], half), half); 881 EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0); 882 } 883 884 TEST_F(tls, peek_and_splice) 885 { 886 int send_len = TLS_PAYLOAD_MAX_LEN; 887 char mem_send[TLS_PAYLOAD_MAX_LEN]; 888 char mem_recv[TLS_PAYLOAD_MAX_LEN]; 889 int chunk = TLS_PAYLOAD_MAX_LEN / 4; 890 int n, i, p[2]; 891 892 memrnd(mem_send, sizeof(mem_send)); 893 894 ASSERT_GE(pipe(p), 0); 895 for (i = 0; i < 4; i++) 896 EXPECT_EQ(send(self->fd, &mem_send[chunk * i], chunk, 0), 897 chunk); 898 899 EXPECT_EQ(recv(self->cfd, mem_recv, chunk * 5 / 2, 900 MSG_WAITALL | MSG_PEEK), 901 chunk * 5 / 2); 902 EXPECT_EQ(memcmp(mem_send, mem_recv, chunk * 5 / 2), 0); 903 904 n = 0; 905 while (n < send_len) { 906 i = splice(self->cfd, NULL, p[1], NULL, send_len - n, 0); 907 EXPECT_GT(i, 0); 908 n += i; 909 } 910 EXPECT_EQ(n, send_len); 911 EXPECT_EQ(read(p[0], mem_recv, send_len), send_len); 912 EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0); 913 } 914 915 TEST_F(tls, recvmsg_single) 916 { 917 char const *test_str = "test_recvmsg_single"; 918 int send_len = strlen(test_str) + 1; 919 char buf[20]; 920 struct msghdr hdr; 921 struct iovec vec; 922 923 memset(&hdr, 0, sizeof(hdr)); 924 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 925 vec.iov_base = (char *)buf; 926 vec.iov_len = send_len; 927 hdr.msg_iovlen = 1; 928 hdr.msg_iov = &vec; 929 EXPECT_NE(recvmsg(self->cfd, &hdr, 0), -1); 930 EXPECT_EQ(memcmp(test_str, buf, send_len), 0); 931 } 932 933 TEST_F(tls, recvmsg_single_max) 934 { 935 int send_len = TLS_PAYLOAD_MAX_LEN; 936 char send_mem[TLS_PAYLOAD_MAX_LEN]; 937 char recv_mem[TLS_PAYLOAD_MAX_LEN]; 938 struct iovec vec; 939 struct msghdr hdr; 940 941 memrnd(send_mem, sizeof(send_mem)); 942 943 EXPECT_EQ(send(self->fd, send_mem, send_len, 0), send_len); 944 vec.iov_base = (char *)recv_mem; 945 vec.iov_len = TLS_PAYLOAD_MAX_LEN; 946 947 hdr.msg_iovlen = 1; 948 hdr.msg_iov = &vec; 949 EXPECT_NE(recvmsg(self->cfd, &hdr, 0), -1); 950 EXPECT_EQ(memcmp(send_mem, recv_mem, send_len), 0); 951 } 952 953 TEST_F(tls, recvmsg_multiple) 954 { 955 unsigned int msg_iovlen = 1024; 956 struct iovec vec[1024]; 957 char *iov_base[1024]; 958 unsigned int iov_len = 16; 959 int send_len = 1 << 14; 960 char buf[1 << 14]; 961 struct msghdr hdr; 962 int i; 963 964 memrnd(buf, sizeof(buf)); 965 966 EXPECT_EQ(send(self->fd, buf, send_len, 0), send_len); 967 for (i = 0; i < msg_iovlen; i++) { 968 iov_base[i] = (char *)malloc(iov_len); 969 vec[i].iov_base = iov_base[i]; 970 vec[i].iov_len = iov_len; 971 } 972 973 hdr.msg_iovlen = msg_iovlen; 974 hdr.msg_iov = vec; 975 EXPECT_NE(recvmsg(self->cfd, &hdr, 0), -1); 976 977 for (i = 0; i < msg_iovlen; i++) 978 free(iov_base[i]); 979 } 980 981 TEST_F(tls, single_send_multiple_recv) 982 { 983 unsigned int total_len = TLS_PAYLOAD_MAX_LEN * 2; 984 unsigned int send_len = TLS_PAYLOAD_MAX_LEN; 985 char send_mem[TLS_PAYLOAD_MAX_LEN * 2]; 986 char recv_mem[TLS_PAYLOAD_MAX_LEN * 2]; 987 988 memrnd(send_mem, sizeof(send_mem)); 989 990 EXPECT_GE(send(self->fd, send_mem, total_len, 0), 0); 991 memset(recv_mem, 0, total_len); 992 993 EXPECT_NE(recv(self->cfd, recv_mem, send_len, 0), -1); 994 EXPECT_NE(recv(self->cfd, recv_mem + send_len, send_len, 0), -1); 995 EXPECT_EQ(memcmp(send_mem, recv_mem, total_len), 0); 996 } 997 998 TEST_F(tls, multiple_send_single_recv) 999 { 1000 unsigned int total_len = 2 * 10; 1001 unsigned int send_len = 10; 1002 char recv_mem[2 * 10]; 1003 char send_mem[10]; 1004 1005 memrnd(send_mem, sizeof(send_mem)); 1006 1007 EXPECT_GE(send(self->fd, send_mem, send_len, 0), 0); 1008 EXPECT_GE(send(self->fd, send_mem, send_len, 0), 0); 1009 memset(recv_mem, 0, total_len); 1010 EXPECT_EQ(recv(self->cfd, recv_mem, total_len, MSG_WAITALL), total_len); 1011 1012 EXPECT_EQ(memcmp(send_mem, recv_mem, send_len), 0); 1013 EXPECT_EQ(memcmp(send_mem, recv_mem + send_len, send_len), 0); 1014 } 1015 1016 TEST_F(tls, single_send_multiple_recv_non_align) 1017 { 1018 const unsigned int total_len = 15; 1019 const unsigned int recv_len = 10; 1020 char recv_mem[recv_len * 2]; 1021 char send_mem[total_len]; 1022 1023 memrnd(send_mem, sizeof(send_mem)); 1024 1025 EXPECT_GE(send(self->fd, send_mem, total_len, 0), 0); 1026 memset(recv_mem, 0, total_len); 1027 1028 EXPECT_EQ(recv(self->cfd, recv_mem, recv_len, 0), recv_len); 1029 EXPECT_EQ(recv(self->cfd, recv_mem + recv_len, recv_len, 0), 5); 1030 EXPECT_EQ(memcmp(send_mem, recv_mem, total_len), 0); 1031 } 1032 1033 TEST_F(tls, recv_partial) 1034 { 1035 char const *test_str = "test_read_partial"; 1036 char const *test_str_first = "test_read"; 1037 char const *test_str_second = "_partial"; 1038 int send_len = strlen(test_str) + 1; 1039 char recv_mem[18]; 1040 1041 memset(recv_mem, 0, sizeof(recv_mem)); 1042 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 1043 EXPECT_EQ(recv(self->cfd, recv_mem, strlen(test_str_first), 1044 MSG_WAITALL), strlen(test_str_first)); 1045 EXPECT_EQ(memcmp(test_str_first, recv_mem, strlen(test_str_first)), 0); 1046 memset(recv_mem, 0, sizeof(recv_mem)); 1047 EXPECT_EQ(recv(self->cfd, recv_mem, strlen(test_str_second), 1048 MSG_WAITALL), strlen(test_str_second)); 1049 EXPECT_EQ(memcmp(test_str_second, recv_mem, strlen(test_str_second)), 1050 0); 1051 } 1052 1053 TEST_F(tls, recv_nonblock) 1054 { 1055 char buf[4096]; 1056 bool err; 1057 1058 EXPECT_EQ(recv(self->cfd, buf, sizeof(buf), MSG_DONTWAIT), -1); 1059 err = (errno == EAGAIN || errno == EWOULDBLOCK); 1060 EXPECT_EQ(err, true); 1061 } 1062 1063 TEST_F(tls, recv_peek) 1064 { 1065 char const *test_str = "test_read_peek"; 1066 int send_len = strlen(test_str) + 1; 1067 char buf[15]; 1068 1069 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 1070 EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_PEEK), send_len); 1071 EXPECT_EQ(memcmp(test_str, buf, send_len), 0); 1072 memset(buf, 0, sizeof(buf)); 1073 EXPECT_EQ(recv(self->cfd, buf, send_len, 0), send_len); 1074 EXPECT_EQ(memcmp(test_str, buf, send_len), 0); 1075 } 1076 1077 TEST_F(tls, recv_peek_multiple) 1078 { 1079 char const *test_str = "test_read_peek"; 1080 int send_len = strlen(test_str) + 1; 1081 unsigned int num_peeks = 100; 1082 char buf[15]; 1083 int i; 1084 1085 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 1086 for (i = 0; i < num_peeks; i++) { 1087 EXPECT_NE(recv(self->cfd, buf, send_len, MSG_PEEK), -1); 1088 EXPECT_EQ(memcmp(test_str, buf, send_len), 0); 1089 memset(buf, 0, sizeof(buf)); 1090 } 1091 EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1); 1092 EXPECT_EQ(memcmp(test_str, buf, send_len), 0); 1093 } 1094 1095 TEST_F(tls, recv_peek_multiple_records) 1096 { 1097 char const *test_str = "test_read_peek_mult_recs"; 1098 char const *test_str_first = "test_read_peek"; 1099 char const *test_str_second = "_mult_recs"; 1100 int len; 1101 char buf[64]; 1102 1103 len = strlen(test_str_first); 1104 EXPECT_EQ(send(self->fd, test_str_first, len, 0), len); 1105 1106 len = strlen(test_str_second) + 1; 1107 EXPECT_EQ(send(self->fd, test_str_second, len, 0), len); 1108 1109 len = strlen(test_str_first); 1110 memset(buf, 0, len); 1111 EXPECT_EQ(recv(self->cfd, buf, len, MSG_PEEK | MSG_WAITALL), len); 1112 1113 /* MSG_PEEK can only peek into the current record. */ 1114 len = strlen(test_str_first); 1115 EXPECT_EQ(memcmp(test_str_first, buf, len), 0); 1116 1117 len = strlen(test_str) + 1; 1118 memset(buf, 0, len); 1119 EXPECT_EQ(recv(self->cfd, buf, len, MSG_WAITALL), len); 1120 1121 /* Non-MSG_PEEK will advance strparser (and therefore record) 1122 * however. 1123 */ 1124 len = strlen(test_str) + 1; 1125 EXPECT_EQ(memcmp(test_str, buf, len), 0); 1126 1127 /* MSG_MORE will hold current record open, so later MSG_PEEK 1128 * will see everything. 1129 */ 1130 len = strlen(test_str_first); 1131 EXPECT_EQ(send(self->fd, test_str_first, len, MSG_MORE), len); 1132 1133 len = strlen(test_str_second) + 1; 1134 EXPECT_EQ(send(self->fd, test_str_second, len, 0), len); 1135 1136 len = strlen(test_str) + 1; 1137 memset(buf, 0, len); 1138 EXPECT_EQ(recv(self->cfd, buf, len, MSG_PEEK | MSG_WAITALL), len); 1139 1140 len = strlen(test_str) + 1; 1141 EXPECT_EQ(memcmp(test_str, buf, len), 0); 1142 } 1143 1144 TEST_F(tls, recv_peek_large_buf_mult_recs) 1145 { 1146 char const *test_str = "test_read_peek_mult_recs"; 1147 char const *test_str_first = "test_read_peek"; 1148 char const *test_str_second = "_mult_recs"; 1149 int len; 1150 char buf[64]; 1151 1152 len = strlen(test_str_first); 1153 EXPECT_EQ(send(self->fd, test_str_first, len, 0), len); 1154 1155 len = strlen(test_str_second) + 1; 1156 EXPECT_EQ(send(self->fd, test_str_second, len, 0), len); 1157 1158 len = strlen(test_str) + 1; 1159 memset(buf, 0, len); 1160 EXPECT_NE((len = recv(self->cfd, buf, len, 1161 MSG_PEEK | MSG_WAITALL)), -1); 1162 len = strlen(test_str) + 1; 1163 EXPECT_EQ(memcmp(test_str, buf, len), 0); 1164 } 1165 1166 TEST_F(tls, recv_lowat) 1167 { 1168 char send_mem[10] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 }; 1169 char recv_mem[20]; 1170 int lowat = 8; 1171 1172 EXPECT_EQ(send(self->fd, send_mem, 10, 0), 10); 1173 EXPECT_EQ(send(self->fd, send_mem, 5, 0), 5); 1174 1175 memset(recv_mem, 0, 20); 1176 EXPECT_EQ(setsockopt(self->cfd, SOL_SOCKET, SO_RCVLOWAT, 1177 &lowat, sizeof(lowat)), 0); 1178 EXPECT_EQ(recv(self->cfd, recv_mem, 1, MSG_WAITALL), 1); 1179 EXPECT_EQ(recv(self->cfd, recv_mem + 1, 6, MSG_WAITALL), 6); 1180 EXPECT_EQ(recv(self->cfd, recv_mem + 7, 10, 0), 8); 1181 1182 EXPECT_EQ(memcmp(send_mem, recv_mem, 10), 0); 1183 EXPECT_EQ(memcmp(send_mem, recv_mem + 10, 5), 0); 1184 } 1185 1186 TEST_F(tls, bidir) 1187 { 1188 char const *test_str = "test_read"; 1189 int send_len = 10; 1190 char buf[10]; 1191 int ret; 1192 1193 if (!self->notls) { 1194 struct tls_crypto_info_keys tls12; 1195 1196 tls_crypto_info_init(variant->tls_version, variant->cipher_type, 1197 &tls12, 0); 1198 1199 ret = setsockopt(self->fd, SOL_TLS, TLS_RX, &tls12, 1200 tls12.len); 1201 ASSERT_EQ(ret, 0); 1202 1203 ret = setsockopt(self->cfd, SOL_TLS, TLS_TX, &tls12, 1204 tls12.len); 1205 ASSERT_EQ(ret, 0); 1206 } 1207 1208 ASSERT_EQ(strlen(test_str) + 1, send_len); 1209 1210 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 1211 EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1); 1212 EXPECT_EQ(memcmp(buf, test_str, send_len), 0); 1213 1214 memset(buf, 0, sizeof(buf)); 1215 1216 EXPECT_EQ(send(self->cfd, test_str, send_len, 0), send_len); 1217 EXPECT_NE(recv(self->fd, buf, send_len, 0), -1); 1218 EXPECT_EQ(memcmp(buf, test_str, send_len), 0); 1219 }; 1220 1221 TEST_F(tls, pollin) 1222 { 1223 char const *test_str = "test_poll"; 1224 struct pollfd fd = { 0, 0, 0 }; 1225 char buf[10]; 1226 int send_len = 10; 1227 1228 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 1229 fd.fd = self->cfd; 1230 fd.events = POLLIN; 1231 1232 EXPECT_EQ(poll(&fd, 1, 20), 1); 1233 EXPECT_EQ(fd.revents & POLLIN, 1); 1234 EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_WAITALL), send_len); 1235 /* Test timing out */ 1236 EXPECT_EQ(poll(&fd, 1, 20), 0); 1237 } 1238 1239 TEST_F(tls, poll_wait) 1240 { 1241 char const *test_str = "test_poll_wait"; 1242 int send_len = strlen(test_str) + 1; 1243 struct pollfd fd = { 0, 0, 0 }; 1244 char recv_mem[15]; 1245 1246 fd.fd = self->cfd; 1247 fd.events = POLLIN; 1248 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 1249 /* Set timeout to inf. secs */ 1250 EXPECT_EQ(poll(&fd, 1, -1), 1); 1251 EXPECT_EQ(fd.revents & POLLIN, 1); 1252 EXPECT_EQ(recv(self->cfd, recv_mem, send_len, MSG_WAITALL), send_len); 1253 } 1254 1255 TEST_F(tls, poll_wait_split) 1256 { 1257 struct pollfd fd = { 0, 0, 0 }; 1258 char send_mem[20] = {}; 1259 char recv_mem[15]; 1260 1261 fd.fd = self->cfd; 1262 fd.events = POLLIN; 1263 /* Send 20 bytes */ 1264 EXPECT_EQ(send(self->fd, send_mem, sizeof(send_mem), 0), 1265 sizeof(send_mem)); 1266 /* Poll with inf. timeout */ 1267 EXPECT_EQ(poll(&fd, 1, -1), 1); 1268 EXPECT_EQ(fd.revents & POLLIN, 1); 1269 EXPECT_EQ(recv(self->cfd, recv_mem, sizeof(recv_mem), MSG_WAITALL), 1270 sizeof(recv_mem)); 1271 1272 /* Now the remaining 5 bytes of record data are in TLS ULP */ 1273 fd.fd = self->cfd; 1274 fd.events = POLLIN; 1275 EXPECT_EQ(poll(&fd, 1, -1), 1); 1276 EXPECT_EQ(fd.revents & POLLIN, 1); 1277 EXPECT_EQ(recv(self->cfd, recv_mem, sizeof(recv_mem), 0), 1278 sizeof(send_mem) - sizeof(recv_mem)); 1279 } 1280 1281 TEST_F(tls, blocking) 1282 { 1283 size_t data = 100000; 1284 int res = fork(); 1285 1286 EXPECT_NE(res, -1); 1287 1288 if (res) { 1289 /* parent */ 1290 size_t left = data; 1291 char buf[16384]; 1292 int status; 1293 int pid2; 1294 1295 while (left) { 1296 int res = send(self->fd, buf, 1297 left > 16384 ? 16384 : left, 0); 1298 1299 EXPECT_GE(res, 0); 1300 left -= res; 1301 } 1302 1303 pid2 = wait(&status); 1304 EXPECT_EQ(status, 0); 1305 EXPECT_EQ(res, pid2); 1306 } else { 1307 /* child */ 1308 size_t left = data; 1309 char buf[16384]; 1310 1311 while (left) { 1312 int res = recv(self->cfd, buf, 1313 left > 16384 ? 16384 : left, 0); 1314 1315 EXPECT_GE(res, 0); 1316 left -= res; 1317 } 1318 } 1319 } 1320 1321 TEST_F(tls, nonblocking) 1322 { 1323 size_t data = 100000; 1324 int sendbuf = 100; 1325 int flags; 1326 int res; 1327 1328 flags = fcntl(self->fd, F_GETFL, 0); 1329 fcntl(self->fd, F_SETFL, flags | O_NONBLOCK); 1330 fcntl(self->cfd, F_SETFL, flags | O_NONBLOCK); 1331 1332 /* Ensure nonblocking behavior by imposing a small send 1333 * buffer. 1334 */ 1335 EXPECT_EQ(setsockopt(self->fd, SOL_SOCKET, SO_SNDBUF, 1336 &sendbuf, sizeof(sendbuf)), 0); 1337 1338 res = fork(); 1339 EXPECT_NE(res, -1); 1340 1341 if (res) { 1342 /* parent */ 1343 bool eagain = false; 1344 size_t left = data; 1345 char buf[16384]; 1346 int status; 1347 int pid2; 1348 1349 while (left) { 1350 int res = send(self->fd, buf, 1351 left > 16384 ? 16384 : left, 0); 1352 1353 if (res == -1 && errno == EAGAIN) { 1354 eagain = true; 1355 usleep(10000); 1356 continue; 1357 } 1358 EXPECT_GE(res, 0); 1359 left -= res; 1360 } 1361 1362 EXPECT_TRUE(eagain); 1363 pid2 = wait(&status); 1364 1365 EXPECT_EQ(status, 0); 1366 EXPECT_EQ(res, pid2); 1367 } else { 1368 /* child */ 1369 bool eagain = false; 1370 size_t left = data; 1371 char buf[16384]; 1372 1373 while (left) { 1374 int res = recv(self->cfd, buf, 1375 left > 16384 ? 16384 : left, 0); 1376 1377 if (res == -1 && errno == EAGAIN) { 1378 eagain = true; 1379 usleep(10000); 1380 continue; 1381 } 1382 EXPECT_GE(res, 0); 1383 left -= res; 1384 } 1385 EXPECT_TRUE(eagain); 1386 } 1387 } 1388 1389 static void 1390 test_mutliproc(struct __test_metadata *_metadata, struct _test_data_tls *self, 1391 bool sendpg, unsigned int n_readers, unsigned int n_writers) 1392 { 1393 const unsigned int n_children = n_readers + n_writers; 1394 const size_t data = 6 * 1000 * 1000; 1395 const size_t file_sz = data / 100; 1396 size_t read_bias, write_bias; 1397 int i, fd, child_id; 1398 char buf[file_sz]; 1399 pid_t pid; 1400 1401 /* Only allow multiples for simplicity */ 1402 ASSERT_EQ(!(n_readers % n_writers) || !(n_writers % n_readers), true); 1403 read_bias = n_writers / n_readers ?: 1; 1404 write_bias = n_readers / n_writers ?: 1; 1405 1406 /* prep a file to send */ 1407 fd = open("/tmp/", O_TMPFILE | O_RDWR, 0600); 1408 ASSERT_GE(fd, 0); 1409 1410 memset(buf, 0xac, file_sz); 1411 ASSERT_EQ(write(fd, buf, file_sz), file_sz); 1412 1413 /* spawn children */ 1414 for (child_id = 0; child_id < n_children; child_id++) { 1415 pid = fork(); 1416 ASSERT_NE(pid, -1); 1417 if (!pid) 1418 break; 1419 } 1420 1421 /* parent waits for all children */ 1422 if (pid) { 1423 for (i = 0; i < n_children; i++) { 1424 int status; 1425 1426 wait(&status); 1427 EXPECT_EQ(status, 0); 1428 } 1429 1430 return; 1431 } 1432 1433 /* Split threads for reading and writing */ 1434 if (child_id < n_readers) { 1435 size_t left = data * read_bias; 1436 char rb[8001]; 1437 1438 while (left) { 1439 int res; 1440 1441 res = recv(self->cfd, rb, 1442 left > sizeof(rb) ? sizeof(rb) : left, 0); 1443 1444 EXPECT_GE(res, 0); 1445 left -= res; 1446 } 1447 } else { 1448 size_t left = data * write_bias; 1449 1450 while (left) { 1451 int res; 1452 1453 ASSERT_EQ(lseek(fd, 0, SEEK_SET), 0); 1454 if (sendpg) 1455 res = sendfile(self->fd, fd, NULL, 1456 left > file_sz ? file_sz : left); 1457 else 1458 res = send(self->fd, buf, 1459 left > file_sz ? file_sz : left, 0); 1460 1461 EXPECT_GE(res, 0); 1462 left -= res; 1463 } 1464 } 1465 } 1466 1467 TEST_F(tls, mutliproc_even) 1468 { 1469 test_mutliproc(_metadata, self, false, 6, 6); 1470 } 1471 1472 TEST_F(tls, mutliproc_readers) 1473 { 1474 test_mutliproc(_metadata, self, false, 4, 12); 1475 } 1476 1477 TEST_F(tls, mutliproc_writers) 1478 { 1479 test_mutliproc(_metadata, self, false, 10, 2); 1480 } 1481 1482 TEST_F(tls, mutliproc_sendpage_even) 1483 { 1484 test_mutliproc(_metadata, self, true, 6, 6); 1485 } 1486 1487 TEST_F(tls, mutliproc_sendpage_readers) 1488 { 1489 test_mutliproc(_metadata, self, true, 4, 12); 1490 } 1491 1492 TEST_F(tls, mutliproc_sendpage_writers) 1493 { 1494 test_mutliproc(_metadata, self, true, 10, 2); 1495 } 1496 1497 TEST_F(tls, control_msg) 1498 { 1499 char *test_str = "test_read"; 1500 char record_type = 100; 1501 int send_len = 10; 1502 char buf[10]; 1503 1504 if (self->notls) 1505 SKIP(return, "no TLS support"); 1506 1507 EXPECT_EQ(tls_send_cmsg(self->fd, record_type, test_str, send_len, 0), 1508 send_len); 1509 /* Should fail because we didn't provide a control message */ 1510 EXPECT_EQ(recv(self->cfd, buf, send_len, 0), -1); 1511 1512 EXPECT_EQ(tls_recv_cmsg(_metadata, self->cfd, record_type, 1513 buf, sizeof(buf), MSG_WAITALL | MSG_PEEK), 1514 send_len); 1515 EXPECT_EQ(memcmp(buf, test_str, send_len), 0); 1516 1517 /* Recv the message again without MSG_PEEK */ 1518 memset(buf, 0, sizeof(buf)); 1519 1520 EXPECT_EQ(tls_recv_cmsg(_metadata, self->cfd, record_type, 1521 buf, sizeof(buf), MSG_WAITALL), 1522 send_len); 1523 EXPECT_EQ(memcmp(buf, test_str, send_len), 0); 1524 } 1525 1526 TEST_F(tls, control_msg_nomerge) 1527 { 1528 char *rec1 = "1111"; 1529 char *rec2 = "2222"; 1530 int send_len = 5; 1531 char buf[15]; 1532 1533 if (self->notls) 1534 SKIP(return, "no TLS support"); 1535 1536 EXPECT_EQ(tls_send_cmsg(self->fd, 100, rec1, send_len, 0), send_len); 1537 EXPECT_EQ(tls_send_cmsg(self->fd, 100, rec2, send_len, 0), send_len); 1538 1539 EXPECT_EQ(tls_recv_cmsg(_metadata, self->cfd, 100, buf, sizeof(buf), MSG_PEEK), send_len); 1540 EXPECT_EQ(memcmp(buf, rec1, send_len), 0); 1541 1542 EXPECT_EQ(tls_recv_cmsg(_metadata, self->cfd, 100, buf, sizeof(buf), MSG_PEEK), send_len); 1543 EXPECT_EQ(memcmp(buf, rec1, send_len), 0); 1544 1545 EXPECT_EQ(tls_recv_cmsg(_metadata, self->cfd, 100, buf, sizeof(buf), 0), send_len); 1546 EXPECT_EQ(memcmp(buf, rec1, send_len), 0); 1547 1548 EXPECT_EQ(tls_recv_cmsg(_metadata, self->cfd, 100, buf, sizeof(buf), 0), send_len); 1549 EXPECT_EQ(memcmp(buf, rec2, send_len), 0); 1550 } 1551 1552 TEST_F(tls, data_control_data) 1553 { 1554 char *rec1 = "1111"; 1555 char *rec2 = "2222"; 1556 char *rec3 = "3333"; 1557 int send_len = 5; 1558 char buf[15]; 1559 1560 if (self->notls) 1561 SKIP(return, "no TLS support"); 1562 1563 EXPECT_EQ(send(self->fd, rec1, send_len, 0), send_len); 1564 EXPECT_EQ(tls_send_cmsg(self->fd, 100, rec2, send_len, 0), send_len); 1565 EXPECT_EQ(send(self->fd, rec3, send_len, 0), send_len); 1566 1567 EXPECT_EQ(recv(self->cfd, buf, sizeof(buf), MSG_PEEK), send_len); 1568 EXPECT_EQ(recv(self->cfd, buf, sizeof(buf), MSG_PEEK), send_len); 1569 } 1570 1571 TEST_F(tls, shutdown) 1572 { 1573 char const *test_str = "test_read"; 1574 int send_len = 10; 1575 char buf[10]; 1576 1577 ASSERT_EQ(strlen(test_str) + 1, send_len); 1578 1579 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 1580 EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1); 1581 EXPECT_EQ(memcmp(buf, test_str, send_len), 0); 1582 1583 shutdown(self->fd, SHUT_RDWR); 1584 shutdown(self->cfd, SHUT_RDWR); 1585 } 1586 1587 TEST_F(tls, shutdown_unsent) 1588 { 1589 char const *test_str = "test_read"; 1590 int send_len = 10; 1591 1592 EXPECT_EQ(send(self->fd, test_str, send_len, MSG_MORE), send_len); 1593 1594 shutdown(self->fd, SHUT_RDWR); 1595 shutdown(self->cfd, SHUT_RDWR); 1596 } 1597 1598 TEST_F(tls, shutdown_reuse) 1599 { 1600 struct sockaddr_in addr; 1601 int ret; 1602 1603 shutdown(self->fd, SHUT_RDWR); 1604 shutdown(self->cfd, SHUT_RDWR); 1605 close(self->cfd); 1606 1607 addr.sin_family = AF_INET; 1608 addr.sin_addr.s_addr = htonl(INADDR_ANY); 1609 addr.sin_port = 0; 1610 1611 ret = bind(self->fd, &addr, sizeof(addr)); 1612 EXPECT_EQ(ret, 0); 1613 ret = listen(self->fd, 10); 1614 EXPECT_EQ(ret, -1); 1615 EXPECT_EQ(errno, EINVAL); 1616 1617 ret = connect(self->fd, &addr, sizeof(addr)); 1618 EXPECT_EQ(ret, -1); 1619 EXPECT_EQ(errno, EISCONN); 1620 } 1621 1622 TEST_F(tls, getsockopt) 1623 { 1624 struct tls_crypto_info_keys expect, get; 1625 socklen_t len; 1626 1627 /* get only the version/cipher */ 1628 len = sizeof(struct tls_crypto_info); 1629 memrnd(&get, sizeof(get)); 1630 EXPECT_EQ(getsockopt(self->fd, SOL_TLS, TLS_TX, &get, &len), 0); 1631 EXPECT_EQ(len, sizeof(struct tls_crypto_info)); 1632 EXPECT_EQ(get.crypto_info.version, variant->tls_version); 1633 EXPECT_EQ(get.crypto_info.cipher_type, variant->cipher_type); 1634 1635 /* get the full crypto_info */ 1636 tls_crypto_info_init(variant->tls_version, variant->cipher_type, &expect, 0); 1637 len = expect.len; 1638 memrnd(&get, sizeof(get)); 1639 EXPECT_EQ(getsockopt(self->fd, SOL_TLS, TLS_TX, &get, &len), 0); 1640 EXPECT_EQ(len, expect.len); 1641 EXPECT_EQ(get.crypto_info.version, variant->tls_version); 1642 EXPECT_EQ(get.crypto_info.cipher_type, variant->cipher_type); 1643 EXPECT_EQ(memcmp(&get, &expect, expect.len), 0); 1644 1645 /* short get should fail */ 1646 len = sizeof(struct tls_crypto_info) - 1; 1647 EXPECT_EQ(getsockopt(self->fd, SOL_TLS, TLS_TX, &get, &len), -1); 1648 EXPECT_EQ(errno, EINVAL); 1649 1650 /* partial get of the cipher data should fail */ 1651 len = expect.len - 1; 1652 EXPECT_EQ(getsockopt(self->fd, SOL_TLS, TLS_TX, &get, &len), -1); 1653 EXPECT_EQ(errno, EINVAL); 1654 } 1655 1656 TEST_F(tls, recv_efault) 1657 { 1658 char *rec1 = "1111111111"; 1659 char *rec2 = "2222222222"; 1660 struct msghdr hdr = {}; 1661 struct iovec iov[2]; 1662 char recv_mem[12]; 1663 int ret; 1664 1665 if (self->notls) 1666 SKIP(return, "no TLS support"); 1667 1668 EXPECT_EQ(send(self->fd, rec1, 10, 0), 10); 1669 EXPECT_EQ(send(self->fd, rec2, 10, 0), 10); 1670 1671 iov[0].iov_base = recv_mem; 1672 iov[0].iov_len = sizeof(recv_mem); 1673 iov[1].iov_base = NULL; /* broken iov to make process_rx_list fail */ 1674 iov[1].iov_len = 1; 1675 1676 hdr.msg_iovlen = 2; 1677 hdr.msg_iov = iov; 1678 1679 EXPECT_EQ(recv(self->cfd, recv_mem, 1, 0), 1); 1680 EXPECT_EQ(recv_mem[0], rec1[0]); 1681 1682 ret = recvmsg(self->cfd, &hdr, 0); 1683 EXPECT_LE(ret, sizeof(recv_mem)); 1684 EXPECT_GE(ret, 9); 1685 EXPECT_EQ(memcmp(rec1, recv_mem, 9), 0); 1686 if (ret > 9) 1687 EXPECT_EQ(memcmp(rec2, recv_mem + 9, ret - 9), 0); 1688 } 1689 1690 #define TLS_RECORD_TYPE_HANDSHAKE 0x16 1691 /* key_update, length 1, update_not_requested */ 1692 static const char key_update_msg[] = "\x18\x00\x00\x01\x00"; 1693 static void tls_send_keyupdate(struct __test_metadata *_metadata, int fd) 1694 { 1695 size_t len = sizeof(key_update_msg); 1696 1697 EXPECT_EQ(tls_send_cmsg(fd, TLS_RECORD_TYPE_HANDSHAKE, 1698 (char *)key_update_msg, len, 0), 1699 len); 1700 } 1701 1702 static void tls_recv_keyupdate(struct __test_metadata *_metadata, int fd, int flags) 1703 { 1704 char buf[100]; 1705 1706 EXPECT_EQ(tls_recv_cmsg(_metadata, fd, TLS_RECORD_TYPE_HANDSHAKE, buf, sizeof(buf), flags), 1707 sizeof(key_update_msg)); 1708 EXPECT_EQ(memcmp(buf, key_update_msg, sizeof(key_update_msg)), 0); 1709 } 1710 1711 /* set the key to 0 then 1 for RX, immediately to 1 for TX */ 1712 TEST_F(tls_basic, rekey_rx) 1713 { 1714 struct tls_crypto_info_keys tls12_0, tls12_1; 1715 char const *test_str = "test_message"; 1716 int send_len = strlen(test_str) + 1; 1717 char buf[20]; 1718 int ret; 1719 1720 if (self->notls) 1721 return; 1722 1723 tls_crypto_info_init(TLS_1_3_VERSION, TLS_CIPHER_AES_GCM_128, 1724 &tls12_0, 0); 1725 tls_crypto_info_init(TLS_1_3_VERSION, TLS_CIPHER_AES_GCM_128, 1726 &tls12_1, 1); 1727 1728 ret = setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12_1, tls12_1.len); 1729 ASSERT_EQ(ret, 0); 1730 1731 ret = setsockopt(self->cfd, SOL_TLS, TLS_RX, &tls12_0, tls12_0.len); 1732 ASSERT_EQ(ret, 0); 1733 1734 ret = setsockopt(self->cfd, SOL_TLS, TLS_RX, &tls12_1, tls12_1.len); 1735 EXPECT_EQ(ret, 0); 1736 1737 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 1738 EXPECT_EQ(recv(self->cfd, buf, send_len, 0), send_len); 1739 EXPECT_EQ(memcmp(buf, test_str, send_len), 0); 1740 } 1741 1742 /* set the key to 0 then 1 for TX, immediately to 1 for RX */ 1743 TEST_F(tls_basic, rekey_tx) 1744 { 1745 struct tls_crypto_info_keys tls12_0, tls12_1; 1746 char const *test_str = "test_message"; 1747 int send_len = strlen(test_str) + 1; 1748 char buf[20]; 1749 int ret; 1750 1751 if (self->notls) 1752 return; 1753 1754 tls_crypto_info_init(TLS_1_3_VERSION, TLS_CIPHER_AES_GCM_128, 1755 &tls12_0, 0); 1756 tls_crypto_info_init(TLS_1_3_VERSION, TLS_CIPHER_AES_GCM_128, 1757 &tls12_1, 1); 1758 1759 ret = setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12_0, tls12_0.len); 1760 ASSERT_EQ(ret, 0); 1761 1762 ret = setsockopt(self->cfd, SOL_TLS, TLS_RX, &tls12_1, tls12_1.len); 1763 ASSERT_EQ(ret, 0); 1764 1765 ret = setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12_1, tls12_1.len); 1766 EXPECT_EQ(ret, 0); 1767 1768 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 1769 EXPECT_EQ(recv(self->cfd, buf, send_len, 0), send_len); 1770 EXPECT_EQ(memcmp(buf, test_str, send_len), 0); 1771 } 1772 1773 TEST_F(tls_basic, disconnect) 1774 { 1775 char const *test_str = "test_message"; 1776 int send_len = strlen(test_str) + 1; 1777 struct tls_crypto_info_keys key; 1778 struct sockaddr_in addr; 1779 char buf[20]; 1780 int ret; 1781 1782 if (self->notls) 1783 return; 1784 1785 tls_crypto_info_init(TLS_1_3_VERSION, TLS_CIPHER_AES_GCM_128, 1786 &key, 0); 1787 1788 ret = setsockopt(self->fd, SOL_TLS, TLS_TX, &key, key.len); 1789 ASSERT_EQ(ret, 0); 1790 1791 /* Pre-queue the data so that setsockopt parses it but doesn't 1792 * dequeue it from the TCP socket. recvmsg would dequeue. 1793 */ 1794 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 1795 1796 ret = setsockopt(self->cfd, SOL_TLS, TLS_RX, &key, key.len); 1797 ASSERT_EQ(ret, 0); 1798 1799 addr.sin_family = AF_UNSPEC; 1800 addr.sin_addr.s_addr = htonl(INADDR_ANY); 1801 addr.sin_port = 0; 1802 ret = connect(self->cfd, &addr, sizeof(addr)); 1803 EXPECT_EQ(ret, -1); 1804 EXPECT_EQ(errno, EOPNOTSUPP); 1805 1806 EXPECT_EQ(recv(self->cfd, buf, send_len, 0), send_len); 1807 } 1808 1809 TEST_F(tls, rekey) 1810 { 1811 char const *test_str_1 = "test_message_before_rekey"; 1812 char const *test_str_2 = "test_message_after_rekey"; 1813 struct tls_crypto_info_keys tls12; 1814 int send_len; 1815 char buf[100]; 1816 1817 if (variant->tls_version != TLS_1_3_VERSION) 1818 return; 1819 1820 /* initial send/recv */ 1821 send_len = strlen(test_str_1) + 1; 1822 EXPECT_EQ(send(self->fd, test_str_1, send_len, 0), send_len); 1823 EXPECT_EQ(recv(self->cfd, buf, send_len, 0), send_len); 1824 EXPECT_EQ(memcmp(buf, test_str_1, send_len), 0); 1825 1826 /* update TX key */ 1827 tls_send_keyupdate(_metadata, self->fd); 1828 tls_crypto_info_init(variant->tls_version, variant->cipher_type, &tls12, 1); 1829 EXPECT_EQ(setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, tls12.len), 0); 1830 1831 /* send after rekey */ 1832 send_len = strlen(test_str_2) + 1; 1833 EXPECT_EQ(send(self->fd, test_str_2, send_len, 0), send_len); 1834 1835 /* can't receive the KeyUpdate without a control message */ 1836 EXPECT_EQ(recv(self->cfd, buf, send_len, 0), -1); 1837 1838 /* get KeyUpdate */ 1839 tls_recv_keyupdate(_metadata, self->cfd, 0); 1840 1841 /* recv blocking -> -EKEYEXPIRED */ 1842 EXPECT_EQ(recv(self->cfd, buf, sizeof(buf), 0), -1); 1843 EXPECT_EQ(errno, EKEYEXPIRED); 1844 1845 /* recv non-blocking -> -EKEYEXPIRED */ 1846 EXPECT_EQ(recv(self->cfd, buf, sizeof(buf), MSG_DONTWAIT), -1); 1847 EXPECT_EQ(errno, EKEYEXPIRED); 1848 1849 /* update RX key */ 1850 EXPECT_EQ(setsockopt(self->cfd, SOL_TLS, TLS_RX, &tls12, tls12.len), 0); 1851 1852 /* recv after rekey */ 1853 EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1); 1854 EXPECT_EQ(memcmp(buf, test_str_2, send_len), 0); 1855 } 1856 1857 TEST_F(tls, rekey_fail) 1858 { 1859 char const *test_str_1 = "test_message_before_rekey"; 1860 char const *test_str_2 = "test_message_after_rekey"; 1861 struct tls_crypto_info_keys tls12; 1862 int send_len; 1863 char buf[100]; 1864 1865 /* initial send/recv */ 1866 send_len = strlen(test_str_1) + 1; 1867 EXPECT_EQ(send(self->fd, test_str_1, send_len, 0), send_len); 1868 EXPECT_EQ(recv(self->cfd, buf, send_len, 0), send_len); 1869 EXPECT_EQ(memcmp(buf, test_str_1, send_len), 0); 1870 1871 /* update TX key */ 1872 tls_send_keyupdate(_metadata, self->fd); 1873 1874 if (variant->tls_version != TLS_1_3_VERSION) { 1875 /* just check that rekey is not supported and return */ 1876 tls_crypto_info_init(variant->tls_version, variant->cipher_type, &tls12, 1); 1877 EXPECT_EQ(setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, tls12.len), -1); 1878 EXPECT_EQ(errno, EBUSY); 1879 return; 1880 } 1881 1882 /* successful update */ 1883 tls_crypto_info_init(variant->tls_version, variant->cipher_type, &tls12, 1); 1884 EXPECT_EQ(setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, tls12.len), 0); 1885 1886 /* invalid update: change of version */ 1887 tls_crypto_info_init(TLS_1_2_VERSION, variant->cipher_type, &tls12, 1); 1888 EXPECT_EQ(setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, tls12.len), -1); 1889 EXPECT_EQ(errno, EINVAL); 1890 1891 /* invalid update (RX socket): change of version */ 1892 tls_crypto_info_init(TLS_1_2_VERSION, variant->cipher_type, &tls12, 1); 1893 EXPECT_EQ(setsockopt(self->cfd, SOL_TLS, TLS_RX, &tls12, tls12.len), -1); 1894 EXPECT_EQ(errno, EINVAL); 1895 1896 /* invalid update: change of cipher */ 1897 if (variant->cipher_type == TLS_CIPHER_AES_GCM_256) 1898 tls_crypto_info_init(variant->tls_version, TLS_CIPHER_CHACHA20_POLY1305, &tls12, 1); 1899 else 1900 tls_crypto_info_init(variant->tls_version, TLS_CIPHER_AES_GCM_256, &tls12, 1); 1901 EXPECT_EQ(setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, tls12.len), -1); 1902 EXPECT_EQ(errno, EINVAL); 1903 1904 /* send after rekey, the invalid updates shouldn't have an effect */ 1905 send_len = strlen(test_str_2) + 1; 1906 EXPECT_EQ(send(self->fd, test_str_2, send_len, 0), send_len); 1907 1908 /* can't receive the KeyUpdate without a control message */ 1909 EXPECT_EQ(recv(self->cfd, buf, send_len, 0), -1); 1910 1911 /* get KeyUpdate */ 1912 tls_recv_keyupdate(_metadata, self->cfd, 0); 1913 1914 /* recv blocking -> -EKEYEXPIRED */ 1915 EXPECT_EQ(recv(self->cfd, buf, sizeof(buf), 0), -1); 1916 EXPECT_EQ(errno, EKEYEXPIRED); 1917 1918 /* recv non-blocking -> -EKEYEXPIRED */ 1919 EXPECT_EQ(recv(self->cfd, buf, sizeof(buf), MSG_DONTWAIT), -1); 1920 EXPECT_EQ(errno, EKEYEXPIRED); 1921 1922 /* update RX key */ 1923 tls_crypto_info_init(variant->tls_version, variant->cipher_type, &tls12, 1); 1924 EXPECT_EQ(setsockopt(self->cfd, SOL_TLS, TLS_RX, &tls12, tls12.len), 0); 1925 1926 /* recv after rekey */ 1927 EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1); 1928 EXPECT_EQ(memcmp(buf, test_str_2, send_len), 0); 1929 } 1930 1931 TEST_F(tls, rekey_peek) 1932 { 1933 char const *test_str_1 = "test_message_before_rekey"; 1934 struct tls_crypto_info_keys tls12; 1935 int send_len; 1936 char buf[100]; 1937 1938 if (variant->tls_version != TLS_1_3_VERSION) 1939 return; 1940 1941 send_len = strlen(test_str_1) + 1; 1942 EXPECT_EQ(send(self->fd, test_str_1, send_len, 0), send_len); 1943 1944 /* update TX key */ 1945 tls_send_keyupdate(_metadata, self->fd); 1946 tls_crypto_info_init(variant->tls_version, variant->cipher_type, &tls12, 1); 1947 EXPECT_EQ(setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, tls12.len), 0); 1948 1949 EXPECT_EQ(recv(self->cfd, buf, sizeof(buf), MSG_PEEK), send_len); 1950 EXPECT_EQ(memcmp(buf, test_str_1, send_len), 0); 1951 1952 EXPECT_EQ(recv(self->cfd, buf, send_len, 0), send_len); 1953 EXPECT_EQ(memcmp(buf, test_str_1, send_len), 0); 1954 1955 /* can't receive the KeyUpdate without a control message */ 1956 EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_PEEK), -1); 1957 1958 /* peek KeyUpdate */ 1959 tls_recv_keyupdate(_metadata, self->cfd, MSG_PEEK); 1960 1961 /* get KeyUpdate */ 1962 tls_recv_keyupdate(_metadata, self->cfd, 0); 1963 1964 /* update RX key */ 1965 EXPECT_EQ(setsockopt(self->cfd, SOL_TLS, TLS_RX, &tls12, tls12.len), 0); 1966 } 1967 1968 TEST_F(tls, splice_rekey) 1969 { 1970 int send_len = TLS_PAYLOAD_MAX_LEN / 2; 1971 char mem_send[TLS_PAYLOAD_MAX_LEN]; 1972 char mem_recv[TLS_PAYLOAD_MAX_LEN]; 1973 struct tls_crypto_info_keys tls12; 1974 int p[2]; 1975 1976 if (variant->tls_version != TLS_1_3_VERSION) 1977 return; 1978 1979 memrnd(mem_send, sizeof(mem_send)); 1980 1981 ASSERT_GE(pipe(p), 0); 1982 EXPECT_EQ(send(self->fd, mem_send, send_len, 0), send_len); 1983 1984 /* update TX key */ 1985 tls_send_keyupdate(_metadata, self->fd); 1986 tls_crypto_info_init(variant->tls_version, variant->cipher_type, &tls12, 1); 1987 EXPECT_EQ(setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, tls12.len), 0); 1988 1989 EXPECT_EQ(send(self->fd, mem_send, send_len, 0), send_len); 1990 1991 EXPECT_EQ(splice(self->cfd, NULL, p[1], NULL, TLS_PAYLOAD_MAX_LEN, 0), send_len); 1992 EXPECT_EQ(read(p[0], mem_recv, send_len), send_len); 1993 EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0); 1994 1995 /* can't splice the KeyUpdate */ 1996 EXPECT_EQ(splice(self->cfd, NULL, p[1], NULL, TLS_PAYLOAD_MAX_LEN, 0), -1); 1997 EXPECT_EQ(errno, EINVAL); 1998 1999 /* peek KeyUpdate */ 2000 tls_recv_keyupdate(_metadata, self->cfd, MSG_PEEK); 2001 2002 /* get KeyUpdate */ 2003 tls_recv_keyupdate(_metadata, self->cfd, 0); 2004 2005 /* can't splice before updating the key */ 2006 EXPECT_EQ(splice(self->cfd, NULL, p[1], NULL, TLS_PAYLOAD_MAX_LEN, 0), -1); 2007 EXPECT_EQ(errno, EKEYEXPIRED); 2008 2009 /* update RX key */ 2010 EXPECT_EQ(setsockopt(self->cfd, SOL_TLS, TLS_RX, &tls12, tls12.len), 0); 2011 2012 EXPECT_EQ(splice(self->cfd, NULL, p[1], NULL, TLS_PAYLOAD_MAX_LEN, 0), send_len); 2013 EXPECT_EQ(read(p[0], mem_recv, send_len), send_len); 2014 EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0); 2015 } 2016 2017 TEST_F(tls, rekey_peek_splice) 2018 { 2019 char const *test_str_1 = "test_message_before_rekey"; 2020 struct tls_crypto_info_keys tls12; 2021 int send_len; 2022 char buf[100]; 2023 char mem_recv[TLS_PAYLOAD_MAX_LEN]; 2024 int p[2]; 2025 2026 if (variant->tls_version != TLS_1_3_VERSION) 2027 return; 2028 2029 ASSERT_GE(pipe(p), 0); 2030 2031 send_len = strlen(test_str_1) + 1; 2032 EXPECT_EQ(send(self->fd, test_str_1, send_len, 0), send_len); 2033 2034 /* update TX key */ 2035 tls_send_keyupdate(_metadata, self->fd); 2036 tls_crypto_info_init(variant->tls_version, variant->cipher_type, &tls12, 1); 2037 EXPECT_EQ(setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, tls12.len), 0); 2038 2039 EXPECT_EQ(recv(self->cfd, buf, sizeof(buf), MSG_PEEK), send_len); 2040 EXPECT_EQ(memcmp(buf, test_str_1, send_len), 0); 2041 2042 EXPECT_EQ(splice(self->cfd, NULL, p[1], NULL, TLS_PAYLOAD_MAX_LEN, 0), send_len); 2043 EXPECT_EQ(read(p[0], mem_recv, send_len), send_len); 2044 EXPECT_EQ(memcmp(mem_recv, test_str_1, send_len), 0); 2045 } 2046 2047 TEST_F(tls, rekey_getsockopt) 2048 { 2049 struct tls_crypto_info_keys tls12; 2050 struct tls_crypto_info_keys tls12_get; 2051 socklen_t len; 2052 2053 tls_crypto_info_init(variant->tls_version, variant->cipher_type, &tls12, 0); 2054 2055 len = tls12.len; 2056 EXPECT_EQ(getsockopt(self->fd, SOL_TLS, TLS_TX, &tls12_get, &len), 0); 2057 EXPECT_EQ(len, tls12.len); 2058 EXPECT_EQ(memcmp(&tls12_get, &tls12, tls12.len), 0); 2059 2060 len = tls12.len; 2061 EXPECT_EQ(getsockopt(self->cfd, SOL_TLS, TLS_RX, &tls12_get, &len), 0); 2062 EXPECT_EQ(len, tls12.len); 2063 EXPECT_EQ(memcmp(&tls12_get, &tls12, tls12.len), 0); 2064 2065 if (variant->tls_version != TLS_1_3_VERSION) 2066 return; 2067 2068 tls_send_keyupdate(_metadata, self->fd); 2069 tls_crypto_info_init(variant->tls_version, variant->cipher_type, &tls12, 1); 2070 EXPECT_EQ(setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, tls12.len), 0); 2071 2072 tls_recv_keyupdate(_metadata, self->cfd, 0); 2073 EXPECT_EQ(setsockopt(self->cfd, SOL_TLS, TLS_RX, &tls12, tls12.len), 0); 2074 2075 len = tls12.len; 2076 EXPECT_EQ(getsockopt(self->fd, SOL_TLS, TLS_TX, &tls12_get, &len), 0); 2077 EXPECT_EQ(len, tls12.len); 2078 EXPECT_EQ(memcmp(&tls12_get, &tls12, tls12.len), 0); 2079 2080 len = tls12.len; 2081 EXPECT_EQ(getsockopt(self->cfd, SOL_TLS, TLS_RX, &tls12_get, &len), 0); 2082 EXPECT_EQ(len, tls12.len); 2083 EXPECT_EQ(memcmp(&tls12_get, &tls12, tls12.len), 0); 2084 } 2085 2086 TEST_F(tls, rekey_poll_pending) 2087 { 2088 char const *test_str = "test_message_after_rekey"; 2089 struct tls_crypto_info_keys tls12; 2090 struct pollfd pfd = { }; 2091 int send_len; 2092 int ret; 2093 2094 if (variant->tls_version != TLS_1_3_VERSION) 2095 return; 2096 2097 /* update TX key */ 2098 tls_send_keyupdate(_metadata, self->fd); 2099 tls_crypto_info_init(variant->tls_version, variant->cipher_type, &tls12, 1); 2100 EXPECT_EQ(setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, tls12.len), 0); 2101 2102 /* get KeyUpdate */ 2103 tls_recv_keyupdate(_metadata, self->cfd, 0); 2104 2105 /* send immediately after rekey */ 2106 send_len = strlen(test_str) + 1; 2107 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 2108 2109 /* key hasn't been updated, expect cfd to be non-readable */ 2110 pfd.fd = self->cfd; 2111 pfd.events = POLLIN; 2112 EXPECT_EQ(poll(&pfd, 1, 0), 0); 2113 2114 ret = fork(); 2115 ASSERT_GE(ret, 0); 2116 2117 if (ret) { 2118 int pid2, status; 2119 2120 /* wait before installing the new key */ 2121 sleep(1); 2122 2123 /* update RX key while poll() is sleeping */ 2124 EXPECT_EQ(setsockopt(self->cfd, SOL_TLS, TLS_RX, &tls12, tls12.len), 0); 2125 2126 pid2 = wait(&status); 2127 EXPECT_EQ(pid2, ret); 2128 EXPECT_EQ(status, 0); 2129 } else { 2130 pfd.fd = self->cfd; 2131 pfd.events = POLLIN; 2132 EXPECT_EQ(poll(&pfd, 1, 5000), 1); 2133 2134 exit(!__test_passed(_metadata)); 2135 } 2136 } 2137 2138 TEST_F(tls, rekey_poll_delay) 2139 { 2140 char const *test_str = "test_message_after_rekey"; 2141 struct tls_crypto_info_keys tls12; 2142 struct pollfd pfd = { }; 2143 int send_len; 2144 int ret; 2145 2146 if (variant->tls_version != TLS_1_3_VERSION) 2147 return; 2148 2149 /* update TX key */ 2150 tls_send_keyupdate(_metadata, self->fd); 2151 tls_crypto_info_init(variant->tls_version, variant->cipher_type, &tls12, 1); 2152 EXPECT_EQ(setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, tls12.len), 0); 2153 2154 /* get KeyUpdate */ 2155 tls_recv_keyupdate(_metadata, self->cfd, 0); 2156 2157 ret = fork(); 2158 ASSERT_GE(ret, 0); 2159 2160 if (ret) { 2161 int pid2, status; 2162 2163 /* wait before installing the new key */ 2164 sleep(1); 2165 2166 /* update RX key while poll() is sleeping */ 2167 EXPECT_EQ(setsockopt(self->cfd, SOL_TLS, TLS_RX, &tls12, tls12.len), 0); 2168 2169 sleep(1); 2170 send_len = strlen(test_str) + 1; 2171 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 2172 2173 pid2 = wait(&status); 2174 EXPECT_EQ(pid2, ret); 2175 EXPECT_EQ(status, 0); 2176 } else { 2177 pfd.fd = self->cfd; 2178 pfd.events = POLLIN; 2179 EXPECT_EQ(poll(&pfd, 1, 5000), 1); 2180 exit(!__test_passed(_metadata)); 2181 } 2182 } 2183 2184 struct raw_rec { 2185 unsigned int plain_len; 2186 unsigned char plain_data[100]; 2187 unsigned int cipher_len; 2188 unsigned char cipher_data[128]; 2189 }; 2190 2191 /* TLS 1.2, AES_CCM, data, seqno:0, plaintext: 'Hello world' */ 2192 static const struct raw_rec id0_data_l11 = { 2193 .plain_len = 11, 2194 .plain_data = { 2195 0x48, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x77, 0x6f, 2196 0x72, 0x6c, 0x64, 2197 }, 2198 .cipher_len = 40, 2199 .cipher_data = { 2200 0x17, 0x03, 0x03, 0x00, 0x23, 0x00, 0x00, 0x00, 2201 0x00, 0x00, 0x00, 0x00, 0x00, 0x26, 0xa2, 0x33, 2202 0xde, 0x8d, 0x94, 0xf0, 0x29, 0x6c, 0xb1, 0xaf, 2203 0x6a, 0x75, 0xb2, 0x93, 0xad, 0x45, 0xd5, 0xfd, 2204 0x03, 0x51, 0x57, 0x8f, 0xf9, 0xcc, 0x3b, 0x42, 2205 }, 2206 }; 2207 2208 /* TLS 1.2, AES_CCM, ctrl, seqno:0, plaintext: '' */ 2209 static const struct raw_rec id0_ctrl_l0 = { 2210 .plain_len = 0, 2211 .plain_data = { 2212 }, 2213 .cipher_len = 29, 2214 .cipher_data = { 2215 0x16, 0x03, 0x03, 0x00, 0x18, 0x00, 0x00, 0x00, 2216 0x00, 0x00, 0x00, 0x00, 0x00, 0x13, 0x38, 0x7b, 2217 0xa6, 0x1c, 0xdd, 0xa7, 0x19, 0x33, 0xab, 0xae, 2218 0x88, 0xe1, 0xd2, 0x08, 0x4f, 2219 }, 2220 }; 2221 2222 /* TLS 1.2, AES_CCM, data, seqno:0, plaintext: '' */ 2223 static const struct raw_rec id0_data_l0 = { 2224 .plain_len = 0, 2225 .plain_data = { 2226 }, 2227 .cipher_len = 29, 2228 .cipher_data = { 2229 0x17, 0x03, 0x03, 0x00, 0x18, 0x00, 0x00, 0x00, 2230 0x00, 0x00, 0x00, 0x00, 0x00, 0xc5, 0x37, 0x90, 2231 0x70, 0x45, 0x89, 0xfb, 0x5c, 0xc7, 0x89, 0x03, 2232 0x68, 0x80, 0xd3, 0xd8, 0xcc, 2233 }, 2234 }; 2235 2236 /* TLS 1.2, AES_CCM, data, seqno:1, plaintext: 'Hello world' */ 2237 static const struct raw_rec id1_data_l11 = { 2238 .plain_len = 11, 2239 .plain_data = { 2240 0x48, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x77, 0x6f, 2241 0x72, 0x6c, 0x64, 2242 }, 2243 .cipher_len = 40, 2244 .cipher_data = { 2245 0x17, 0x03, 0x03, 0x00, 0x23, 0x00, 0x00, 0x00, 2246 0x00, 0x00, 0x00, 0x00, 0x01, 0x3a, 0x1a, 0x9c, 2247 0xd0, 0xa8, 0x9a, 0xd6, 0x69, 0xd6, 0x1a, 0xe3, 2248 0xb5, 0x1f, 0x0d, 0x2c, 0xe2, 0x97, 0x46, 0xff, 2249 0x2b, 0xcc, 0x5a, 0xc4, 0xa3, 0xb9, 0xef, 0xba, 2250 }, 2251 }; 2252 2253 /* TLS 1.2, AES_CCM, ctrl, seqno:1, plaintext: '' */ 2254 static const struct raw_rec id1_ctrl_l0 = { 2255 .plain_len = 0, 2256 .plain_data = { 2257 }, 2258 .cipher_len = 29, 2259 .cipher_data = { 2260 0x16, 0x03, 0x03, 0x00, 0x18, 0x00, 0x00, 0x00, 2261 0x00, 0x00, 0x00, 0x00, 0x01, 0x3e, 0xf0, 0xfe, 2262 0xee, 0xd9, 0xe2, 0x5d, 0xc7, 0x11, 0x4c, 0xe6, 2263 0xb4, 0x7e, 0xef, 0x40, 0x2b, 2264 }, 2265 }; 2266 2267 /* TLS 1.2, AES_CCM, data, seqno:1, plaintext: '' */ 2268 static const struct raw_rec id1_data_l0 = { 2269 .plain_len = 0, 2270 .plain_data = { 2271 }, 2272 .cipher_len = 29, 2273 .cipher_data = { 2274 0x17, 0x03, 0x03, 0x00, 0x18, 0x00, 0x00, 0x00, 2275 0x00, 0x00, 0x00, 0x00, 0x01, 0xce, 0xfc, 0x86, 2276 0xc8, 0xf0, 0x55, 0xf9, 0x47, 0x3f, 0x74, 0xdc, 2277 0xc9, 0xbf, 0xfe, 0x5b, 0xb1, 2278 }, 2279 }; 2280 2281 /* TLS 1.2, AES_CCM, ctrl, seqno:2, plaintext: 'Hello world' */ 2282 static const struct raw_rec id2_ctrl_l11 = { 2283 .plain_len = 11, 2284 .plain_data = { 2285 0x48, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x77, 0x6f, 2286 0x72, 0x6c, 0x64, 2287 }, 2288 .cipher_len = 40, 2289 .cipher_data = { 2290 0x16, 0x03, 0x03, 0x00, 0x23, 0x00, 0x00, 0x00, 2291 0x00, 0x00, 0x00, 0x00, 0x02, 0xe5, 0x3d, 0x19, 2292 0x3d, 0xca, 0xb8, 0x16, 0xb6, 0xff, 0x79, 0x87, 2293 0x2a, 0x04, 0x11, 0x3d, 0xf8, 0x64, 0x5f, 0x36, 2294 0x8b, 0xa8, 0xee, 0x4c, 0x6d, 0x62, 0xa5, 0x00, 2295 }, 2296 }; 2297 2298 /* TLS 1.2, AES_CCM, data, seqno:2, plaintext: 'Hello world' */ 2299 static const struct raw_rec id2_data_l11 = { 2300 .plain_len = 11, 2301 .plain_data = { 2302 0x48, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x77, 0x6f, 2303 0x72, 0x6c, 0x64, 2304 }, 2305 .cipher_len = 40, 2306 .cipher_data = { 2307 0x17, 0x03, 0x03, 0x00, 0x23, 0x00, 0x00, 0x00, 2308 0x00, 0x00, 0x00, 0x00, 0x02, 0xe5, 0x3d, 0x19, 2309 0x3d, 0xca, 0xb8, 0x16, 0xb6, 0xff, 0x79, 0x87, 2310 0x8e, 0xa1, 0xd0, 0xcd, 0x33, 0xb5, 0x86, 0x2b, 2311 0x17, 0xf1, 0x52, 0x2a, 0x55, 0x62, 0x65, 0x11, 2312 }, 2313 }; 2314 2315 /* TLS 1.2, AES_CCM, ctrl, seqno:2, plaintext: '' */ 2316 static const struct raw_rec id2_ctrl_l0 = { 2317 .plain_len = 0, 2318 .plain_data = { 2319 }, 2320 .cipher_len = 29, 2321 .cipher_data = { 2322 0x16, 0x03, 0x03, 0x00, 0x18, 0x00, 0x00, 0x00, 2323 0x00, 0x00, 0x00, 0x00, 0x02, 0xdc, 0x5c, 0x0e, 2324 0x41, 0xdd, 0xba, 0xd3, 0xcc, 0xcf, 0x6d, 0xd9, 2325 0x06, 0xdb, 0x79, 0xe5, 0x5d, 2326 }, 2327 }; 2328 2329 /* TLS 1.2, AES_CCM, data, seqno:2, plaintext: '' */ 2330 static const struct raw_rec id2_data_l0 = { 2331 .plain_len = 0, 2332 .plain_data = { 2333 }, 2334 .cipher_len = 29, 2335 .cipher_data = { 2336 0x17, 0x03, 0x03, 0x00, 0x18, 0x00, 0x00, 0x00, 2337 0x00, 0x00, 0x00, 0x00, 0x02, 0xc3, 0xca, 0x26, 2338 0x22, 0xe4, 0x25, 0xfb, 0x5f, 0x6d, 0xbf, 0x83, 2339 0x30, 0x48, 0x69, 0x1a, 0x47, 2340 }, 2341 }; 2342 2343 FIXTURE(zero_len) 2344 { 2345 int fd, cfd; 2346 bool notls; 2347 }; 2348 2349 FIXTURE_VARIANT(zero_len) 2350 { 2351 const struct raw_rec *recs[4]; 2352 ssize_t recv_ret[4]; 2353 }; 2354 2355 FIXTURE_VARIANT_ADD(zero_len, data_data_data) 2356 { 2357 .recs = { &id0_data_l11, &id1_data_l11, &id2_data_l11, }, 2358 .recv_ret = { 33, -EAGAIN, }, 2359 }; 2360 2361 FIXTURE_VARIANT_ADD(zero_len, data_0ctrl_data) 2362 { 2363 .recs = { &id0_data_l11, &id1_ctrl_l0, &id2_data_l11, }, 2364 .recv_ret = { 11, 0, 11, -EAGAIN, }, 2365 }; 2366 2367 FIXTURE_VARIANT_ADD(zero_len, 0data_0data_0data) 2368 { 2369 .recs = { &id0_data_l0, &id1_data_l0, &id2_data_l0, }, 2370 .recv_ret = { -EAGAIN, }, 2371 }; 2372 2373 FIXTURE_VARIANT_ADD(zero_len, 0data_0data_ctrl) 2374 { 2375 .recs = { &id0_data_l0, &id1_data_l0, &id2_ctrl_l11, }, 2376 .recv_ret = { 0, 11, -EAGAIN, }, 2377 }; 2378 2379 FIXTURE_VARIANT_ADD(zero_len, 0data_0data_0ctrl) 2380 { 2381 .recs = { &id0_data_l0, &id1_data_l0, &id2_ctrl_l0, }, 2382 .recv_ret = { 0, 0, -EAGAIN, }, 2383 }; 2384 2385 FIXTURE_VARIANT_ADD(zero_len, 0ctrl_0ctrl_0ctrl) 2386 { 2387 .recs = { &id0_ctrl_l0, &id1_ctrl_l0, &id2_ctrl_l0, }, 2388 .recv_ret = { 0, 0, 0, -EAGAIN, }, 2389 }; 2390 2391 FIXTURE_VARIANT_ADD(zero_len, 0data_0data_data) 2392 { 2393 .recs = { &id0_data_l0, &id1_data_l0, &id2_data_l11, }, 2394 .recv_ret = { 11, -EAGAIN, }, 2395 }; 2396 2397 FIXTURE_VARIANT_ADD(zero_len, data_0data_0data) 2398 { 2399 .recs = { &id0_data_l11, &id1_data_l0, &id2_data_l0, }, 2400 .recv_ret = { 11, -EAGAIN, }, 2401 }; 2402 2403 FIXTURE_SETUP(zero_len) 2404 { 2405 struct tls_crypto_info_keys tls12; 2406 int ret; 2407 2408 tls_crypto_info_init(TLS_1_2_VERSION, TLS_CIPHER_AES_CCM_128, 2409 &tls12, 0); 2410 2411 ulp_sock_pair(_metadata, &self->fd, &self->cfd, &self->notls); 2412 if (self->notls) 2413 return; 2414 2415 /* Don't install keys on fd, we'll send raw records */ 2416 ret = setsockopt(self->cfd, SOL_TLS, TLS_RX, &tls12, tls12.len); 2417 ASSERT_EQ(ret, 0); 2418 } 2419 2420 FIXTURE_TEARDOWN(zero_len) 2421 { 2422 close(self->fd); 2423 close(self->cfd); 2424 } 2425 2426 TEST_F(zero_len, test) 2427 { 2428 const struct raw_rec *const *rec; 2429 unsigned char buf[128]; 2430 int rec_off; 2431 int i; 2432 2433 for (i = 0; i < 4 && variant->recs[i]; i++) 2434 EXPECT_EQ(send(self->fd, variant->recs[i]->cipher_data, 2435 variant->recs[i]->cipher_len, 0), 2436 variant->recs[i]->cipher_len); 2437 2438 rec = &variant->recs[0]; 2439 rec_off = 0; 2440 for (i = 0; i < 4; i++) { 2441 int j, ret; 2442 2443 ret = variant->recv_ret[i] >= 0 ? variant->recv_ret[i] : -1; 2444 EXPECT_EQ(__tls_recv_cmsg(_metadata, self->cfd, NULL, 2445 buf, sizeof(buf), MSG_DONTWAIT), ret); 2446 if (ret == -1) 2447 EXPECT_EQ(errno, -variant->recv_ret[i]); 2448 if (variant->recv_ret[i] == -EAGAIN) 2449 break; 2450 2451 for (j = 0; j < ret; j++) { 2452 while (rec_off == (*rec)->plain_len) { 2453 rec++; 2454 rec_off = 0; 2455 } 2456 EXPECT_EQ(buf[j], (*rec)->plain_data[rec_off]); 2457 rec_off++; 2458 } 2459 } 2460 }; 2461 2462 FIXTURE(tls_err) 2463 { 2464 int fd, cfd; 2465 int fd2, cfd2; 2466 bool notls; 2467 }; 2468 2469 FIXTURE_VARIANT(tls_err) 2470 { 2471 uint16_t tls_version; 2472 }; 2473 2474 FIXTURE_VARIANT_ADD(tls_err, 12_aes_gcm) 2475 { 2476 .tls_version = TLS_1_2_VERSION, 2477 }; 2478 2479 FIXTURE_VARIANT_ADD(tls_err, 13_aes_gcm) 2480 { 2481 .tls_version = TLS_1_3_VERSION, 2482 }; 2483 2484 FIXTURE_SETUP(tls_err) 2485 { 2486 struct tls_crypto_info_keys tls12; 2487 int ret; 2488 2489 tls_crypto_info_init(variant->tls_version, TLS_CIPHER_AES_GCM_128, 2490 &tls12, 0); 2491 2492 ulp_sock_pair(_metadata, &self->fd, &self->cfd, &self->notls); 2493 ulp_sock_pair(_metadata, &self->fd2, &self->cfd2, &self->notls); 2494 if (self->notls) 2495 return; 2496 2497 ret = setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, tls12.len); 2498 ASSERT_EQ(ret, 0); 2499 2500 ret = setsockopt(self->cfd2, SOL_TLS, TLS_RX, &tls12, tls12.len); 2501 ASSERT_EQ(ret, 0); 2502 } 2503 2504 FIXTURE_TEARDOWN(tls_err) 2505 { 2506 close(self->fd); 2507 close(self->cfd); 2508 close(self->fd2); 2509 close(self->cfd2); 2510 } 2511 2512 TEST_F(tls_err, bad_rec) 2513 { 2514 char buf[64]; 2515 2516 if (self->notls) 2517 SKIP(return, "no TLS support"); 2518 2519 memset(buf, 0x55, sizeof(buf)); 2520 EXPECT_EQ(send(self->fd2, buf, sizeof(buf), 0), sizeof(buf)); 2521 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1); 2522 EXPECT_EQ(errno, EMSGSIZE); 2523 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), MSG_DONTWAIT), -1); 2524 EXPECT_EQ(errno, EAGAIN); 2525 } 2526 2527 TEST_F(tls_err, bad_auth) 2528 { 2529 char buf[128]; 2530 int n; 2531 2532 if (self->notls) 2533 SKIP(return, "no TLS support"); 2534 2535 memrnd(buf, sizeof(buf) / 2); 2536 EXPECT_EQ(send(self->fd, buf, sizeof(buf) / 2, 0), sizeof(buf) / 2); 2537 n = recv(self->cfd, buf, sizeof(buf), 0); 2538 EXPECT_GT(n, sizeof(buf) / 2); 2539 2540 buf[n - 1]++; 2541 2542 EXPECT_EQ(send(self->fd2, buf, n, 0), n); 2543 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1); 2544 EXPECT_EQ(errno, EBADMSG); 2545 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1); 2546 EXPECT_EQ(errno, EBADMSG); 2547 } 2548 2549 TEST_F(tls_err, bad_in_large_read) 2550 { 2551 char txt[3][64]; 2552 char cip[3][128]; 2553 char buf[3 * 128]; 2554 int i, n; 2555 2556 if (self->notls) 2557 SKIP(return, "no TLS support"); 2558 2559 /* Put 3 records in the sockets */ 2560 for (i = 0; i < 3; i++) { 2561 memrnd(txt[i], sizeof(txt[i])); 2562 EXPECT_EQ(send(self->fd, txt[i], sizeof(txt[i]), 0), 2563 sizeof(txt[i])); 2564 n = recv(self->cfd, cip[i], sizeof(cip[i]), 0); 2565 EXPECT_GT(n, sizeof(txt[i])); 2566 /* Break the third message */ 2567 if (i == 2) 2568 cip[2][n - 1]++; 2569 EXPECT_EQ(send(self->fd2, cip[i], n, 0), n); 2570 } 2571 2572 /* We should be able to receive the first two messages */ 2573 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), sizeof(txt[0]) * 2); 2574 EXPECT_EQ(memcmp(buf, txt[0], sizeof(txt[0])), 0); 2575 EXPECT_EQ(memcmp(buf + sizeof(txt[0]), txt[1], sizeof(txt[1])), 0); 2576 /* Third mesasge is bad */ 2577 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1); 2578 EXPECT_EQ(errno, EBADMSG); 2579 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1); 2580 EXPECT_EQ(errno, EBADMSG); 2581 } 2582 2583 TEST_F(tls_err, bad_cmsg) 2584 { 2585 char *test_str = "test_read"; 2586 int send_len = 10; 2587 char cip[128]; 2588 char buf[128]; 2589 char txt[64]; 2590 int n; 2591 2592 if (self->notls) 2593 SKIP(return, "no TLS support"); 2594 2595 /* Queue up one data record */ 2596 memrnd(txt, sizeof(txt)); 2597 EXPECT_EQ(send(self->fd, txt, sizeof(txt), 0), sizeof(txt)); 2598 n = recv(self->cfd, cip, sizeof(cip), 0); 2599 EXPECT_GT(n, sizeof(txt)); 2600 EXPECT_EQ(send(self->fd2, cip, n, 0), n); 2601 2602 EXPECT_EQ(tls_send_cmsg(self->fd, 100, test_str, send_len, 0), 10); 2603 n = recv(self->cfd, cip, sizeof(cip), 0); 2604 cip[n - 1]++; /* Break it */ 2605 EXPECT_GT(n, send_len); 2606 EXPECT_EQ(send(self->fd2, cip, n, 0), n); 2607 2608 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), sizeof(txt)); 2609 EXPECT_EQ(memcmp(buf, txt, sizeof(txt)), 0); 2610 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1); 2611 EXPECT_EQ(errno, EBADMSG); 2612 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1); 2613 EXPECT_EQ(errno, EBADMSG); 2614 } 2615 2616 TEST_F(tls_err, timeo) 2617 { 2618 struct timeval tv = { .tv_usec = 10000, }; 2619 char buf[128]; 2620 int ret; 2621 2622 if (self->notls) 2623 SKIP(return, "no TLS support"); 2624 2625 ret = setsockopt(self->cfd2, SOL_SOCKET, SO_RCVTIMEO, &tv, sizeof(tv)); 2626 ASSERT_EQ(ret, 0); 2627 2628 ret = fork(); 2629 ASSERT_GE(ret, 0); 2630 2631 if (ret) { 2632 usleep(1000); /* Give child a head start */ 2633 2634 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1); 2635 EXPECT_EQ(errno, EAGAIN); 2636 2637 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1); 2638 EXPECT_EQ(errno, EAGAIN); 2639 2640 wait(&ret); 2641 } else { 2642 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1); 2643 EXPECT_EQ(errno, EAGAIN); 2644 exit(0); 2645 } 2646 } 2647 2648 TEST_F(tls_err, poll_partial_rec) 2649 { 2650 struct pollfd pfd = { }; 2651 ssize_t rec_len; 2652 char rec[256]; 2653 char buf[128]; 2654 2655 if (self->notls) 2656 SKIP(return, "no TLS support"); 2657 2658 pfd.fd = self->cfd2; 2659 pfd.events = POLLIN; 2660 EXPECT_EQ(poll(&pfd, 1, 1), 0); 2661 2662 memrnd(buf, sizeof(buf)); 2663 EXPECT_EQ(send(self->fd, buf, sizeof(buf), 0), sizeof(buf)); 2664 rec_len = recv(self->cfd, rec, sizeof(rec), 0); 2665 EXPECT_GT(rec_len, sizeof(buf)); 2666 2667 /* Write 100B, not the full record ... */ 2668 EXPECT_EQ(send(self->fd2, rec, 100, 0), 100); 2669 /* ... no full record should mean no POLLIN */ 2670 pfd.fd = self->cfd2; 2671 pfd.events = POLLIN; 2672 EXPECT_EQ(poll(&pfd, 1, 1), 0); 2673 /* Now write the rest, and it should all pop out of the other end. */ 2674 EXPECT_EQ(send(self->fd2, rec + 100, rec_len - 100, 0), rec_len - 100); 2675 pfd.fd = self->cfd2; 2676 pfd.events = POLLIN; 2677 EXPECT_EQ(poll(&pfd, 1, 1), 1); 2678 EXPECT_EQ(recv(self->cfd2, rec, sizeof(rec), 0), sizeof(buf)); 2679 EXPECT_EQ(memcmp(buf, rec, sizeof(buf)), 0); 2680 } 2681 2682 TEST_F(tls_err, epoll_partial_rec) 2683 { 2684 struct epoll_event ev, events[10]; 2685 ssize_t rec_len; 2686 char rec[256]; 2687 char buf[128]; 2688 int epollfd; 2689 2690 if (self->notls) 2691 SKIP(return, "no TLS support"); 2692 2693 epollfd = epoll_create1(0); 2694 ASSERT_GE(epollfd, 0); 2695 2696 memset(&ev, 0, sizeof(ev)); 2697 ev.events = EPOLLIN; 2698 ev.data.fd = self->cfd2; 2699 ASSERT_GE(epoll_ctl(epollfd, EPOLL_CTL_ADD, self->cfd2, &ev), 0); 2700 2701 EXPECT_EQ(epoll_wait(epollfd, events, 10, 0), 0); 2702 2703 memrnd(buf, sizeof(buf)); 2704 EXPECT_EQ(send(self->fd, buf, sizeof(buf), 0), sizeof(buf)); 2705 rec_len = recv(self->cfd, rec, sizeof(rec), 0); 2706 EXPECT_GT(rec_len, sizeof(buf)); 2707 2708 /* Write 100B, not the full record ... */ 2709 EXPECT_EQ(send(self->fd2, rec, 100, 0), 100); 2710 /* ... no full record should mean no POLLIN */ 2711 EXPECT_EQ(epoll_wait(epollfd, events, 10, 0), 0); 2712 /* Now write the rest, and it should all pop out of the other end. */ 2713 EXPECT_EQ(send(self->fd2, rec + 100, rec_len - 100, 0), rec_len - 100); 2714 EXPECT_EQ(epoll_wait(epollfd, events, 10, 0), 1); 2715 EXPECT_EQ(recv(self->cfd2, rec, sizeof(rec), 0), sizeof(buf)); 2716 EXPECT_EQ(memcmp(buf, rec, sizeof(buf)), 0); 2717 2718 close(epollfd); 2719 } 2720 2721 TEST_F(tls_err, poll_partial_rec_async) 2722 { 2723 struct pollfd pfd = { }; 2724 ssize_t rec_len; 2725 char rec[256]; 2726 char buf[128]; 2727 char token; 2728 int p[2]; 2729 int ret; 2730 2731 if (self->notls) 2732 SKIP(return, "no TLS support"); 2733 2734 ASSERT_GE(pipe(p), 0); 2735 2736 memrnd(buf, sizeof(buf)); 2737 EXPECT_EQ(send(self->fd, buf, sizeof(buf), 0), sizeof(buf)); 2738 rec_len = recv(self->cfd, rec, sizeof(rec), 0); 2739 EXPECT_GT(rec_len, sizeof(buf)); 2740 2741 ret = fork(); 2742 ASSERT_GE(ret, 0); 2743 2744 if (ret) { 2745 int status, pid2; 2746 2747 close(p[1]); 2748 usleep(1000); /* Give child a head start */ 2749 2750 EXPECT_EQ(send(self->fd2, rec, 100, 0), 100); 2751 2752 EXPECT_EQ(read(p[0], &token, 1), 1); /* Barrier #1 */ 2753 2754 EXPECT_EQ(send(self->fd2, rec + 100, rec_len - 100, 0), 2755 rec_len - 100); 2756 2757 pid2 = wait(&status); 2758 EXPECT_EQ(pid2, ret); 2759 EXPECT_EQ(status, 0); 2760 } else { 2761 close(p[0]); 2762 2763 /* Child should sleep in poll(), never get a wake */ 2764 pfd.fd = self->cfd2; 2765 pfd.events = POLLIN; 2766 EXPECT_EQ(poll(&pfd, 1, 20), 0); 2767 2768 EXPECT_EQ(write(p[1], &token, 1), 1); /* Barrier #1 */ 2769 2770 pfd.fd = self->cfd2; 2771 pfd.events = POLLIN; 2772 EXPECT_EQ(poll(&pfd, 1, 20), 1); 2773 2774 exit(!__test_passed(_metadata)); 2775 } 2776 } 2777 2778 /* Use OOB+large send to trigger copy mode due to memory pressure. 2779 * OOB causes a short read. 2780 */ 2781 TEST_F(tls_err, oob_pressure) 2782 { 2783 char buf[1<<16]; 2784 int i; 2785 2786 memrnd(buf, sizeof(buf)); 2787 2788 EXPECT_EQ(send(self->fd2, buf, 5, MSG_OOB), 5); 2789 EXPECT_EQ(send(self->fd2, buf, sizeof(buf), 0), sizeof(buf)); 2790 for (i = 0; i < 64; i++) 2791 EXPECT_EQ(send(self->fd2, buf, 5, MSG_OOB), 5); 2792 } 2793 2794 TEST(non_established) { 2795 struct tls12_crypto_info_aes_gcm_256 tls12; 2796 struct sockaddr_in addr; 2797 int sfd, ret, fd; 2798 socklen_t len; 2799 2800 len = sizeof(addr); 2801 2802 memset(&tls12, 0, sizeof(tls12)); 2803 tls12.info.version = TLS_1_2_VERSION; 2804 tls12.info.cipher_type = TLS_CIPHER_AES_GCM_256; 2805 2806 addr.sin_family = AF_INET; 2807 addr.sin_addr.s_addr = htonl(INADDR_ANY); 2808 addr.sin_port = 0; 2809 2810 fd = socket(AF_INET, SOCK_STREAM, 0); 2811 sfd = socket(AF_INET, SOCK_STREAM, 0); 2812 2813 ret = bind(sfd, &addr, sizeof(addr)); 2814 ASSERT_EQ(ret, 0); 2815 ret = listen(sfd, 10); 2816 ASSERT_EQ(ret, 0); 2817 2818 ret = setsockopt(fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")); 2819 EXPECT_EQ(ret, -1); 2820 /* TLS ULP not supported */ 2821 if (errno == ENOENT) 2822 return; 2823 EXPECT_EQ(errno, ENOTCONN); 2824 2825 ret = setsockopt(sfd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")); 2826 EXPECT_EQ(ret, -1); 2827 EXPECT_EQ(errno, ENOTCONN); 2828 2829 ret = getsockname(sfd, &addr, &len); 2830 ASSERT_EQ(ret, 0); 2831 2832 ret = connect(fd, &addr, sizeof(addr)); 2833 ASSERT_EQ(ret, 0); 2834 2835 ret = setsockopt(fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")); 2836 ASSERT_EQ(ret, 0); 2837 2838 ret = setsockopt(fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")); 2839 EXPECT_EQ(ret, -1); 2840 EXPECT_EQ(errno, EEXIST); 2841 2842 close(fd); 2843 close(sfd); 2844 } 2845 2846 TEST(keysizes) { 2847 struct tls12_crypto_info_aes_gcm_256 tls12; 2848 int ret, fd, cfd; 2849 bool notls; 2850 2851 memset(&tls12, 0, sizeof(tls12)); 2852 tls12.info.version = TLS_1_2_VERSION; 2853 tls12.info.cipher_type = TLS_CIPHER_AES_GCM_256; 2854 2855 ulp_sock_pair(_metadata, &fd, &cfd, ¬ls); 2856 2857 if (!notls) { 2858 ret = setsockopt(fd, SOL_TLS, TLS_TX, &tls12, 2859 sizeof(tls12)); 2860 EXPECT_EQ(ret, 0); 2861 2862 ret = setsockopt(cfd, SOL_TLS, TLS_RX, &tls12, 2863 sizeof(tls12)); 2864 EXPECT_EQ(ret, 0); 2865 } 2866 2867 close(fd); 2868 close(cfd); 2869 } 2870 2871 TEST(no_pad) { 2872 struct tls12_crypto_info_aes_gcm_256 tls12; 2873 int ret, fd, cfd, val; 2874 socklen_t len; 2875 bool notls; 2876 2877 memset(&tls12, 0, sizeof(tls12)); 2878 tls12.info.version = TLS_1_3_VERSION; 2879 tls12.info.cipher_type = TLS_CIPHER_AES_GCM_256; 2880 2881 ulp_sock_pair(_metadata, &fd, &cfd, ¬ls); 2882 2883 if (notls) 2884 exit(KSFT_SKIP); 2885 2886 ret = setsockopt(fd, SOL_TLS, TLS_TX, &tls12, sizeof(tls12)); 2887 EXPECT_EQ(ret, 0); 2888 2889 ret = setsockopt(cfd, SOL_TLS, TLS_RX, &tls12, sizeof(tls12)); 2890 EXPECT_EQ(ret, 0); 2891 2892 val = 1; 2893 ret = setsockopt(cfd, SOL_TLS, TLS_RX_EXPECT_NO_PAD, 2894 (void *)&val, sizeof(val)); 2895 EXPECT_EQ(ret, 0); 2896 2897 len = sizeof(val); 2898 val = 2; 2899 ret = getsockopt(cfd, SOL_TLS, TLS_RX_EXPECT_NO_PAD, 2900 (void *)&val, &len); 2901 EXPECT_EQ(ret, 0); 2902 EXPECT_EQ(val, 1); 2903 EXPECT_EQ(len, 4); 2904 2905 val = 0; 2906 ret = setsockopt(cfd, SOL_TLS, TLS_RX_EXPECT_NO_PAD, 2907 (void *)&val, sizeof(val)); 2908 EXPECT_EQ(ret, 0); 2909 2910 len = sizeof(val); 2911 val = 2; 2912 ret = getsockopt(cfd, SOL_TLS, TLS_RX_EXPECT_NO_PAD, 2913 (void *)&val, &len); 2914 EXPECT_EQ(ret, 0); 2915 EXPECT_EQ(val, 0); 2916 EXPECT_EQ(len, 4); 2917 2918 close(fd); 2919 close(cfd); 2920 } 2921 2922 TEST(tls_v6ops) { 2923 struct tls_crypto_info_keys tls12; 2924 struct sockaddr_in6 addr, addr2; 2925 int sfd, ret, fd; 2926 socklen_t len, len2; 2927 2928 tls_crypto_info_init(TLS_1_2_VERSION, TLS_CIPHER_AES_GCM_128, &tls12, 0); 2929 2930 addr.sin6_family = AF_INET6; 2931 addr.sin6_addr = in6addr_any; 2932 addr.sin6_port = 0; 2933 2934 fd = socket(AF_INET6, SOCK_STREAM, 0); 2935 sfd = socket(AF_INET6, SOCK_STREAM, 0); 2936 2937 ret = bind(sfd, &addr, sizeof(addr)); 2938 ASSERT_EQ(ret, 0); 2939 ret = listen(sfd, 10); 2940 ASSERT_EQ(ret, 0); 2941 2942 len = sizeof(addr); 2943 ret = getsockname(sfd, &addr, &len); 2944 ASSERT_EQ(ret, 0); 2945 2946 ret = connect(fd, &addr, sizeof(addr)); 2947 ASSERT_EQ(ret, 0); 2948 2949 len = sizeof(addr); 2950 ret = getsockname(fd, &addr, &len); 2951 ASSERT_EQ(ret, 0); 2952 2953 ret = setsockopt(fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")); 2954 if (ret) { 2955 ASSERT_EQ(errno, ENOENT); 2956 SKIP(return, "no TLS support"); 2957 } 2958 ASSERT_EQ(ret, 0); 2959 2960 ret = setsockopt(fd, SOL_TLS, TLS_TX, &tls12, tls12.len); 2961 ASSERT_EQ(ret, 0); 2962 2963 ret = setsockopt(fd, SOL_TLS, TLS_RX, &tls12, tls12.len); 2964 ASSERT_EQ(ret, 0); 2965 2966 len2 = sizeof(addr2); 2967 ret = getsockname(fd, &addr2, &len2); 2968 ASSERT_EQ(ret, 0); 2969 2970 EXPECT_EQ(len2, len); 2971 EXPECT_EQ(memcmp(&addr, &addr2, len), 0); 2972 2973 close(fd); 2974 close(sfd); 2975 } 2976 2977 TEST(prequeue) { 2978 struct tls_crypto_info_keys tls12; 2979 char buf[20000], buf2[20000]; 2980 struct sockaddr_in addr; 2981 int sfd, cfd, ret, fd; 2982 socklen_t len; 2983 2984 len = sizeof(addr); 2985 memrnd(buf, sizeof(buf)); 2986 2987 tls_crypto_info_init(TLS_1_2_VERSION, TLS_CIPHER_AES_GCM_256, &tls12, 0); 2988 2989 addr.sin_family = AF_INET; 2990 addr.sin_addr.s_addr = htonl(INADDR_ANY); 2991 addr.sin_port = 0; 2992 2993 fd = socket(AF_INET, SOCK_STREAM, 0); 2994 sfd = socket(AF_INET, SOCK_STREAM, 0); 2995 2996 ASSERT_EQ(bind(sfd, &addr, sizeof(addr)), 0); 2997 ASSERT_EQ(listen(sfd, 10), 0); 2998 ASSERT_EQ(getsockname(sfd, &addr, &len), 0); 2999 ASSERT_EQ(connect(fd, &addr, sizeof(addr)), 0); 3000 ASSERT_GE(cfd = accept(sfd, &addr, &len), 0); 3001 close(sfd); 3002 3003 ret = setsockopt(fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")); 3004 if (ret) { 3005 ASSERT_EQ(errno, ENOENT); 3006 SKIP(return, "no TLS support"); 3007 } 3008 3009 ASSERT_EQ(setsockopt(fd, SOL_TLS, TLS_TX, &tls12, tls12.len), 0); 3010 EXPECT_EQ(send(fd, buf, sizeof(buf), MSG_DONTWAIT), sizeof(buf)); 3011 3012 ASSERT_EQ(setsockopt(cfd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")), 0); 3013 ASSERT_EQ(setsockopt(cfd, SOL_TLS, TLS_RX, &tls12, tls12.len), 0); 3014 EXPECT_EQ(recv(cfd, buf2, sizeof(buf2), MSG_WAITALL), sizeof(buf2)); 3015 3016 EXPECT_EQ(memcmp(buf, buf2, sizeof(buf)), 0); 3017 3018 close(fd); 3019 close(cfd); 3020 } 3021 3022 TEST(data_steal) { 3023 struct tls_crypto_info_keys tls; 3024 char buf[20000], buf2[20000]; 3025 struct sockaddr_in addr; 3026 int sfd, cfd, ret, fd; 3027 int pid, status; 3028 socklen_t len; 3029 3030 len = sizeof(addr); 3031 memrnd(buf, sizeof(buf)); 3032 3033 tls_crypto_info_init(TLS_1_2_VERSION, TLS_CIPHER_AES_GCM_256, &tls, 0); 3034 3035 addr.sin_family = AF_INET; 3036 addr.sin_addr.s_addr = htonl(INADDR_ANY); 3037 addr.sin_port = 0; 3038 3039 fd = socket(AF_INET, SOCK_STREAM, 0); 3040 sfd = socket(AF_INET, SOCK_STREAM, 0); 3041 3042 ASSERT_EQ(bind(sfd, &addr, sizeof(addr)), 0); 3043 ASSERT_EQ(listen(sfd, 10), 0); 3044 ASSERT_EQ(getsockname(sfd, &addr, &len), 0); 3045 ASSERT_EQ(connect(fd, &addr, sizeof(addr)), 0); 3046 ASSERT_GE(cfd = accept(sfd, &addr, &len), 0); 3047 close(sfd); 3048 3049 ret = setsockopt(fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")); 3050 if (ret) { 3051 ASSERT_EQ(errno, ENOENT); 3052 SKIP(return, "no TLS support"); 3053 } 3054 ASSERT_EQ(setsockopt(cfd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")), 0); 3055 3056 /* Spawn a child and get it into the read wait path of the underlying 3057 * TCP socket. 3058 */ 3059 pid = fork(); 3060 ASSERT_GE(pid, 0); 3061 if (!pid) { 3062 EXPECT_EQ(recv(cfd, buf, sizeof(buf) / 2, MSG_WAITALL), 3063 sizeof(buf) / 2); 3064 exit(!__test_passed(_metadata)); 3065 } 3066 3067 usleep(10000); 3068 ASSERT_EQ(setsockopt(fd, SOL_TLS, TLS_TX, &tls, tls.len), 0); 3069 ASSERT_EQ(setsockopt(cfd, SOL_TLS, TLS_RX, &tls, tls.len), 0); 3070 3071 EXPECT_EQ(send(fd, buf, sizeof(buf), 0), sizeof(buf)); 3072 EXPECT_EQ(wait(&status), pid); 3073 EXPECT_EQ(status, 0); 3074 EXPECT_EQ(recv(cfd, buf2, sizeof(buf2), MSG_DONTWAIT), -1); 3075 /* Don't check errno, the error will be different depending 3076 * on what random bytes TLS interpreted as the record length. 3077 */ 3078 3079 close(fd); 3080 close(cfd); 3081 } 3082 3083 static void __attribute__((constructor)) fips_check(void) { 3084 int res; 3085 FILE *f; 3086 3087 f = fopen("/proc/sys/crypto/fips_enabled", "r"); 3088 if (f) { 3089 res = fscanf(f, "%d", &fips_enabled); 3090 if (res != 1) 3091 ksft_print_msg("ERROR: Couldn't read /proc/sys/crypto/fips_enabled\n"); 3092 fclose(f); 3093 } 3094 } 3095 3096 TEST_HARNESS_MAIN 3097