1 // SPDX-License-Identifier: GPL-2.0 2 3 #define _GNU_SOURCE 4 5 #include <arpa/inet.h> 6 #include <errno.h> 7 #include <error.h> 8 #include <fcntl.h> 9 #include <poll.h> 10 #include <stdio.h> 11 #include <stdlib.h> 12 #include <unistd.h> 13 14 #include <linux/tls.h> 15 #include <linux/tcp.h> 16 #include <linux/socket.h> 17 18 #include <sys/epoll.h> 19 #include <sys/types.h> 20 #include <sys/sendfile.h> 21 #include <sys/socket.h> 22 #include <sys/stat.h> 23 24 #include "../kselftest_harness.h" 25 26 #define TLS_PAYLOAD_MAX_LEN 16384 27 #define SOL_TLS 282 28 29 static int fips_enabled; 30 31 struct tls_crypto_info_keys { 32 union { 33 struct tls_crypto_info crypto_info; 34 struct tls12_crypto_info_aes_gcm_128 aes128; 35 struct tls12_crypto_info_chacha20_poly1305 chacha20; 36 struct tls12_crypto_info_sm4_gcm sm4gcm; 37 struct tls12_crypto_info_sm4_ccm sm4ccm; 38 struct tls12_crypto_info_aes_ccm_128 aesccm128; 39 struct tls12_crypto_info_aes_gcm_256 aesgcm256; 40 struct tls12_crypto_info_aria_gcm_128 ariagcm128; 41 struct tls12_crypto_info_aria_gcm_256 ariagcm256; 42 }; 43 size_t len; 44 }; 45 46 static void tls_crypto_info_init(uint16_t tls_version, uint16_t cipher_type, 47 struct tls_crypto_info_keys *tls12) 48 { 49 memset(tls12, 0, sizeof(*tls12)); 50 51 switch (cipher_type) { 52 case TLS_CIPHER_CHACHA20_POLY1305: 53 tls12->len = sizeof(struct tls12_crypto_info_chacha20_poly1305); 54 tls12->chacha20.info.version = tls_version; 55 tls12->chacha20.info.cipher_type = cipher_type; 56 break; 57 case TLS_CIPHER_AES_GCM_128: 58 tls12->len = sizeof(struct tls12_crypto_info_aes_gcm_128); 59 tls12->aes128.info.version = tls_version; 60 tls12->aes128.info.cipher_type = cipher_type; 61 break; 62 case TLS_CIPHER_SM4_GCM: 63 tls12->len = sizeof(struct tls12_crypto_info_sm4_gcm); 64 tls12->sm4gcm.info.version = tls_version; 65 tls12->sm4gcm.info.cipher_type = cipher_type; 66 break; 67 case TLS_CIPHER_SM4_CCM: 68 tls12->len = sizeof(struct tls12_crypto_info_sm4_ccm); 69 tls12->sm4ccm.info.version = tls_version; 70 tls12->sm4ccm.info.cipher_type = cipher_type; 71 break; 72 case TLS_CIPHER_AES_CCM_128: 73 tls12->len = sizeof(struct tls12_crypto_info_aes_ccm_128); 74 tls12->aesccm128.info.version = tls_version; 75 tls12->aesccm128.info.cipher_type = cipher_type; 76 break; 77 case TLS_CIPHER_AES_GCM_256: 78 tls12->len = sizeof(struct tls12_crypto_info_aes_gcm_256); 79 tls12->aesgcm256.info.version = tls_version; 80 tls12->aesgcm256.info.cipher_type = cipher_type; 81 break; 82 case TLS_CIPHER_ARIA_GCM_128: 83 tls12->len = sizeof(struct tls12_crypto_info_aria_gcm_128); 84 tls12->ariagcm128.info.version = tls_version; 85 tls12->ariagcm128.info.cipher_type = cipher_type; 86 break; 87 case TLS_CIPHER_ARIA_GCM_256: 88 tls12->len = sizeof(struct tls12_crypto_info_aria_gcm_256); 89 tls12->ariagcm256.info.version = tls_version; 90 tls12->ariagcm256.info.cipher_type = cipher_type; 91 break; 92 default: 93 break; 94 } 95 } 96 97 static void memrnd(void *s, size_t n) 98 { 99 int *dword = s; 100 char *byte; 101 102 for (; n >= 4; n -= 4) 103 *dword++ = rand(); 104 byte = (void *)dword; 105 while (n--) 106 *byte++ = rand(); 107 } 108 109 static void ulp_sock_pair(struct __test_metadata *_metadata, 110 int *fd, int *cfd, bool *notls) 111 { 112 struct sockaddr_in addr; 113 socklen_t len; 114 int sfd, ret; 115 116 *notls = false; 117 len = sizeof(addr); 118 119 addr.sin_family = AF_INET; 120 addr.sin_addr.s_addr = htonl(INADDR_ANY); 121 addr.sin_port = 0; 122 123 *fd = socket(AF_INET, SOCK_STREAM, 0); 124 sfd = socket(AF_INET, SOCK_STREAM, 0); 125 126 ret = bind(sfd, &addr, sizeof(addr)); 127 ASSERT_EQ(ret, 0); 128 ret = listen(sfd, 10); 129 ASSERT_EQ(ret, 0); 130 131 ret = getsockname(sfd, &addr, &len); 132 ASSERT_EQ(ret, 0); 133 134 ret = connect(*fd, &addr, sizeof(addr)); 135 ASSERT_EQ(ret, 0); 136 137 *cfd = accept(sfd, &addr, &len); 138 ASSERT_GE(*cfd, 0); 139 140 close(sfd); 141 142 ret = setsockopt(*fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")); 143 if (ret != 0) { 144 ASSERT_EQ(errno, ENOENT); 145 *notls = true; 146 printf("Failure setting TCP_ULP, testing without tls\n"); 147 return; 148 } 149 150 ret = setsockopt(*cfd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")); 151 ASSERT_EQ(ret, 0); 152 } 153 154 /* Produce a basic cmsg */ 155 static int tls_send_cmsg(int fd, unsigned char record_type, 156 void *data, size_t len, int flags) 157 { 158 char cbuf[CMSG_SPACE(sizeof(char))]; 159 int cmsg_len = sizeof(char); 160 struct cmsghdr *cmsg; 161 struct msghdr msg; 162 struct iovec vec; 163 164 vec.iov_base = data; 165 vec.iov_len = len; 166 memset(&msg, 0, sizeof(struct msghdr)); 167 msg.msg_iov = &vec; 168 msg.msg_iovlen = 1; 169 msg.msg_control = cbuf; 170 msg.msg_controllen = sizeof(cbuf); 171 cmsg = CMSG_FIRSTHDR(&msg); 172 cmsg->cmsg_level = SOL_TLS; 173 /* test sending non-record types. */ 174 cmsg->cmsg_type = TLS_SET_RECORD_TYPE; 175 cmsg->cmsg_len = CMSG_LEN(cmsg_len); 176 *CMSG_DATA(cmsg) = record_type; 177 msg.msg_controllen = cmsg->cmsg_len; 178 179 return sendmsg(fd, &msg, flags); 180 } 181 182 static int tls_recv_cmsg(struct __test_metadata *_metadata, 183 int fd, unsigned char record_type, 184 void *data, size_t len, int flags) 185 { 186 char cbuf[CMSG_SPACE(sizeof(char))]; 187 struct cmsghdr *cmsg; 188 unsigned char ctype; 189 struct msghdr msg; 190 struct iovec vec; 191 int n; 192 193 vec.iov_base = data; 194 vec.iov_len = len; 195 memset(&msg, 0, sizeof(struct msghdr)); 196 msg.msg_iov = &vec; 197 msg.msg_iovlen = 1; 198 msg.msg_control = cbuf; 199 msg.msg_controllen = sizeof(cbuf); 200 201 n = recvmsg(fd, &msg, flags); 202 203 cmsg = CMSG_FIRSTHDR(&msg); 204 EXPECT_NE(cmsg, NULL); 205 EXPECT_EQ(cmsg->cmsg_level, SOL_TLS); 206 EXPECT_EQ(cmsg->cmsg_type, TLS_GET_RECORD_TYPE); 207 ctype = *((unsigned char *)CMSG_DATA(cmsg)); 208 EXPECT_EQ(ctype, record_type); 209 210 return n; 211 } 212 213 FIXTURE(tls_basic) 214 { 215 int fd, cfd; 216 bool notls; 217 }; 218 219 FIXTURE_SETUP(tls_basic) 220 { 221 ulp_sock_pair(_metadata, &self->fd, &self->cfd, &self->notls); 222 } 223 224 FIXTURE_TEARDOWN(tls_basic) 225 { 226 close(self->fd); 227 close(self->cfd); 228 } 229 230 /* Send some data through with ULP but no keys */ 231 TEST_F(tls_basic, base_base) 232 { 233 char const *test_str = "test_read"; 234 int send_len = 10; 235 char buf[10]; 236 237 ASSERT_EQ(strlen(test_str) + 1, send_len); 238 239 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 240 EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1); 241 EXPECT_EQ(memcmp(buf, test_str, send_len), 0); 242 }; 243 244 TEST_F(tls_basic, bad_cipher) 245 { 246 struct tls_crypto_info_keys tls12; 247 248 tls12.crypto_info.version = 200; 249 tls12.crypto_info.cipher_type = TLS_CIPHER_AES_GCM_128; 250 EXPECT_EQ(setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, sizeof(struct tls12_crypto_info_aes_gcm_128)), -1); 251 252 tls12.crypto_info.version = TLS_1_2_VERSION; 253 tls12.crypto_info.cipher_type = 50; 254 EXPECT_EQ(setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, sizeof(struct tls12_crypto_info_aes_gcm_128)), -1); 255 256 tls12.crypto_info.version = TLS_1_2_VERSION; 257 tls12.crypto_info.cipher_type = 59; 258 EXPECT_EQ(setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, sizeof(struct tls12_crypto_info_aes_gcm_128)), -1); 259 260 tls12.crypto_info.version = TLS_1_2_VERSION; 261 tls12.crypto_info.cipher_type = 10; 262 EXPECT_EQ(setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, sizeof(struct tls12_crypto_info_aes_gcm_128)), -1); 263 264 tls12.crypto_info.version = TLS_1_2_VERSION; 265 tls12.crypto_info.cipher_type = 70; 266 EXPECT_EQ(setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, sizeof(struct tls12_crypto_info_aes_gcm_128)), -1); 267 } 268 269 TEST_F(tls_basic, recseq_wrap) 270 { 271 struct tls_crypto_info_keys tls12; 272 char const *test_str = "test_read"; 273 int send_len = 10; 274 275 if (self->notls) 276 SKIP(return, "no TLS support"); 277 278 tls_crypto_info_init(TLS_1_2_VERSION, TLS_CIPHER_AES_GCM_128, &tls12); 279 memset(&tls12.aes128.rec_seq, 0xff, sizeof(tls12.aes128.rec_seq)); 280 281 ASSERT_EQ(setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, tls12.len), 0); 282 ASSERT_EQ(setsockopt(self->cfd, SOL_TLS, TLS_RX, &tls12, tls12.len), 0); 283 284 EXPECT_EQ(send(self->fd, test_str, send_len, 0), -1); 285 EXPECT_EQ(errno, EBADMSG); 286 } 287 288 FIXTURE(tls) 289 { 290 int fd, cfd; 291 bool notls; 292 }; 293 294 FIXTURE_VARIANT(tls) 295 { 296 uint16_t tls_version; 297 uint16_t cipher_type; 298 bool nopad, fips_non_compliant; 299 }; 300 301 FIXTURE_VARIANT_ADD(tls, 12_aes_gcm) 302 { 303 .tls_version = TLS_1_2_VERSION, 304 .cipher_type = TLS_CIPHER_AES_GCM_128, 305 }; 306 307 FIXTURE_VARIANT_ADD(tls, 13_aes_gcm) 308 { 309 .tls_version = TLS_1_3_VERSION, 310 .cipher_type = TLS_CIPHER_AES_GCM_128, 311 }; 312 313 FIXTURE_VARIANT_ADD(tls, 12_chacha) 314 { 315 .tls_version = TLS_1_2_VERSION, 316 .cipher_type = TLS_CIPHER_CHACHA20_POLY1305, 317 .fips_non_compliant = true, 318 }; 319 320 FIXTURE_VARIANT_ADD(tls, 13_chacha) 321 { 322 .tls_version = TLS_1_3_VERSION, 323 .cipher_type = TLS_CIPHER_CHACHA20_POLY1305, 324 .fips_non_compliant = true, 325 }; 326 327 FIXTURE_VARIANT_ADD(tls, 13_sm4_gcm) 328 { 329 .tls_version = TLS_1_3_VERSION, 330 .cipher_type = TLS_CIPHER_SM4_GCM, 331 .fips_non_compliant = true, 332 }; 333 334 FIXTURE_VARIANT_ADD(tls, 13_sm4_ccm) 335 { 336 .tls_version = TLS_1_3_VERSION, 337 .cipher_type = TLS_CIPHER_SM4_CCM, 338 .fips_non_compliant = true, 339 }; 340 341 FIXTURE_VARIANT_ADD(tls, 12_aes_ccm) 342 { 343 .tls_version = TLS_1_2_VERSION, 344 .cipher_type = TLS_CIPHER_AES_CCM_128, 345 }; 346 347 FIXTURE_VARIANT_ADD(tls, 13_aes_ccm) 348 { 349 .tls_version = TLS_1_3_VERSION, 350 .cipher_type = TLS_CIPHER_AES_CCM_128, 351 }; 352 353 FIXTURE_VARIANT_ADD(tls, 12_aes_gcm_256) 354 { 355 .tls_version = TLS_1_2_VERSION, 356 .cipher_type = TLS_CIPHER_AES_GCM_256, 357 }; 358 359 FIXTURE_VARIANT_ADD(tls, 13_aes_gcm_256) 360 { 361 .tls_version = TLS_1_3_VERSION, 362 .cipher_type = TLS_CIPHER_AES_GCM_256, 363 }; 364 365 FIXTURE_VARIANT_ADD(tls, 13_nopad) 366 { 367 .tls_version = TLS_1_3_VERSION, 368 .cipher_type = TLS_CIPHER_AES_GCM_128, 369 .nopad = true, 370 }; 371 372 FIXTURE_VARIANT_ADD(tls, 12_aria_gcm) 373 { 374 .tls_version = TLS_1_2_VERSION, 375 .cipher_type = TLS_CIPHER_ARIA_GCM_128, 376 }; 377 378 FIXTURE_VARIANT_ADD(tls, 12_aria_gcm_256) 379 { 380 .tls_version = TLS_1_2_VERSION, 381 .cipher_type = TLS_CIPHER_ARIA_GCM_256, 382 }; 383 384 FIXTURE_SETUP(tls) 385 { 386 struct tls_crypto_info_keys tls12; 387 int one = 1; 388 int ret; 389 390 if (fips_enabled && variant->fips_non_compliant) 391 SKIP(return, "Unsupported cipher in FIPS mode"); 392 393 tls_crypto_info_init(variant->tls_version, variant->cipher_type, 394 &tls12); 395 396 ulp_sock_pair(_metadata, &self->fd, &self->cfd, &self->notls); 397 398 if (self->notls) 399 return; 400 401 ret = setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, tls12.len); 402 ASSERT_EQ(ret, 0); 403 404 ret = setsockopt(self->cfd, SOL_TLS, TLS_RX, &tls12, tls12.len); 405 ASSERT_EQ(ret, 0); 406 407 if (variant->nopad) { 408 ret = setsockopt(self->cfd, SOL_TLS, TLS_RX_EXPECT_NO_PAD, 409 (void *)&one, sizeof(one)); 410 ASSERT_EQ(ret, 0); 411 } 412 } 413 414 FIXTURE_TEARDOWN(tls) 415 { 416 close(self->fd); 417 close(self->cfd); 418 } 419 420 TEST_F(tls, sendfile) 421 { 422 int filefd = open("/proc/self/exe", O_RDONLY); 423 struct stat st; 424 425 EXPECT_GE(filefd, 0); 426 fstat(filefd, &st); 427 EXPECT_GE(sendfile(self->fd, filefd, 0, st.st_size), 0); 428 } 429 430 TEST_F(tls, send_then_sendfile) 431 { 432 int filefd = open("/proc/self/exe", O_RDONLY); 433 char const *test_str = "test_send"; 434 int to_send = strlen(test_str) + 1; 435 char recv_buf[10]; 436 struct stat st; 437 char *buf; 438 439 EXPECT_GE(filefd, 0); 440 fstat(filefd, &st); 441 buf = (char *)malloc(st.st_size); 442 443 EXPECT_EQ(send(self->fd, test_str, to_send, 0), to_send); 444 EXPECT_EQ(recv(self->cfd, recv_buf, to_send, MSG_WAITALL), to_send); 445 EXPECT_EQ(memcmp(test_str, recv_buf, to_send), 0); 446 447 EXPECT_GE(sendfile(self->fd, filefd, 0, st.st_size), 0); 448 EXPECT_EQ(recv(self->cfd, buf, st.st_size, MSG_WAITALL), st.st_size); 449 } 450 451 static void chunked_sendfile(struct __test_metadata *_metadata, 452 struct _test_data_tls *self, 453 uint16_t chunk_size, 454 uint16_t extra_payload_size) 455 { 456 char buf[TLS_PAYLOAD_MAX_LEN]; 457 uint16_t test_payload_size; 458 int size = 0; 459 int ret; 460 char filename[] = "/tmp/mytemp.XXXXXX"; 461 int fd = mkstemp(filename); 462 off_t offset = 0; 463 464 unlink(filename); 465 ASSERT_GE(fd, 0); 466 EXPECT_GE(chunk_size, 1); 467 test_payload_size = chunk_size + extra_payload_size; 468 ASSERT_GE(TLS_PAYLOAD_MAX_LEN, test_payload_size); 469 memset(buf, 1, test_payload_size); 470 size = write(fd, buf, test_payload_size); 471 EXPECT_EQ(size, test_payload_size); 472 fsync(fd); 473 474 while (size > 0) { 475 ret = sendfile(self->fd, fd, &offset, chunk_size); 476 EXPECT_GE(ret, 0); 477 size -= ret; 478 } 479 480 EXPECT_EQ(recv(self->cfd, buf, test_payload_size, MSG_WAITALL), 481 test_payload_size); 482 483 close(fd); 484 } 485 486 TEST_F(tls, multi_chunk_sendfile) 487 { 488 chunked_sendfile(_metadata, self, 4096, 4096); 489 chunked_sendfile(_metadata, self, 4096, 0); 490 chunked_sendfile(_metadata, self, 4096, 1); 491 chunked_sendfile(_metadata, self, 4096, 2048); 492 chunked_sendfile(_metadata, self, 8192, 2048); 493 chunked_sendfile(_metadata, self, 4096, 8192); 494 chunked_sendfile(_metadata, self, 8192, 4096); 495 chunked_sendfile(_metadata, self, 12288, 1024); 496 chunked_sendfile(_metadata, self, 12288, 2000); 497 chunked_sendfile(_metadata, self, 15360, 100); 498 chunked_sendfile(_metadata, self, 15360, 300); 499 chunked_sendfile(_metadata, self, 1, 4096); 500 chunked_sendfile(_metadata, self, 2048, 4096); 501 chunked_sendfile(_metadata, self, 2048, 8192); 502 chunked_sendfile(_metadata, self, 4096, 8192); 503 chunked_sendfile(_metadata, self, 1024, 12288); 504 chunked_sendfile(_metadata, self, 2000, 12288); 505 chunked_sendfile(_metadata, self, 100, 15360); 506 chunked_sendfile(_metadata, self, 300, 15360); 507 } 508 509 TEST_F(tls, recv_max) 510 { 511 unsigned int send_len = TLS_PAYLOAD_MAX_LEN; 512 char recv_mem[TLS_PAYLOAD_MAX_LEN]; 513 char buf[TLS_PAYLOAD_MAX_LEN]; 514 515 memrnd(buf, sizeof(buf)); 516 517 EXPECT_GE(send(self->fd, buf, send_len, 0), 0); 518 EXPECT_NE(recv(self->cfd, recv_mem, send_len, 0), -1); 519 EXPECT_EQ(memcmp(buf, recv_mem, send_len), 0); 520 } 521 522 TEST_F(tls, recv_small) 523 { 524 char const *test_str = "test_read"; 525 int send_len = 10; 526 char buf[10]; 527 528 send_len = strlen(test_str) + 1; 529 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 530 EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1); 531 EXPECT_EQ(memcmp(buf, test_str, send_len), 0); 532 } 533 534 TEST_F(tls, msg_more) 535 { 536 char const *test_str = "test_read"; 537 int send_len = 10; 538 char buf[10 * 2]; 539 540 EXPECT_EQ(send(self->fd, test_str, send_len, MSG_MORE), send_len); 541 EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_DONTWAIT), -1); 542 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 543 EXPECT_EQ(recv(self->cfd, buf, send_len * 2, MSG_WAITALL), 544 send_len * 2); 545 EXPECT_EQ(memcmp(buf, test_str, send_len), 0); 546 } 547 548 TEST_F(tls, msg_more_unsent) 549 { 550 char const *test_str = "test_read"; 551 int send_len = 10; 552 char buf[10]; 553 554 EXPECT_EQ(send(self->fd, test_str, send_len, MSG_MORE), send_len); 555 EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_DONTWAIT), -1); 556 } 557 558 TEST_F(tls, msg_eor) 559 { 560 char const *test_str = "test_read"; 561 int send_len = 10; 562 char buf[10]; 563 564 EXPECT_EQ(send(self->fd, test_str, send_len, MSG_EOR), send_len); 565 EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_WAITALL), send_len); 566 EXPECT_EQ(memcmp(buf, test_str, send_len), 0); 567 } 568 569 TEST_F(tls, sendmsg_single) 570 { 571 struct msghdr msg; 572 573 char const *test_str = "test_sendmsg"; 574 size_t send_len = 13; 575 struct iovec vec; 576 char buf[13]; 577 578 vec.iov_base = (char *)test_str; 579 vec.iov_len = send_len; 580 memset(&msg, 0, sizeof(struct msghdr)); 581 msg.msg_iov = &vec; 582 msg.msg_iovlen = 1; 583 EXPECT_EQ(sendmsg(self->fd, &msg, 0), send_len); 584 EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_WAITALL), send_len); 585 EXPECT_EQ(memcmp(buf, test_str, send_len), 0); 586 } 587 588 #define MAX_FRAGS 64 589 #define SEND_LEN 13 590 TEST_F(tls, sendmsg_fragmented) 591 { 592 char const *test_str = "test_sendmsg"; 593 char buf[SEND_LEN * MAX_FRAGS]; 594 struct iovec vec[MAX_FRAGS]; 595 struct msghdr msg; 596 int i, frags; 597 598 for (frags = 1; frags <= MAX_FRAGS; frags++) { 599 for (i = 0; i < frags; i++) { 600 vec[i].iov_base = (char *)test_str; 601 vec[i].iov_len = SEND_LEN; 602 } 603 604 memset(&msg, 0, sizeof(struct msghdr)); 605 msg.msg_iov = vec; 606 msg.msg_iovlen = frags; 607 608 EXPECT_EQ(sendmsg(self->fd, &msg, 0), SEND_LEN * frags); 609 EXPECT_EQ(recv(self->cfd, buf, SEND_LEN * frags, MSG_WAITALL), 610 SEND_LEN * frags); 611 612 for (i = 0; i < frags; i++) 613 EXPECT_EQ(memcmp(buf + SEND_LEN * i, 614 test_str, SEND_LEN), 0); 615 } 616 } 617 #undef MAX_FRAGS 618 #undef SEND_LEN 619 620 TEST_F(tls, sendmsg_large) 621 { 622 void *mem = malloc(16384); 623 size_t send_len = 16384; 624 size_t sends = 128; 625 struct msghdr msg; 626 size_t recvs = 0; 627 size_t sent = 0; 628 629 memset(&msg, 0, sizeof(struct msghdr)); 630 while (sent++ < sends) { 631 struct iovec vec = { (void *)mem, send_len }; 632 633 msg.msg_iov = &vec; 634 msg.msg_iovlen = 1; 635 EXPECT_EQ(sendmsg(self->fd, &msg, 0), send_len); 636 } 637 638 while (recvs++ < sends) { 639 EXPECT_NE(recv(self->cfd, mem, send_len, 0), -1); 640 } 641 642 free(mem); 643 } 644 645 TEST_F(tls, sendmsg_multiple) 646 { 647 char const *test_str = "test_sendmsg_multiple"; 648 struct iovec vec[5]; 649 char *test_strs[5]; 650 struct msghdr msg; 651 int total_len = 0; 652 int len_cmp = 0; 653 int iov_len = 5; 654 char *buf; 655 int i; 656 657 memset(&msg, 0, sizeof(struct msghdr)); 658 for (i = 0; i < iov_len; i++) { 659 test_strs[i] = (char *)malloc(strlen(test_str) + 1); 660 snprintf(test_strs[i], strlen(test_str) + 1, "%s", test_str); 661 vec[i].iov_base = (void *)test_strs[i]; 662 vec[i].iov_len = strlen(test_strs[i]) + 1; 663 total_len += vec[i].iov_len; 664 } 665 msg.msg_iov = vec; 666 msg.msg_iovlen = iov_len; 667 668 EXPECT_EQ(sendmsg(self->fd, &msg, 0), total_len); 669 buf = malloc(total_len); 670 EXPECT_NE(recv(self->cfd, buf, total_len, 0), -1); 671 for (i = 0; i < iov_len; i++) { 672 EXPECT_EQ(memcmp(test_strs[i], buf + len_cmp, 673 strlen(test_strs[i])), 674 0); 675 len_cmp += strlen(buf + len_cmp) + 1; 676 } 677 for (i = 0; i < iov_len; i++) 678 free(test_strs[i]); 679 free(buf); 680 } 681 682 TEST_F(tls, sendmsg_multiple_stress) 683 { 684 char const *test_str = "abcdefghijklmno"; 685 struct iovec vec[1024]; 686 char *test_strs[1024]; 687 int iov_len = 1024; 688 int total_len = 0; 689 char buf[1 << 14]; 690 struct msghdr msg; 691 int len_cmp = 0; 692 int i; 693 694 memset(&msg, 0, sizeof(struct msghdr)); 695 for (i = 0; i < iov_len; i++) { 696 test_strs[i] = (char *)malloc(strlen(test_str) + 1); 697 snprintf(test_strs[i], strlen(test_str) + 1, "%s", test_str); 698 vec[i].iov_base = (void *)test_strs[i]; 699 vec[i].iov_len = strlen(test_strs[i]) + 1; 700 total_len += vec[i].iov_len; 701 } 702 msg.msg_iov = vec; 703 msg.msg_iovlen = iov_len; 704 705 EXPECT_EQ(sendmsg(self->fd, &msg, 0), total_len); 706 EXPECT_NE(recv(self->cfd, buf, total_len, 0), -1); 707 708 for (i = 0; i < iov_len; i++) 709 len_cmp += strlen(buf + len_cmp) + 1; 710 711 for (i = 0; i < iov_len; i++) 712 free(test_strs[i]); 713 } 714 715 TEST_F(tls, splice_from_pipe) 716 { 717 int send_len = TLS_PAYLOAD_MAX_LEN; 718 char mem_send[TLS_PAYLOAD_MAX_LEN]; 719 char mem_recv[TLS_PAYLOAD_MAX_LEN]; 720 int p[2]; 721 722 ASSERT_GE(pipe(p), 0); 723 EXPECT_GE(write(p[1], mem_send, send_len), 0); 724 EXPECT_GE(splice(p[0], NULL, self->fd, NULL, send_len, 0), 0); 725 EXPECT_EQ(recv(self->cfd, mem_recv, send_len, MSG_WAITALL), send_len); 726 EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0); 727 } 728 729 TEST_F(tls, splice_more) 730 { 731 unsigned int f = SPLICE_F_NONBLOCK | SPLICE_F_MORE | SPLICE_F_GIFT; 732 int send_len = TLS_PAYLOAD_MAX_LEN; 733 char mem_send[TLS_PAYLOAD_MAX_LEN]; 734 int i, send_pipe = 1; 735 int p[2]; 736 737 ASSERT_GE(pipe(p), 0); 738 EXPECT_GE(write(p[1], mem_send, send_len), 0); 739 for (i = 0; i < 32; i++) 740 EXPECT_EQ(splice(p[0], NULL, self->fd, NULL, send_pipe, f), 1); 741 } 742 743 TEST_F(tls, splice_from_pipe2) 744 { 745 int send_len = 16000; 746 char mem_send[16000]; 747 char mem_recv[16000]; 748 int p2[2]; 749 int p[2]; 750 751 memrnd(mem_send, sizeof(mem_send)); 752 753 ASSERT_GE(pipe(p), 0); 754 ASSERT_GE(pipe(p2), 0); 755 EXPECT_EQ(write(p[1], mem_send, 8000), 8000); 756 EXPECT_EQ(splice(p[0], NULL, self->fd, NULL, 8000, 0), 8000); 757 EXPECT_EQ(write(p2[1], mem_send + 8000, 8000), 8000); 758 EXPECT_EQ(splice(p2[0], NULL, self->fd, NULL, 8000, 0), 8000); 759 EXPECT_EQ(recv(self->cfd, mem_recv, send_len, MSG_WAITALL), send_len); 760 EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0); 761 } 762 763 TEST_F(tls, send_and_splice) 764 { 765 int send_len = TLS_PAYLOAD_MAX_LEN; 766 char mem_send[TLS_PAYLOAD_MAX_LEN]; 767 char mem_recv[TLS_PAYLOAD_MAX_LEN]; 768 char const *test_str = "test_read"; 769 int send_len2 = 10; 770 char buf[10]; 771 int p[2]; 772 773 ASSERT_GE(pipe(p), 0); 774 EXPECT_EQ(send(self->fd, test_str, send_len2, 0), send_len2); 775 EXPECT_EQ(recv(self->cfd, buf, send_len2, MSG_WAITALL), send_len2); 776 EXPECT_EQ(memcmp(test_str, buf, send_len2), 0); 777 778 EXPECT_GE(write(p[1], mem_send, send_len), send_len); 779 EXPECT_GE(splice(p[0], NULL, self->fd, NULL, send_len, 0), send_len); 780 781 EXPECT_EQ(recv(self->cfd, mem_recv, send_len, MSG_WAITALL), send_len); 782 EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0); 783 } 784 785 TEST_F(tls, splice_to_pipe) 786 { 787 int send_len = TLS_PAYLOAD_MAX_LEN; 788 char mem_send[TLS_PAYLOAD_MAX_LEN]; 789 char mem_recv[TLS_PAYLOAD_MAX_LEN]; 790 int p[2]; 791 792 memrnd(mem_send, sizeof(mem_send)); 793 794 ASSERT_GE(pipe(p), 0); 795 EXPECT_EQ(send(self->fd, mem_send, send_len, 0), send_len); 796 EXPECT_EQ(splice(self->cfd, NULL, p[1], NULL, send_len, 0), send_len); 797 EXPECT_EQ(read(p[0], mem_recv, send_len), send_len); 798 EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0); 799 } 800 801 TEST_F(tls, splice_cmsg_to_pipe) 802 { 803 char *test_str = "test_read"; 804 char record_type = 100; 805 int send_len = 10; 806 char buf[10]; 807 int p[2]; 808 809 if (self->notls) 810 SKIP(return, "no TLS support"); 811 812 ASSERT_GE(pipe(p), 0); 813 EXPECT_EQ(tls_send_cmsg(self->fd, 100, test_str, send_len, 0), 10); 814 EXPECT_EQ(splice(self->cfd, NULL, p[1], NULL, send_len, 0), -1); 815 EXPECT_EQ(errno, EINVAL); 816 EXPECT_EQ(recv(self->cfd, buf, send_len, 0), -1); 817 EXPECT_EQ(errno, EIO); 818 EXPECT_EQ(tls_recv_cmsg(_metadata, self->cfd, record_type, 819 buf, sizeof(buf), MSG_WAITALL), 820 send_len); 821 EXPECT_EQ(memcmp(test_str, buf, send_len), 0); 822 } 823 824 TEST_F(tls, splice_dec_cmsg_to_pipe) 825 { 826 char *test_str = "test_read"; 827 char record_type = 100; 828 int send_len = 10; 829 char buf[10]; 830 int p[2]; 831 832 if (self->notls) 833 SKIP(return, "no TLS support"); 834 835 ASSERT_GE(pipe(p), 0); 836 EXPECT_EQ(tls_send_cmsg(self->fd, 100, test_str, send_len, 0), 10); 837 EXPECT_EQ(recv(self->cfd, buf, send_len, 0), -1); 838 EXPECT_EQ(errno, EIO); 839 EXPECT_EQ(splice(self->cfd, NULL, p[1], NULL, send_len, 0), -1); 840 EXPECT_EQ(errno, EINVAL); 841 EXPECT_EQ(tls_recv_cmsg(_metadata, self->cfd, record_type, 842 buf, sizeof(buf), MSG_WAITALL), 843 send_len); 844 EXPECT_EQ(memcmp(test_str, buf, send_len), 0); 845 } 846 847 TEST_F(tls, recv_and_splice) 848 { 849 int send_len = TLS_PAYLOAD_MAX_LEN; 850 char mem_send[TLS_PAYLOAD_MAX_LEN]; 851 char mem_recv[TLS_PAYLOAD_MAX_LEN]; 852 int half = send_len / 2; 853 int p[2]; 854 855 ASSERT_GE(pipe(p), 0); 856 EXPECT_EQ(send(self->fd, mem_send, send_len, 0), send_len); 857 /* Recv hald of the record, splice the other half */ 858 EXPECT_EQ(recv(self->cfd, mem_recv, half, MSG_WAITALL), half); 859 EXPECT_EQ(splice(self->cfd, NULL, p[1], NULL, half, SPLICE_F_NONBLOCK), 860 half); 861 EXPECT_EQ(read(p[0], &mem_recv[half], half), half); 862 EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0); 863 } 864 865 TEST_F(tls, peek_and_splice) 866 { 867 int send_len = TLS_PAYLOAD_MAX_LEN; 868 char mem_send[TLS_PAYLOAD_MAX_LEN]; 869 char mem_recv[TLS_PAYLOAD_MAX_LEN]; 870 int chunk = TLS_PAYLOAD_MAX_LEN / 4; 871 int n, i, p[2]; 872 873 memrnd(mem_send, sizeof(mem_send)); 874 875 ASSERT_GE(pipe(p), 0); 876 for (i = 0; i < 4; i++) 877 EXPECT_EQ(send(self->fd, &mem_send[chunk * i], chunk, 0), 878 chunk); 879 880 EXPECT_EQ(recv(self->cfd, mem_recv, chunk * 5 / 2, 881 MSG_WAITALL | MSG_PEEK), 882 chunk * 5 / 2); 883 EXPECT_EQ(memcmp(mem_send, mem_recv, chunk * 5 / 2), 0); 884 885 n = 0; 886 while (n < send_len) { 887 i = splice(self->cfd, NULL, p[1], NULL, send_len - n, 0); 888 EXPECT_GT(i, 0); 889 n += i; 890 } 891 EXPECT_EQ(n, send_len); 892 EXPECT_EQ(read(p[0], mem_recv, send_len), send_len); 893 EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0); 894 } 895 896 TEST_F(tls, recvmsg_single) 897 { 898 char const *test_str = "test_recvmsg_single"; 899 int send_len = strlen(test_str) + 1; 900 char buf[20]; 901 struct msghdr hdr; 902 struct iovec vec; 903 904 memset(&hdr, 0, sizeof(hdr)); 905 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 906 vec.iov_base = (char *)buf; 907 vec.iov_len = send_len; 908 hdr.msg_iovlen = 1; 909 hdr.msg_iov = &vec; 910 EXPECT_NE(recvmsg(self->cfd, &hdr, 0), -1); 911 EXPECT_EQ(memcmp(test_str, buf, send_len), 0); 912 } 913 914 TEST_F(tls, recvmsg_single_max) 915 { 916 int send_len = TLS_PAYLOAD_MAX_LEN; 917 char send_mem[TLS_PAYLOAD_MAX_LEN]; 918 char recv_mem[TLS_PAYLOAD_MAX_LEN]; 919 struct iovec vec; 920 struct msghdr hdr; 921 922 memrnd(send_mem, sizeof(send_mem)); 923 924 EXPECT_EQ(send(self->fd, send_mem, send_len, 0), send_len); 925 vec.iov_base = (char *)recv_mem; 926 vec.iov_len = TLS_PAYLOAD_MAX_LEN; 927 928 hdr.msg_iovlen = 1; 929 hdr.msg_iov = &vec; 930 EXPECT_NE(recvmsg(self->cfd, &hdr, 0), -1); 931 EXPECT_EQ(memcmp(send_mem, recv_mem, send_len), 0); 932 } 933 934 TEST_F(tls, recvmsg_multiple) 935 { 936 unsigned int msg_iovlen = 1024; 937 struct iovec vec[1024]; 938 char *iov_base[1024]; 939 unsigned int iov_len = 16; 940 int send_len = 1 << 14; 941 char buf[1 << 14]; 942 struct msghdr hdr; 943 int i; 944 945 memrnd(buf, sizeof(buf)); 946 947 EXPECT_EQ(send(self->fd, buf, send_len, 0), send_len); 948 for (i = 0; i < msg_iovlen; i++) { 949 iov_base[i] = (char *)malloc(iov_len); 950 vec[i].iov_base = iov_base[i]; 951 vec[i].iov_len = iov_len; 952 } 953 954 hdr.msg_iovlen = msg_iovlen; 955 hdr.msg_iov = vec; 956 EXPECT_NE(recvmsg(self->cfd, &hdr, 0), -1); 957 958 for (i = 0; i < msg_iovlen; i++) 959 free(iov_base[i]); 960 } 961 962 TEST_F(tls, single_send_multiple_recv) 963 { 964 unsigned int total_len = TLS_PAYLOAD_MAX_LEN * 2; 965 unsigned int send_len = TLS_PAYLOAD_MAX_LEN; 966 char send_mem[TLS_PAYLOAD_MAX_LEN * 2]; 967 char recv_mem[TLS_PAYLOAD_MAX_LEN * 2]; 968 969 memrnd(send_mem, sizeof(send_mem)); 970 971 EXPECT_GE(send(self->fd, send_mem, total_len, 0), 0); 972 memset(recv_mem, 0, total_len); 973 974 EXPECT_NE(recv(self->cfd, recv_mem, send_len, 0), -1); 975 EXPECT_NE(recv(self->cfd, recv_mem + send_len, send_len, 0), -1); 976 EXPECT_EQ(memcmp(send_mem, recv_mem, total_len), 0); 977 } 978 979 TEST_F(tls, multiple_send_single_recv) 980 { 981 unsigned int total_len = 2 * 10; 982 unsigned int send_len = 10; 983 char recv_mem[2 * 10]; 984 char send_mem[10]; 985 986 memrnd(send_mem, sizeof(send_mem)); 987 988 EXPECT_GE(send(self->fd, send_mem, send_len, 0), 0); 989 EXPECT_GE(send(self->fd, send_mem, send_len, 0), 0); 990 memset(recv_mem, 0, total_len); 991 EXPECT_EQ(recv(self->cfd, recv_mem, total_len, MSG_WAITALL), total_len); 992 993 EXPECT_EQ(memcmp(send_mem, recv_mem, send_len), 0); 994 EXPECT_EQ(memcmp(send_mem, recv_mem + send_len, send_len), 0); 995 } 996 997 TEST_F(tls, single_send_multiple_recv_non_align) 998 { 999 const unsigned int total_len = 15; 1000 const unsigned int recv_len = 10; 1001 char recv_mem[recv_len * 2]; 1002 char send_mem[total_len]; 1003 1004 memrnd(send_mem, sizeof(send_mem)); 1005 1006 EXPECT_GE(send(self->fd, send_mem, total_len, 0), 0); 1007 memset(recv_mem, 0, total_len); 1008 1009 EXPECT_EQ(recv(self->cfd, recv_mem, recv_len, 0), recv_len); 1010 EXPECT_EQ(recv(self->cfd, recv_mem + recv_len, recv_len, 0), 5); 1011 EXPECT_EQ(memcmp(send_mem, recv_mem, total_len), 0); 1012 } 1013 1014 TEST_F(tls, recv_partial) 1015 { 1016 char const *test_str = "test_read_partial"; 1017 char const *test_str_first = "test_read"; 1018 char const *test_str_second = "_partial"; 1019 int send_len = strlen(test_str) + 1; 1020 char recv_mem[18]; 1021 1022 memset(recv_mem, 0, sizeof(recv_mem)); 1023 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 1024 EXPECT_EQ(recv(self->cfd, recv_mem, strlen(test_str_first), 1025 MSG_WAITALL), strlen(test_str_first)); 1026 EXPECT_EQ(memcmp(test_str_first, recv_mem, strlen(test_str_first)), 0); 1027 memset(recv_mem, 0, sizeof(recv_mem)); 1028 EXPECT_EQ(recv(self->cfd, recv_mem, strlen(test_str_second), 1029 MSG_WAITALL), strlen(test_str_second)); 1030 EXPECT_EQ(memcmp(test_str_second, recv_mem, strlen(test_str_second)), 1031 0); 1032 } 1033 1034 TEST_F(tls, recv_nonblock) 1035 { 1036 char buf[4096]; 1037 bool err; 1038 1039 EXPECT_EQ(recv(self->cfd, buf, sizeof(buf), MSG_DONTWAIT), -1); 1040 err = (errno == EAGAIN || errno == EWOULDBLOCK); 1041 EXPECT_EQ(err, true); 1042 } 1043 1044 TEST_F(tls, recv_peek) 1045 { 1046 char const *test_str = "test_read_peek"; 1047 int send_len = strlen(test_str) + 1; 1048 char buf[15]; 1049 1050 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 1051 EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_PEEK), send_len); 1052 EXPECT_EQ(memcmp(test_str, buf, send_len), 0); 1053 memset(buf, 0, sizeof(buf)); 1054 EXPECT_EQ(recv(self->cfd, buf, send_len, 0), send_len); 1055 EXPECT_EQ(memcmp(test_str, buf, send_len), 0); 1056 } 1057 1058 TEST_F(tls, recv_peek_multiple) 1059 { 1060 char const *test_str = "test_read_peek"; 1061 int send_len = strlen(test_str) + 1; 1062 unsigned int num_peeks = 100; 1063 char buf[15]; 1064 int i; 1065 1066 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 1067 for (i = 0; i < num_peeks; i++) { 1068 EXPECT_NE(recv(self->cfd, buf, send_len, MSG_PEEK), -1); 1069 EXPECT_EQ(memcmp(test_str, buf, send_len), 0); 1070 memset(buf, 0, sizeof(buf)); 1071 } 1072 EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1); 1073 EXPECT_EQ(memcmp(test_str, buf, send_len), 0); 1074 } 1075 1076 TEST_F(tls, recv_peek_multiple_records) 1077 { 1078 char const *test_str = "test_read_peek_mult_recs"; 1079 char const *test_str_first = "test_read_peek"; 1080 char const *test_str_second = "_mult_recs"; 1081 int len; 1082 char buf[64]; 1083 1084 len = strlen(test_str_first); 1085 EXPECT_EQ(send(self->fd, test_str_first, len, 0), len); 1086 1087 len = strlen(test_str_second) + 1; 1088 EXPECT_EQ(send(self->fd, test_str_second, len, 0), len); 1089 1090 len = strlen(test_str_first); 1091 memset(buf, 0, len); 1092 EXPECT_EQ(recv(self->cfd, buf, len, MSG_PEEK | MSG_WAITALL), len); 1093 1094 /* MSG_PEEK can only peek into the current record. */ 1095 len = strlen(test_str_first); 1096 EXPECT_EQ(memcmp(test_str_first, buf, len), 0); 1097 1098 len = strlen(test_str) + 1; 1099 memset(buf, 0, len); 1100 EXPECT_EQ(recv(self->cfd, buf, len, MSG_WAITALL), len); 1101 1102 /* Non-MSG_PEEK will advance strparser (and therefore record) 1103 * however. 1104 */ 1105 len = strlen(test_str) + 1; 1106 EXPECT_EQ(memcmp(test_str, buf, len), 0); 1107 1108 /* MSG_MORE will hold current record open, so later MSG_PEEK 1109 * will see everything. 1110 */ 1111 len = strlen(test_str_first); 1112 EXPECT_EQ(send(self->fd, test_str_first, len, MSG_MORE), len); 1113 1114 len = strlen(test_str_second) + 1; 1115 EXPECT_EQ(send(self->fd, test_str_second, len, 0), len); 1116 1117 len = strlen(test_str) + 1; 1118 memset(buf, 0, len); 1119 EXPECT_EQ(recv(self->cfd, buf, len, MSG_PEEK | MSG_WAITALL), len); 1120 1121 len = strlen(test_str) + 1; 1122 EXPECT_EQ(memcmp(test_str, buf, len), 0); 1123 } 1124 1125 TEST_F(tls, recv_peek_large_buf_mult_recs) 1126 { 1127 char const *test_str = "test_read_peek_mult_recs"; 1128 char const *test_str_first = "test_read_peek"; 1129 char const *test_str_second = "_mult_recs"; 1130 int len; 1131 char buf[64]; 1132 1133 len = strlen(test_str_first); 1134 EXPECT_EQ(send(self->fd, test_str_first, len, 0), len); 1135 1136 len = strlen(test_str_second) + 1; 1137 EXPECT_EQ(send(self->fd, test_str_second, len, 0), len); 1138 1139 len = strlen(test_str) + 1; 1140 memset(buf, 0, len); 1141 EXPECT_NE((len = recv(self->cfd, buf, len, 1142 MSG_PEEK | MSG_WAITALL)), -1); 1143 len = strlen(test_str) + 1; 1144 EXPECT_EQ(memcmp(test_str, buf, len), 0); 1145 } 1146 1147 TEST_F(tls, recv_lowat) 1148 { 1149 char send_mem[10] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 }; 1150 char recv_mem[20]; 1151 int lowat = 8; 1152 1153 EXPECT_EQ(send(self->fd, send_mem, 10, 0), 10); 1154 EXPECT_EQ(send(self->fd, send_mem, 5, 0), 5); 1155 1156 memset(recv_mem, 0, 20); 1157 EXPECT_EQ(setsockopt(self->cfd, SOL_SOCKET, SO_RCVLOWAT, 1158 &lowat, sizeof(lowat)), 0); 1159 EXPECT_EQ(recv(self->cfd, recv_mem, 1, MSG_WAITALL), 1); 1160 EXPECT_EQ(recv(self->cfd, recv_mem + 1, 6, MSG_WAITALL), 6); 1161 EXPECT_EQ(recv(self->cfd, recv_mem + 7, 10, 0), 8); 1162 1163 EXPECT_EQ(memcmp(send_mem, recv_mem, 10), 0); 1164 EXPECT_EQ(memcmp(send_mem, recv_mem + 10, 5), 0); 1165 } 1166 1167 TEST_F(tls, bidir) 1168 { 1169 char const *test_str = "test_read"; 1170 int send_len = 10; 1171 char buf[10]; 1172 int ret; 1173 1174 if (!self->notls) { 1175 struct tls_crypto_info_keys tls12; 1176 1177 tls_crypto_info_init(variant->tls_version, variant->cipher_type, 1178 &tls12); 1179 1180 ret = setsockopt(self->fd, SOL_TLS, TLS_RX, &tls12, 1181 tls12.len); 1182 ASSERT_EQ(ret, 0); 1183 1184 ret = setsockopt(self->cfd, SOL_TLS, TLS_TX, &tls12, 1185 tls12.len); 1186 ASSERT_EQ(ret, 0); 1187 } 1188 1189 ASSERT_EQ(strlen(test_str) + 1, send_len); 1190 1191 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 1192 EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1); 1193 EXPECT_EQ(memcmp(buf, test_str, send_len), 0); 1194 1195 memset(buf, 0, sizeof(buf)); 1196 1197 EXPECT_EQ(send(self->cfd, test_str, send_len, 0), send_len); 1198 EXPECT_NE(recv(self->fd, buf, send_len, 0), -1); 1199 EXPECT_EQ(memcmp(buf, test_str, send_len), 0); 1200 }; 1201 1202 TEST_F(tls, pollin) 1203 { 1204 char const *test_str = "test_poll"; 1205 struct pollfd fd = { 0, 0, 0 }; 1206 char buf[10]; 1207 int send_len = 10; 1208 1209 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 1210 fd.fd = self->cfd; 1211 fd.events = POLLIN; 1212 1213 EXPECT_EQ(poll(&fd, 1, 20), 1); 1214 EXPECT_EQ(fd.revents & POLLIN, 1); 1215 EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_WAITALL), send_len); 1216 /* Test timing out */ 1217 EXPECT_EQ(poll(&fd, 1, 20), 0); 1218 } 1219 1220 TEST_F(tls, poll_wait) 1221 { 1222 char const *test_str = "test_poll_wait"; 1223 int send_len = strlen(test_str) + 1; 1224 struct pollfd fd = { 0, 0, 0 }; 1225 char recv_mem[15]; 1226 1227 fd.fd = self->cfd; 1228 fd.events = POLLIN; 1229 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 1230 /* Set timeout to inf. secs */ 1231 EXPECT_EQ(poll(&fd, 1, -1), 1); 1232 EXPECT_EQ(fd.revents & POLLIN, 1); 1233 EXPECT_EQ(recv(self->cfd, recv_mem, send_len, MSG_WAITALL), send_len); 1234 } 1235 1236 TEST_F(tls, poll_wait_split) 1237 { 1238 struct pollfd fd = { 0, 0, 0 }; 1239 char send_mem[20] = {}; 1240 char recv_mem[15]; 1241 1242 fd.fd = self->cfd; 1243 fd.events = POLLIN; 1244 /* Send 20 bytes */ 1245 EXPECT_EQ(send(self->fd, send_mem, sizeof(send_mem), 0), 1246 sizeof(send_mem)); 1247 /* Poll with inf. timeout */ 1248 EXPECT_EQ(poll(&fd, 1, -1), 1); 1249 EXPECT_EQ(fd.revents & POLLIN, 1); 1250 EXPECT_EQ(recv(self->cfd, recv_mem, sizeof(recv_mem), MSG_WAITALL), 1251 sizeof(recv_mem)); 1252 1253 /* Now the remaining 5 bytes of record data are in TLS ULP */ 1254 fd.fd = self->cfd; 1255 fd.events = POLLIN; 1256 EXPECT_EQ(poll(&fd, 1, -1), 1); 1257 EXPECT_EQ(fd.revents & POLLIN, 1); 1258 EXPECT_EQ(recv(self->cfd, recv_mem, sizeof(recv_mem), 0), 1259 sizeof(send_mem) - sizeof(recv_mem)); 1260 } 1261 1262 TEST_F(tls, blocking) 1263 { 1264 size_t data = 100000; 1265 int res = fork(); 1266 1267 EXPECT_NE(res, -1); 1268 1269 if (res) { 1270 /* parent */ 1271 size_t left = data; 1272 char buf[16384]; 1273 int status; 1274 int pid2; 1275 1276 while (left) { 1277 int res = send(self->fd, buf, 1278 left > 16384 ? 16384 : left, 0); 1279 1280 EXPECT_GE(res, 0); 1281 left -= res; 1282 } 1283 1284 pid2 = wait(&status); 1285 EXPECT_EQ(status, 0); 1286 EXPECT_EQ(res, pid2); 1287 } else { 1288 /* child */ 1289 size_t left = data; 1290 char buf[16384]; 1291 1292 while (left) { 1293 int res = recv(self->cfd, buf, 1294 left > 16384 ? 16384 : left, 0); 1295 1296 EXPECT_GE(res, 0); 1297 left -= res; 1298 } 1299 } 1300 } 1301 1302 TEST_F(tls, nonblocking) 1303 { 1304 size_t data = 100000; 1305 int sendbuf = 100; 1306 int flags; 1307 int res; 1308 1309 flags = fcntl(self->fd, F_GETFL, 0); 1310 fcntl(self->fd, F_SETFL, flags | O_NONBLOCK); 1311 fcntl(self->cfd, F_SETFL, flags | O_NONBLOCK); 1312 1313 /* Ensure nonblocking behavior by imposing a small send 1314 * buffer. 1315 */ 1316 EXPECT_EQ(setsockopt(self->fd, SOL_SOCKET, SO_SNDBUF, 1317 &sendbuf, sizeof(sendbuf)), 0); 1318 1319 res = fork(); 1320 EXPECT_NE(res, -1); 1321 1322 if (res) { 1323 /* parent */ 1324 bool eagain = false; 1325 size_t left = data; 1326 char buf[16384]; 1327 int status; 1328 int pid2; 1329 1330 while (left) { 1331 int res = send(self->fd, buf, 1332 left > 16384 ? 16384 : left, 0); 1333 1334 if (res == -1 && errno == EAGAIN) { 1335 eagain = true; 1336 usleep(10000); 1337 continue; 1338 } 1339 EXPECT_GE(res, 0); 1340 left -= res; 1341 } 1342 1343 EXPECT_TRUE(eagain); 1344 pid2 = wait(&status); 1345 1346 EXPECT_EQ(status, 0); 1347 EXPECT_EQ(res, pid2); 1348 } else { 1349 /* child */ 1350 bool eagain = false; 1351 size_t left = data; 1352 char buf[16384]; 1353 1354 while (left) { 1355 int res = recv(self->cfd, buf, 1356 left > 16384 ? 16384 : left, 0); 1357 1358 if (res == -1 && errno == EAGAIN) { 1359 eagain = true; 1360 usleep(10000); 1361 continue; 1362 } 1363 EXPECT_GE(res, 0); 1364 left -= res; 1365 } 1366 EXPECT_TRUE(eagain); 1367 } 1368 } 1369 1370 static void 1371 test_mutliproc(struct __test_metadata *_metadata, struct _test_data_tls *self, 1372 bool sendpg, unsigned int n_readers, unsigned int n_writers) 1373 { 1374 const unsigned int n_children = n_readers + n_writers; 1375 const size_t data = 6 * 1000 * 1000; 1376 const size_t file_sz = data / 100; 1377 size_t read_bias, write_bias; 1378 int i, fd, child_id; 1379 char buf[file_sz]; 1380 pid_t pid; 1381 1382 /* Only allow multiples for simplicity */ 1383 ASSERT_EQ(!(n_readers % n_writers) || !(n_writers % n_readers), true); 1384 read_bias = n_writers / n_readers ?: 1; 1385 write_bias = n_readers / n_writers ?: 1; 1386 1387 /* prep a file to send */ 1388 fd = open("/tmp/", O_TMPFILE | O_RDWR, 0600); 1389 ASSERT_GE(fd, 0); 1390 1391 memset(buf, 0xac, file_sz); 1392 ASSERT_EQ(write(fd, buf, file_sz), file_sz); 1393 1394 /* spawn children */ 1395 for (child_id = 0; child_id < n_children; child_id++) { 1396 pid = fork(); 1397 ASSERT_NE(pid, -1); 1398 if (!pid) 1399 break; 1400 } 1401 1402 /* parent waits for all children */ 1403 if (pid) { 1404 for (i = 0; i < n_children; i++) { 1405 int status; 1406 1407 wait(&status); 1408 EXPECT_EQ(status, 0); 1409 } 1410 1411 return; 1412 } 1413 1414 /* Split threads for reading and writing */ 1415 if (child_id < n_readers) { 1416 size_t left = data * read_bias; 1417 char rb[8001]; 1418 1419 while (left) { 1420 int res; 1421 1422 res = recv(self->cfd, rb, 1423 left > sizeof(rb) ? sizeof(rb) : left, 0); 1424 1425 EXPECT_GE(res, 0); 1426 left -= res; 1427 } 1428 } else { 1429 size_t left = data * write_bias; 1430 1431 while (left) { 1432 int res; 1433 1434 ASSERT_EQ(lseek(fd, 0, SEEK_SET), 0); 1435 if (sendpg) 1436 res = sendfile(self->fd, fd, NULL, 1437 left > file_sz ? file_sz : left); 1438 else 1439 res = send(self->fd, buf, 1440 left > file_sz ? file_sz : left, 0); 1441 1442 EXPECT_GE(res, 0); 1443 left -= res; 1444 } 1445 } 1446 } 1447 1448 TEST_F(tls, mutliproc_even) 1449 { 1450 test_mutliproc(_metadata, self, false, 6, 6); 1451 } 1452 1453 TEST_F(tls, mutliproc_readers) 1454 { 1455 test_mutliproc(_metadata, self, false, 4, 12); 1456 } 1457 1458 TEST_F(tls, mutliproc_writers) 1459 { 1460 test_mutliproc(_metadata, self, false, 10, 2); 1461 } 1462 1463 TEST_F(tls, mutliproc_sendpage_even) 1464 { 1465 test_mutliproc(_metadata, self, true, 6, 6); 1466 } 1467 1468 TEST_F(tls, mutliproc_sendpage_readers) 1469 { 1470 test_mutliproc(_metadata, self, true, 4, 12); 1471 } 1472 1473 TEST_F(tls, mutliproc_sendpage_writers) 1474 { 1475 test_mutliproc(_metadata, self, true, 10, 2); 1476 } 1477 1478 TEST_F(tls, control_msg) 1479 { 1480 char *test_str = "test_read"; 1481 char record_type = 100; 1482 int send_len = 10; 1483 char buf[10]; 1484 1485 if (self->notls) 1486 SKIP(return, "no TLS support"); 1487 1488 EXPECT_EQ(tls_send_cmsg(self->fd, record_type, test_str, send_len, 0), 1489 send_len); 1490 /* Should fail because we didn't provide a control message */ 1491 EXPECT_EQ(recv(self->cfd, buf, send_len, 0), -1); 1492 1493 EXPECT_EQ(tls_recv_cmsg(_metadata, self->cfd, record_type, 1494 buf, sizeof(buf), MSG_WAITALL | MSG_PEEK), 1495 send_len); 1496 EXPECT_EQ(memcmp(buf, test_str, send_len), 0); 1497 1498 /* Recv the message again without MSG_PEEK */ 1499 memset(buf, 0, sizeof(buf)); 1500 1501 EXPECT_EQ(tls_recv_cmsg(_metadata, self->cfd, record_type, 1502 buf, sizeof(buf), MSG_WAITALL), 1503 send_len); 1504 EXPECT_EQ(memcmp(buf, test_str, send_len), 0); 1505 } 1506 1507 TEST_F(tls, control_msg_nomerge) 1508 { 1509 char *rec1 = "1111"; 1510 char *rec2 = "2222"; 1511 int send_len = 5; 1512 char buf[15]; 1513 1514 if (self->notls) 1515 SKIP(return, "no TLS support"); 1516 1517 EXPECT_EQ(tls_send_cmsg(self->fd, 100, rec1, send_len, 0), send_len); 1518 EXPECT_EQ(tls_send_cmsg(self->fd, 100, rec2, send_len, 0), send_len); 1519 1520 EXPECT_EQ(tls_recv_cmsg(_metadata, self->cfd, 100, buf, sizeof(buf), MSG_PEEK), send_len); 1521 EXPECT_EQ(memcmp(buf, rec1, send_len), 0); 1522 1523 EXPECT_EQ(tls_recv_cmsg(_metadata, self->cfd, 100, buf, sizeof(buf), MSG_PEEK), send_len); 1524 EXPECT_EQ(memcmp(buf, rec1, send_len), 0); 1525 1526 EXPECT_EQ(tls_recv_cmsg(_metadata, self->cfd, 100, buf, sizeof(buf), 0), send_len); 1527 EXPECT_EQ(memcmp(buf, rec1, send_len), 0); 1528 1529 EXPECT_EQ(tls_recv_cmsg(_metadata, self->cfd, 100, buf, sizeof(buf), 0), send_len); 1530 EXPECT_EQ(memcmp(buf, rec2, send_len), 0); 1531 } 1532 1533 TEST_F(tls, data_control_data) 1534 { 1535 char *rec1 = "1111"; 1536 char *rec2 = "2222"; 1537 char *rec3 = "3333"; 1538 int send_len = 5; 1539 char buf[15]; 1540 1541 if (self->notls) 1542 SKIP(return, "no TLS support"); 1543 1544 EXPECT_EQ(send(self->fd, rec1, send_len, 0), send_len); 1545 EXPECT_EQ(tls_send_cmsg(self->fd, 100, rec2, send_len, 0), send_len); 1546 EXPECT_EQ(send(self->fd, rec3, send_len, 0), send_len); 1547 1548 EXPECT_EQ(recv(self->cfd, buf, sizeof(buf), MSG_PEEK), send_len); 1549 EXPECT_EQ(recv(self->cfd, buf, sizeof(buf), MSG_PEEK), send_len); 1550 } 1551 1552 TEST_F(tls, shutdown) 1553 { 1554 char const *test_str = "test_read"; 1555 int send_len = 10; 1556 char buf[10]; 1557 1558 ASSERT_EQ(strlen(test_str) + 1, send_len); 1559 1560 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 1561 EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1); 1562 EXPECT_EQ(memcmp(buf, test_str, send_len), 0); 1563 1564 shutdown(self->fd, SHUT_RDWR); 1565 shutdown(self->cfd, SHUT_RDWR); 1566 } 1567 1568 TEST_F(tls, shutdown_unsent) 1569 { 1570 char const *test_str = "test_read"; 1571 int send_len = 10; 1572 1573 EXPECT_EQ(send(self->fd, test_str, send_len, MSG_MORE), send_len); 1574 1575 shutdown(self->fd, SHUT_RDWR); 1576 shutdown(self->cfd, SHUT_RDWR); 1577 } 1578 1579 TEST_F(tls, shutdown_reuse) 1580 { 1581 struct sockaddr_in addr; 1582 int ret; 1583 1584 shutdown(self->fd, SHUT_RDWR); 1585 shutdown(self->cfd, SHUT_RDWR); 1586 close(self->cfd); 1587 1588 addr.sin_family = AF_INET; 1589 addr.sin_addr.s_addr = htonl(INADDR_ANY); 1590 addr.sin_port = 0; 1591 1592 ret = bind(self->fd, &addr, sizeof(addr)); 1593 EXPECT_EQ(ret, 0); 1594 ret = listen(self->fd, 10); 1595 EXPECT_EQ(ret, -1); 1596 EXPECT_EQ(errno, EINVAL); 1597 1598 ret = connect(self->fd, &addr, sizeof(addr)); 1599 EXPECT_EQ(ret, -1); 1600 EXPECT_EQ(errno, EISCONN); 1601 } 1602 1603 TEST_F(tls, getsockopt) 1604 { 1605 struct tls_crypto_info_keys expect, get; 1606 socklen_t len; 1607 1608 /* get only the version/cipher */ 1609 len = sizeof(struct tls_crypto_info); 1610 memrnd(&get, sizeof(get)); 1611 EXPECT_EQ(getsockopt(self->fd, SOL_TLS, TLS_TX, &get, &len), 0); 1612 EXPECT_EQ(len, sizeof(struct tls_crypto_info)); 1613 EXPECT_EQ(get.crypto_info.version, variant->tls_version); 1614 EXPECT_EQ(get.crypto_info.cipher_type, variant->cipher_type); 1615 1616 /* get the full crypto_info */ 1617 tls_crypto_info_init(variant->tls_version, variant->cipher_type, &expect); 1618 len = expect.len; 1619 memrnd(&get, sizeof(get)); 1620 EXPECT_EQ(getsockopt(self->fd, SOL_TLS, TLS_TX, &get, &len), 0); 1621 EXPECT_EQ(len, expect.len); 1622 EXPECT_EQ(get.crypto_info.version, variant->tls_version); 1623 EXPECT_EQ(get.crypto_info.cipher_type, variant->cipher_type); 1624 EXPECT_EQ(memcmp(&get, &expect, expect.len), 0); 1625 1626 /* short get should fail */ 1627 len = sizeof(struct tls_crypto_info) - 1; 1628 EXPECT_EQ(getsockopt(self->fd, SOL_TLS, TLS_TX, &get, &len), -1); 1629 EXPECT_EQ(errno, EINVAL); 1630 1631 /* partial get of the cipher data should fail */ 1632 len = expect.len - 1; 1633 EXPECT_EQ(getsockopt(self->fd, SOL_TLS, TLS_TX, &get, &len), -1); 1634 EXPECT_EQ(errno, EINVAL); 1635 } 1636 1637 TEST_F(tls, recv_efault) 1638 { 1639 char *rec1 = "1111111111"; 1640 char *rec2 = "2222222222"; 1641 struct msghdr hdr = {}; 1642 struct iovec iov[2]; 1643 char recv_mem[12]; 1644 int ret; 1645 1646 if (self->notls) 1647 SKIP(return, "no TLS support"); 1648 1649 EXPECT_EQ(send(self->fd, rec1, 10, 0), 10); 1650 EXPECT_EQ(send(self->fd, rec2, 10, 0), 10); 1651 1652 iov[0].iov_base = recv_mem; 1653 iov[0].iov_len = sizeof(recv_mem); 1654 iov[1].iov_base = NULL; /* broken iov to make process_rx_list fail */ 1655 iov[1].iov_len = 1; 1656 1657 hdr.msg_iovlen = 2; 1658 hdr.msg_iov = iov; 1659 1660 EXPECT_EQ(recv(self->cfd, recv_mem, 1, 0), 1); 1661 EXPECT_EQ(recv_mem[0], rec1[0]); 1662 1663 ret = recvmsg(self->cfd, &hdr, 0); 1664 EXPECT_LE(ret, sizeof(recv_mem)); 1665 EXPECT_GE(ret, 9); 1666 EXPECT_EQ(memcmp(rec1, recv_mem, 9), 0); 1667 if (ret > 9) 1668 EXPECT_EQ(memcmp(rec2, recv_mem + 9, ret - 9), 0); 1669 } 1670 1671 FIXTURE(tls_err) 1672 { 1673 int fd, cfd; 1674 int fd2, cfd2; 1675 bool notls; 1676 }; 1677 1678 FIXTURE_VARIANT(tls_err) 1679 { 1680 uint16_t tls_version; 1681 }; 1682 1683 FIXTURE_VARIANT_ADD(tls_err, 12_aes_gcm) 1684 { 1685 .tls_version = TLS_1_2_VERSION, 1686 }; 1687 1688 FIXTURE_VARIANT_ADD(tls_err, 13_aes_gcm) 1689 { 1690 .tls_version = TLS_1_3_VERSION, 1691 }; 1692 1693 FIXTURE_SETUP(tls_err) 1694 { 1695 struct tls_crypto_info_keys tls12; 1696 int ret; 1697 1698 tls_crypto_info_init(variant->tls_version, TLS_CIPHER_AES_GCM_128, 1699 &tls12); 1700 1701 ulp_sock_pair(_metadata, &self->fd, &self->cfd, &self->notls); 1702 ulp_sock_pair(_metadata, &self->fd2, &self->cfd2, &self->notls); 1703 if (self->notls) 1704 return; 1705 1706 ret = setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, tls12.len); 1707 ASSERT_EQ(ret, 0); 1708 1709 ret = setsockopt(self->cfd2, SOL_TLS, TLS_RX, &tls12, tls12.len); 1710 ASSERT_EQ(ret, 0); 1711 } 1712 1713 FIXTURE_TEARDOWN(tls_err) 1714 { 1715 close(self->fd); 1716 close(self->cfd); 1717 close(self->fd2); 1718 close(self->cfd2); 1719 } 1720 1721 TEST_F(tls_err, bad_rec) 1722 { 1723 char buf[64]; 1724 1725 if (self->notls) 1726 SKIP(return, "no TLS support"); 1727 1728 memset(buf, 0x55, sizeof(buf)); 1729 EXPECT_EQ(send(self->fd2, buf, sizeof(buf), 0), sizeof(buf)); 1730 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1); 1731 EXPECT_EQ(errno, EMSGSIZE); 1732 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), MSG_DONTWAIT), -1); 1733 EXPECT_EQ(errno, EAGAIN); 1734 } 1735 1736 TEST_F(tls_err, bad_auth) 1737 { 1738 char buf[128]; 1739 int n; 1740 1741 if (self->notls) 1742 SKIP(return, "no TLS support"); 1743 1744 memrnd(buf, sizeof(buf) / 2); 1745 EXPECT_EQ(send(self->fd, buf, sizeof(buf) / 2, 0), sizeof(buf) / 2); 1746 n = recv(self->cfd, buf, sizeof(buf), 0); 1747 EXPECT_GT(n, sizeof(buf) / 2); 1748 1749 buf[n - 1]++; 1750 1751 EXPECT_EQ(send(self->fd2, buf, n, 0), n); 1752 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1); 1753 EXPECT_EQ(errno, EBADMSG); 1754 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1); 1755 EXPECT_EQ(errno, EBADMSG); 1756 } 1757 1758 TEST_F(tls_err, bad_in_large_read) 1759 { 1760 char txt[3][64]; 1761 char cip[3][128]; 1762 char buf[3 * 128]; 1763 int i, n; 1764 1765 if (self->notls) 1766 SKIP(return, "no TLS support"); 1767 1768 /* Put 3 records in the sockets */ 1769 for (i = 0; i < 3; i++) { 1770 memrnd(txt[i], sizeof(txt[i])); 1771 EXPECT_EQ(send(self->fd, txt[i], sizeof(txt[i]), 0), 1772 sizeof(txt[i])); 1773 n = recv(self->cfd, cip[i], sizeof(cip[i]), 0); 1774 EXPECT_GT(n, sizeof(txt[i])); 1775 /* Break the third message */ 1776 if (i == 2) 1777 cip[2][n - 1]++; 1778 EXPECT_EQ(send(self->fd2, cip[i], n, 0), n); 1779 } 1780 1781 /* We should be able to receive the first two messages */ 1782 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), sizeof(txt[0]) * 2); 1783 EXPECT_EQ(memcmp(buf, txt[0], sizeof(txt[0])), 0); 1784 EXPECT_EQ(memcmp(buf + sizeof(txt[0]), txt[1], sizeof(txt[1])), 0); 1785 /* Third mesasge is bad */ 1786 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1); 1787 EXPECT_EQ(errno, EBADMSG); 1788 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1); 1789 EXPECT_EQ(errno, EBADMSG); 1790 } 1791 1792 TEST_F(tls_err, bad_cmsg) 1793 { 1794 char *test_str = "test_read"; 1795 int send_len = 10; 1796 char cip[128]; 1797 char buf[128]; 1798 char txt[64]; 1799 int n; 1800 1801 if (self->notls) 1802 SKIP(return, "no TLS support"); 1803 1804 /* Queue up one data record */ 1805 memrnd(txt, sizeof(txt)); 1806 EXPECT_EQ(send(self->fd, txt, sizeof(txt), 0), sizeof(txt)); 1807 n = recv(self->cfd, cip, sizeof(cip), 0); 1808 EXPECT_GT(n, sizeof(txt)); 1809 EXPECT_EQ(send(self->fd2, cip, n, 0), n); 1810 1811 EXPECT_EQ(tls_send_cmsg(self->fd, 100, test_str, send_len, 0), 10); 1812 n = recv(self->cfd, cip, sizeof(cip), 0); 1813 cip[n - 1]++; /* Break it */ 1814 EXPECT_GT(n, send_len); 1815 EXPECT_EQ(send(self->fd2, cip, n, 0), n); 1816 1817 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), sizeof(txt)); 1818 EXPECT_EQ(memcmp(buf, txt, sizeof(txt)), 0); 1819 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1); 1820 EXPECT_EQ(errno, EBADMSG); 1821 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1); 1822 EXPECT_EQ(errno, EBADMSG); 1823 } 1824 1825 TEST_F(tls_err, timeo) 1826 { 1827 struct timeval tv = { .tv_usec = 10000, }; 1828 char buf[128]; 1829 int ret; 1830 1831 if (self->notls) 1832 SKIP(return, "no TLS support"); 1833 1834 ret = setsockopt(self->cfd2, SOL_SOCKET, SO_RCVTIMEO, &tv, sizeof(tv)); 1835 ASSERT_EQ(ret, 0); 1836 1837 ret = fork(); 1838 ASSERT_GE(ret, 0); 1839 1840 if (ret) { 1841 usleep(1000); /* Give child a head start */ 1842 1843 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1); 1844 EXPECT_EQ(errno, EAGAIN); 1845 1846 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1); 1847 EXPECT_EQ(errno, EAGAIN); 1848 1849 wait(&ret); 1850 } else { 1851 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1); 1852 EXPECT_EQ(errno, EAGAIN); 1853 exit(0); 1854 } 1855 } 1856 1857 TEST_F(tls_err, poll_partial_rec) 1858 { 1859 struct pollfd pfd = { }; 1860 ssize_t rec_len; 1861 char rec[256]; 1862 char buf[128]; 1863 1864 if (self->notls) 1865 SKIP(return, "no TLS support"); 1866 1867 pfd.fd = self->cfd2; 1868 pfd.events = POLLIN; 1869 EXPECT_EQ(poll(&pfd, 1, 1), 0); 1870 1871 memrnd(buf, sizeof(buf)); 1872 EXPECT_EQ(send(self->fd, buf, sizeof(buf), 0), sizeof(buf)); 1873 rec_len = recv(self->cfd, rec, sizeof(rec), 0); 1874 EXPECT_GT(rec_len, sizeof(buf)); 1875 1876 /* Write 100B, not the full record ... */ 1877 EXPECT_EQ(send(self->fd2, rec, 100, 0), 100); 1878 /* ... no full record should mean no POLLIN */ 1879 pfd.fd = self->cfd2; 1880 pfd.events = POLLIN; 1881 EXPECT_EQ(poll(&pfd, 1, 1), 0); 1882 /* Now write the rest, and it should all pop out of the other end. */ 1883 EXPECT_EQ(send(self->fd2, rec + 100, rec_len - 100, 0), rec_len - 100); 1884 pfd.fd = self->cfd2; 1885 pfd.events = POLLIN; 1886 EXPECT_EQ(poll(&pfd, 1, 1), 1); 1887 EXPECT_EQ(recv(self->cfd2, rec, sizeof(rec), 0), sizeof(buf)); 1888 EXPECT_EQ(memcmp(buf, rec, sizeof(buf)), 0); 1889 } 1890 1891 TEST_F(tls_err, epoll_partial_rec) 1892 { 1893 struct epoll_event ev, events[10]; 1894 ssize_t rec_len; 1895 char rec[256]; 1896 char buf[128]; 1897 int epollfd; 1898 1899 if (self->notls) 1900 SKIP(return, "no TLS support"); 1901 1902 epollfd = epoll_create1(0); 1903 ASSERT_GE(epollfd, 0); 1904 1905 memset(&ev, 0, sizeof(ev)); 1906 ev.events = EPOLLIN; 1907 ev.data.fd = self->cfd2; 1908 ASSERT_GE(epoll_ctl(epollfd, EPOLL_CTL_ADD, self->cfd2, &ev), 0); 1909 1910 EXPECT_EQ(epoll_wait(epollfd, events, 10, 0), 0); 1911 1912 memrnd(buf, sizeof(buf)); 1913 EXPECT_EQ(send(self->fd, buf, sizeof(buf), 0), sizeof(buf)); 1914 rec_len = recv(self->cfd, rec, sizeof(rec), 0); 1915 EXPECT_GT(rec_len, sizeof(buf)); 1916 1917 /* Write 100B, not the full record ... */ 1918 EXPECT_EQ(send(self->fd2, rec, 100, 0), 100); 1919 /* ... no full record should mean no POLLIN */ 1920 EXPECT_EQ(epoll_wait(epollfd, events, 10, 0), 0); 1921 /* Now write the rest, and it should all pop out of the other end. */ 1922 EXPECT_EQ(send(self->fd2, rec + 100, rec_len - 100, 0), rec_len - 100); 1923 EXPECT_EQ(epoll_wait(epollfd, events, 10, 0), 1); 1924 EXPECT_EQ(recv(self->cfd2, rec, sizeof(rec), 0), sizeof(buf)); 1925 EXPECT_EQ(memcmp(buf, rec, sizeof(buf)), 0); 1926 1927 close(epollfd); 1928 } 1929 1930 TEST_F(tls_err, poll_partial_rec_async) 1931 { 1932 struct pollfd pfd = { }; 1933 ssize_t rec_len; 1934 char rec[256]; 1935 char buf[128]; 1936 char token; 1937 int p[2]; 1938 int ret; 1939 1940 if (self->notls) 1941 SKIP(return, "no TLS support"); 1942 1943 ASSERT_GE(pipe(p), 0); 1944 1945 memrnd(buf, sizeof(buf)); 1946 EXPECT_EQ(send(self->fd, buf, sizeof(buf), 0), sizeof(buf)); 1947 rec_len = recv(self->cfd, rec, sizeof(rec), 0); 1948 EXPECT_GT(rec_len, sizeof(buf)); 1949 1950 ret = fork(); 1951 ASSERT_GE(ret, 0); 1952 1953 if (ret) { 1954 int status, pid2; 1955 1956 close(p[1]); 1957 usleep(1000); /* Give child a head start */ 1958 1959 EXPECT_EQ(send(self->fd2, rec, 100, 0), 100); 1960 1961 EXPECT_EQ(read(p[0], &token, 1), 1); /* Barrier #1 */ 1962 1963 EXPECT_EQ(send(self->fd2, rec + 100, rec_len - 100, 0), 1964 rec_len - 100); 1965 1966 pid2 = wait(&status); 1967 EXPECT_EQ(pid2, ret); 1968 EXPECT_EQ(status, 0); 1969 } else { 1970 close(p[0]); 1971 1972 /* Child should sleep in poll(), never get a wake */ 1973 pfd.fd = self->cfd2; 1974 pfd.events = POLLIN; 1975 EXPECT_EQ(poll(&pfd, 1, 20), 0); 1976 1977 EXPECT_EQ(write(p[1], &token, 1), 1); /* Barrier #1 */ 1978 1979 pfd.fd = self->cfd2; 1980 pfd.events = POLLIN; 1981 EXPECT_EQ(poll(&pfd, 1, 20), 1); 1982 1983 exit(!__test_passed(_metadata)); 1984 } 1985 } 1986 1987 TEST(non_established) { 1988 struct tls12_crypto_info_aes_gcm_256 tls12; 1989 struct sockaddr_in addr; 1990 int sfd, ret, fd; 1991 socklen_t len; 1992 1993 len = sizeof(addr); 1994 1995 memset(&tls12, 0, sizeof(tls12)); 1996 tls12.info.version = TLS_1_2_VERSION; 1997 tls12.info.cipher_type = TLS_CIPHER_AES_GCM_256; 1998 1999 addr.sin_family = AF_INET; 2000 addr.sin_addr.s_addr = htonl(INADDR_ANY); 2001 addr.sin_port = 0; 2002 2003 fd = socket(AF_INET, SOCK_STREAM, 0); 2004 sfd = socket(AF_INET, SOCK_STREAM, 0); 2005 2006 ret = bind(sfd, &addr, sizeof(addr)); 2007 ASSERT_EQ(ret, 0); 2008 ret = listen(sfd, 10); 2009 ASSERT_EQ(ret, 0); 2010 2011 ret = setsockopt(fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")); 2012 EXPECT_EQ(ret, -1); 2013 /* TLS ULP not supported */ 2014 if (errno == ENOENT) 2015 return; 2016 EXPECT_EQ(errno, ENOTCONN); 2017 2018 ret = setsockopt(sfd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")); 2019 EXPECT_EQ(ret, -1); 2020 EXPECT_EQ(errno, ENOTCONN); 2021 2022 ret = getsockname(sfd, &addr, &len); 2023 ASSERT_EQ(ret, 0); 2024 2025 ret = connect(fd, &addr, sizeof(addr)); 2026 ASSERT_EQ(ret, 0); 2027 2028 ret = setsockopt(fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")); 2029 ASSERT_EQ(ret, 0); 2030 2031 ret = setsockopt(fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")); 2032 EXPECT_EQ(ret, -1); 2033 EXPECT_EQ(errno, EEXIST); 2034 2035 close(fd); 2036 close(sfd); 2037 } 2038 2039 TEST(keysizes) { 2040 struct tls12_crypto_info_aes_gcm_256 tls12; 2041 int ret, fd, cfd; 2042 bool notls; 2043 2044 memset(&tls12, 0, sizeof(tls12)); 2045 tls12.info.version = TLS_1_2_VERSION; 2046 tls12.info.cipher_type = TLS_CIPHER_AES_GCM_256; 2047 2048 ulp_sock_pair(_metadata, &fd, &cfd, ¬ls); 2049 2050 if (!notls) { 2051 ret = setsockopt(fd, SOL_TLS, TLS_TX, &tls12, 2052 sizeof(tls12)); 2053 EXPECT_EQ(ret, 0); 2054 2055 ret = setsockopt(cfd, SOL_TLS, TLS_RX, &tls12, 2056 sizeof(tls12)); 2057 EXPECT_EQ(ret, 0); 2058 } 2059 2060 close(fd); 2061 close(cfd); 2062 } 2063 2064 TEST(no_pad) { 2065 struct tls12_crypto_info_aes_gcm_256 tls12; 2066 int ret, fd, cfd, val; 2067 socklen_t len; 2068 bool notls; 2069 2070 memset(&tls12, 0, sizeof(tls12)); 2071 tls12.info.version = TLS_1_3_VERSION; 2072 tls12.info.cipher_type = TLS_CIPHER_AES_GCM_256; 2073 2074 ulp_sock_pair(_metadata, &fd, &cfd, ¬ls); 2075 2076 if (notls) 2077 exit(KSFT_SKIP); 2078 2079 ret = setsockopt(fd, SOL_TLS, TLS_TX, &tls12, sizeof(tls12)); 2080 EXPECT_EQ(ret, 0); 2081 2082 ret = setsockopt(cfd, SOL_TLS, TLS_RX, &tls12, sizeof(tls12)); 2083 EXPECT_EQ(ret, 0); 2084 2085 val = 1; 2086 ret = setsockopt(cfd, SOL_TLS, TLS_RX_EXPECT_NO_PAD, 2087 (void *)&val, sizeof(val)); 2088 EXPECT_EQ(ret, 0); 2089 2090 len = sizeof(val); 2091 val = 2; 2092 ret = getsockopt(cfd, SOL_TLS, TLS_RX_EXPECT_NO_PAD, 2093 (void *)&val, &len); 2094 EXPECT_EQ(ret, 0); 2095 EXPECT_EQ(val, 1); 2096 EXPECT_EQ(len, 4); 2097 2098 val = 0; 2099 ret = setsockopt(cfd, SOL_TLS, TLS_RX_EXPECT_NO_PAD, 2100 (void *)&val, sizeof(val)); 2101 EXPECT_EQ(ret, 0); 2102 2103 len = sizeof(val); 2104 val = 2; 2105 ret = getsockopt(cfd, SOL_TLS, TLS_RX_EXPECT_NO_PAD, 2106 (void *)&val, &len); 2107 EXPECT_EQ(ret, 0); 2108 EXPECT_EQ(val, 0); 2109 EXPECT_EQ(len, 4); 2110 2111 close(fd); 2112 close(cfd); 2113 } 2114 2115 TEST(tls_v6ops) { 2116 struct tls_crypto_info_keys tls12; 2117 struct sockaddr_in6 addr, addr2; 2118 int sfd, ret, fd; 2119 socklen_t len, len2; 2120 2121 tls_crypto_info_init(TLS_1_2_VERSION, TLS_CIPHER_AES_GCM_128, &tls12); 2122 2123 addr.sin6_family = AF_INET6; 2124 addr.sin6_addr = in6addr_any; 2125 addr.sin6_port = 0; 2126 2127 fd = socket(AF_INET6, SOCK_STREAM, 0); 2128 sfd = socket(AF_INET6, SOCK_STREAM, 0); 2129 2130 ret = bind(sfd, &addr, sizeof(addr)); 2131 ASSERT_EQ(ret, 0); 2132 ret = listen(sfd, 10); 2133 ASSERT_EQ(ret, 0); 2134 2135 len = sizeof(addr); 2136 ret = getsockname(sfd, &addr, &len); 2137 ASSERT_EQ(ret, 0); 2138 2139 ret = connect(fd, &addr, sizeof(addr)); 2140 ASSERT_EQ(ret, 0); 2141 2142 len = sizeof(addr); 2143 ret = getsockname(fd, &addr, &len); 2144 ASSERT_EQ(ret, 0); 2145 2146 ret = setsockopt(fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")); 2147 if (ret) { 2148 ASSERT_EQ(errno, ENOENT); 2149 SKIP(return, "no TLS support"); 2150 } 2151 ASSERT_EQ(ret, 0); 2152 2153 ret = setsockopt(fd, SOL_TLS, TLS_TX, &tls12, tls12.len); 2154 ASSERT_EQ(ret, 0); 2155 2156 ret = setsockopt(fd, SOL_TLS, TLS_RX, &tls12, tls12.len); 2157 ASSERT_EQ(ret, 0); 2158 2159 len2 = sizeof(addr2); 2160 ret = getsockname(fd, &addr2, &len2); 2161 ASSERT_EQ(ret, 0); 2162 2163 EXPECT_EQ(len2, len); 2164 EXPECT_EQ(memcmp(&addr, &addr2, len), 0); 2165 2166 close(fd); 2167 close(sfd); 2168 } 2169 2170 TEST(prequeue) { 2171 struct tls_crypto_info_keys tls12; 2172 char buf[20000], buf2[20000]; 2173 struct sockaddr_in addr; 2174 int sfd, cfd, ret, fd; 2175 socklen_t len; 2176 2177 len = sizeof(addr); 2178 memrnd(buf, sizeof(buf)); 2179 2180 tls_crypto_info_init(TLS_1_2_VERSION, TLS_CIPHER_AES_GCM_256, &tls12); 2181 2182 addr.sin_family = AF_INET; 2183 addr.sin_addr.s_addr = htonl(INADDR_ANY); 2184 addr.sin_port = 0; 2185 2186 fd = socket(AF_INET, SOCK_STREAM, 0); 2187 sfd = socket(AF_INET, SOCK_STREAM, 0); 2188 2189 ASSERT_EQ(bind(sfd, &addr, sizeof(addr)), 0); 2190 ASSERT_EQ(listen(sfd, 10), 0); 2191 ASSERT_EQ(getsockname(sfd, &addr, &len), 0); 2192 ASSERT_EQ(connect(fd, &addr, sizeof(addr)), 0); 2193 ASSERT_GE(cfd = accept(sfd, &addr, &len), 0); 2194 close(sfd); 2195 2196 ret = setsockopt(fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")); 2197 if (ret) { 2198 ASSERT_EQ(errno, ENOENT); 2199 SKIP(return, "no TLS support"); 2200 } 2201 2202 ASSERT_EQ(setsockopt(fd, SOL_TLS, TLS_TX, &tls12, tls12.len), 0); 2203 EXPECT_EQ(send(fd, buf, sizeof(buf), MSG_DONTWAIT), sizeof(buf)); 2204 2205 ASSERT_EQ(setsockopt(cfd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")), 0); 2206 ASSERT_EQ(setsockopt(cfd, SOL_TLS, TLS_RX, &tls12, tls12.len), 0); 2207 EXPECT_EQ(recv(cfd, buf2, sizeof(buf2), MSG_WAITALL), sizeof(buf2)); 2208 2209 EXPECT_EQ(memcmp(buf, buf2, sizeof(buf)), 0); 2210 2211 close(fd); 2212 close(cfd); 2213 } 2214 2215 static void __attribute__((constructor)) fips_check(void) { 2216 int res; 2217 FILE *f; 2218 2219 f = fopen("/proc/sys/crypto/fips_enabled", "r"); 2220 if (f) { 2221 res = fscanf(f, "%d", &fips_enabled); 2222 if (res != 1) 2223 ksft_print_msg("ERROR: Couldn't read /proc/sys/crypto/fips_enabled\n"); 2224 fclose(f); 2225 } 2226 } 2227 2228 TEST_HARNESS_MAIN 2229