1 // SPDX-License-Identifier: GPL-2.0 2 3 #define _GNU_SOURCE 4 5 #include <arpa/inet.h> 6 #include <errno.h> 7 #include <error.h> 8 #include <fcntl.h> 9 #include <poll.h> 10 #include <stdio.h> 11 #include <stdlib.h> 12 #include <unistd.h> 13 14 #include <linux/tls.h> 15 #include <linux/tcp.h> 16 #include <linux/socket.h> 17 18 #include <sys/types.h> 19 #include <sys/sendfile.h> 20 #include <sys/socket.h> 21 #include <sys/stat.h> 22 23 #include "../kselftest_harness.h" 24 25 #define TLS_PAYLOAD_MAX_LEN 16384 26 #define SOL_TLS 282 27 28 static int fips_enabled; 29 30 struct tls_crypto_info_keys { 31 union { 32 struct tls12_crypto_info_aes_gcm_128 aes128; 33 struct tls12_crypto_info_chacha20_poly1305 chacha20; 34 struct tls12_crypto_info_sm4_gcm sm4gcm; 35 struct tls12_crypto_info_sm4_ccm sm4ccm; 36 struct tls12_crypto_info_aes_ccm_128 aesccm128; 37 struct tls12_crypto_info_aes_gcm_256 aesgcm256; 38 }; 39 size_t len; 40 }; 41 42 static void tls_crypto_info_init(uint16_t tls_version, uint16_t cipher_type, 43 struct tls_crypto_info_keys *tls12) 44 { 45 memset(tls12, 0, sizeof(*tls12)); 46 47 switch (cipher_type) { 48 case TLS_CIPHER_CHACHA20_POLY1305: 49 tls12->len = sizeof(struct tls12_crypto_info_chacha20_poly1305); 50 tls12->chacha20.info.version = tls_version; 51 tls12->chacha20.info.cipher_type = cipher_type; 52 break; 53 case TLS_CIPHER_AES_GCM_128: 54 tls12->len = sizeof(struct tls12_crypto_info_aes_gcm_128); 55 tls12->aes128.info.version = tls_version; 56 tls12->aes128.info.cipher_type = cipher_type; 57 break; 58 case TLS_CIPHER_SM4_GCM: 59 tls12->len = sizeof(struct tls12_crypto_info_sm4_gcm); 60 tls12->sm4gcm.info.version = tls_version; 61 tls12->sm4gcm.info.cipher_type = cipher_type; 62 break; 63 case TLS_CIPHER_SM4_CCM: 64 tls12->len = sizeof(struct tls12_crypto_info_sm4_ccm); 65 tls12->sm4ccm.info.version = tls_version; 66 tls12->sm4ccm.info.cipher_type = cipher_type; 67 break; 68 case TLS_CIPHER_AES_CCM_128: 69 tls12->len = sizeof(struct tls12_crypto_info_aes_ccm_128); 70 tls12->aesccm128.info.version = tls_version; 71 tls12->aesccm128.info.cipher_type = cipher_type; 72 break; 73 case TLS_CIPHER_AES_GCM_256: 74 tls12->len = sizeof(struct tls12_crypto_info_aes_gcm_256); 75 tls12->aesgcm256.info.version = tls_version; 76 tls12->aesgcm256.info.cipher_type = cipher_type; 77 break; 78 default: 79 break; 80 } 81 } 82 83 static void memrnd(void *s, size_t n) 84 { 85 int *dword = s; 86 char *byte; 87 88 for (; n >= 4; n -= 4) 89 *dword++ = rand(); 90 byte = (void *)dword; 91 while (n--) 92 *byte++ = rand(); 93 } 94 95 static void ulp_sock_pair(struct __test_metadata *_metadata, 96 int *fd, int *cfd, bool *notls) 97 { 98 struct sockaddr_in addr; 99 socklen_t len; 100 int sfd, ret; 101 102 *notls = false; 103 len = sizeof(addr); 104 105 addr.sin_family = AF_INET; 106 addr.sin_addr.s_addr = htonl(INADDR_ANY); 107 addr.sin_port = 0; 108 109 *fd = socket(AF_INET, SOCK_STREAM, 0); 110 sfd = socket(AF_INET, SOCK_STREAM, 0); 111 112 ret = bind(sfd, &addr, sizeof(addr)); 113 ASSERT_EQ(ret, 0); 114 ret = listen(sfd, 10); 115 ASSERT_EQ(ret, 0); 116 117 ret = getsockname(sfd, &addr, &len); 118 ASSERT_EQ(ret, 0); 119 120 ret = connect(*fd, &addr, sizeof(addr)); 121 ASSERT_EQ(ret, 0); 122 123 *cfd = accept(sfd, &addr, &len); 124 ASSERT_GE(*cfd, 0); 125 126 close(sfd); 127 128 ret = setsockopt(*fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")); 129 if (ret != 0) { 130 ASSERT_EQ(errno, ENOENT); 131 *notls = true; 132 printf("Failure setting TCP_ULP, testing without tls\n"); 133 return; 134 } 135 136 ret = setsockopt(*cfd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")); 137 ASSERT_EQ(ret, 0); 138 } 139 140 /* Produce a basic cmsg */ 141 static int tls_send_cmsg(int fd, unsigned char record_type, 142 void *data, size_t len, int flags) 143 { 144 char cbuf[CMSG_SPACE(sizeof(char))]; 145 int cmsg_len = sizeof(char); 146 struct cmsghdr *cmsg; 147 struct msghdr msg; 148 struct iovec vec; 149 150 vec.iov_base = data; 151 vec.iov_len = len; 152 memset(&msg, 0, sizeof(struct msghdr)); 153 msg.msg_iov = &vec; 154 msg.msg_iovlen = 1; 155 msg.msg_control = cbuf; 156 msg.msg_controllen = sizeof(cbuf); 157 cmsg = CMSG_FIRSTHDR(&msg); 158 cmsg->cmsg_level = SOL_TLS; 159 /* test sending non-record types. */ 160 cmsg->cmsg_type = TLS_SET_RECORD_TYPE; 161 cmsg->cmsg_len = CMSG_LEN(cmsg_len); 162 *CMSG_DATA(cmsg) = record_type; 163 msg.msg_controllen = cmsg->cmsg_len; 164 165 return sendmsg(fd, &msg, flags); 166 } 167 168 static int tls_recv_cmsg(struct __test_metadata *_metadata, 169 int fd, unsigned char record_type, 170 void *data, size_t len, int flags) 171 { 172 char cbuf[CMSG_SPACE(sizeof(char))]; 173 struct cmsghdr *cmsg; 174 unsigned char ctype; 175 struct msghdr msg; 176 struct iovec vec; 177 int n; 178 179 vec.iov_base = data; 180 vec.iov_len = len; 181 memset(&msg, 0, sizeof(struct msghdr)); 182 msg.msg_iov = &vec; 183 msg.msg_iovlen = 1; 184 msg.msg_control = cbuf; 185 msg.msg_controllen = sizeof(cbuf); 186 187 n = recvmsg(fd, &msg, flags); 188 189 cmsg = CMSG_FIRSTHDR(&msg); 190 EXPECT_NE(cmsg, NULL); 191 EXPECT_EQ(cmsg->cmsg_level, SOL_TLS); 192 EXPECT_EQ(cmsg->cmsg_type, TLS_GET_RECORD_TYPE); 193 ctype = *((unsigned char *)CMSG_DATA(cmsg)); 194 EXPECT_EQ(ctype, record_type); 195 196 return n; 197 } 198 199 FIXTURE(tls_basic) 200 { 201 int fd, cfd; 202 bool notls; 203 }; 204 205 FIXTURE_SETUP(tls_basic) 206 { 207 ulp_sock_pair(_metadata, &self->fd, &self->cfd, &self->notls); 208 } 209 210 FIXTURE_TEARDOWN(tls_basic) 211 { 212 close(self->fd); 213 close(self->cfd); 214 } 215 216 /* Send some data through with ULP but no keys */ 217 TEST_F(tls_basic, base_base) 218 { 219 char const *test_str = "test_read"; 220 int send_len = 10; 221 char buf[10]; 222 223 ASSERT_EQ(strlen(test_str) + 1, send_len); 224 225 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 226 EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1); 227 EXPECT_EQ(memcmp(buf, test_str, send_len), 0); 228 }; 229 230 FIXTURE(tls) 231 { 232 int fd, cfd; 233 bool notls; 234 }; 235 236 FIXTURE_VARIANT(tls) 237 { 238 uint16_t tls_version; 239 uint16_t cipher_type; 240 bool nopad, fips_non_compliant; 241 }; 242 243 FIXTURE_VARIANT_ADD(tls, 12_aes_gcm) 244 { 245 .tls_version = TLS_1_2_VERSION, 246 .cipher_type = TLS_CIPHER_AES_GCM_128, 247 }; 248 249 FIXTURE_VARIANT_ADD(tls, 13_aes_gcm) 250 { 251 .tls_version = TLS_1_3_VERSION, 252 .cipher_type = TLS_CIPHER_AES_GCM_128, 253 }; 254 255 FIXTURE_VARIANT_ADD(tls, 12_chacha) 256 { 257 .tls_version = TLS_1_2_VERSION, 258 .cipher_type = TLS_CIPHER_CHACHA20_POLY1305, 259 .fips_non_compliant = true, 260 }; 261 262 FIXTURE_VARIANT_ADD(tls, 13_chacha) 263 { 264 .tls_version = TLS_1_3_VERSION, 265 .cipher_type = TLS_CIPHER_CHACHA20_POLY1305, 266 .fips_non_compliant = true, 267 }; 268 269 FIXTURE_VARIANT_ADD(tls, 13_sm4_gcm) 270 { 271 .tls_version = TLS_1_3_VERSION, 272 .cipher_type = TLS_CIPHER_SM4_GCM, 273 .fips_non_compliant = true, 274 }; 275 276 FIXTURE_VARIANT_ADD(tls, 13_sm4_ccm) 277 { 278 .tls_version = TLS_1_3_VERSION, 279 .cipher_type = TLS_CIPHER_SM4_CCM, 280 .fips_non_compliant = true, 281 }; 282 283 FIXTURE_VARIANT_ADD(tls, 12_aes_ccm) 284 { 285 .tls_version = TLS_1_2_VERSION, 286 .cipher_type = TLS_CIPHER_AES_CCM_128, 287 }; 288 289 FIXTURE_VARIANT_ADD(tls, 13_aes_ccm) 290 { 291 .tls_version = TLS_1_3_VERSION, 292 .cipher_type = TLS_CIPHER_AES_CCM_128, 293 }; 294 295 FIXTURE_VARIANT_ADD(tls, 12_aes_gcm_256) 296 { 297 .tls_version = TLS_1_2_VERSION, 298 .cipher_type = TLS_CIPHER_AES_GCM_256, 299 }; 300 301 FIXTURE_VARIANT_ADD(tls, 13_aes_gcm_256) 302 { 303 .tls_version = TLS_1_3_VERSION, 304 .cipher_type = TLS_CIPHER_AES_GCM_256, 305 }; 306 307 FIXTURE_VARIANT_ADD(tls, 13_nopad) 308 { 309 .tls_version = TLS_1_3_VERSION, 310 .cipher_type = TLS_CIPHER_AES_GCM_128, 311 .nopad = true, 312 }; 313 314 FIXTURE_SETUP(tls) 315 { 316 struct tls_crypto_info_keys tls12; 317 int one = 1; 318 int ret; 319 320 if (fips_enabled && variant->fips_non_compliant) 321 SKIP(return, "Unsupported cipher in FIPS mode"); 322 323 tls_crypto_info_init(variant->tls_version, variant->cipher_type, 324 &tls12); 325 326 ulp_sock_pair(_metadata, &self->fd, &self->cfd, &self->notls); 327 328 if (self->notls) 329 return; 330 331 ret = setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, tls12.len); 332 ASSERT_EQ(ret, 0); 333 334 ret = setsockopt(self->cfd, SOL_TLS, TLS_RX, &tls12, tls12.len); 335 ASSERT_EQ(ret, 0); 336 337 if (variant->nopad) { 338 ret = setsockopt(self->cfd, SOL_TLS, TLS_RX_EXPECT_NO_PAD, 339 (void *)&one, sizeof(one)); 340 ASSERT_EQ(ret, 0); 341 } 342 } 343 344 FIXTURE_TEARDOWN(tls) 345 { 346 close(self->fd); 347 close(self->cfd); 348 } 349 350 TEST_F(tls, sendfile) 351 { 352 int filefd = open("/proc/self/exe", O_RDONLY); 353 struct stat st; 354 355 EXPECT_GE(filefd, 0); 356 fstat(filefd, &st); 357 EXPECT_GE(sendfile(self->fd, filefd, 0, st.st_size), 0); 358 } 359 360 TEST_F(tls, send_then_sendfile) 361 { 362 int filefd = open("/proc/self/exe", O_RDONLY); 363 char const *test_str = "test_send"; 364 int to_send = strlen(test_str) + 1; 365 char recv_buf[10]; 366 struct stat st; 367 char *buf; 368 369 EXPECT_GE(filefd, 0); 370 fstat(filefd, &st); 371 buf = (char *)malloc(st.st_size); 372 373 EXPECT_EQ(send(self->fd, test_str, to_send, 0), to_send); 374 EXPECT_EQ(recv(self->cfd, recv_buf, to_send, MSG_WAITALL), to_send); 375 EXPECT_EQ(memcmp(test_str, recv_buf, to_send), 0); 376 377 EXPECT_GE(sendfile(self->fd, filefd, 0, st.st_size), 0); 378 EXPECT_EQ(recv(self->cfd, buf, st.st_size, MSG_WAITALL), st.st_size); 379 } 380 381 static void chunked_sendfile(struct __test_metadata *_metadata, 382 struct _test_data_tls *self, 383 uint16_t chunk_size, 384 uint16_t extra_payload_size) 385 { 386 char buf[TLS_PAYLOAD_MAX_LEN]; 387 uint16_t test_payload_size; 388 int size = 0; 389 int ret; 390 char filename[] = "/tmp/mytemp.XXXXXX"; 391 int fd = mkstemp(filename); 392 off_t offset = 0; 393 394 unlink(filename); 395 ASSERT_GE(fd, 0); 396 EXPECT_GE(chunk_size, 1); 397 test_payload_size = chunk_size + extra_payload_size; 398 ASSERT_GE(TLS_PAYLOAD_MAX_LEN, test_payload_size); 399 memset(buf, 1, test_payload_size); 400 size = write(fd, buf, test_payload_size); 401 EXPECT_EQ(size, test_payload_size); 402 fsync(fd); 403 404 while (size > 0) { 405 ret = sendfile(self->fd, fd, &offset, chunk_size); 406 EXPECT_GE(ret, 0); 407 size -= ret; 408 } 409 410 EXPECT_EQ(recv(self->cfd, buf, test_payload_size, MSG_WAITALL), 411 test_payload_size); 412 413 close(fd); 414 } 415 416 TEST_F(tls, multi_chunk_sendfile) 417 { 418 chunked_sendfile(_metadata, self, 4096, 4096); 419 chunked_sendfile(_metadata, self, 4096, 0); 420 chunked_sendfile(_metadata, self, 4096, 1); 421 chunked_sendfile(_metadata, self, 4096, 2048); 422 chunked_sendfile(_metadata, self, 8192, 2048); 423 chunked_sendfile(_metadata, self, 4096, 8192); 424 chunked_sendfile(_metadata, self, 8192, 4096); 425 chunked_sendfile(_metadata, self, 12288, 1024); 426 chunked_sendfile(_metadata, self, 12288, 2000); 427 chunked_sendfile(_metadata, self, 15360, 100); 428 chunked_sendfile(_metadata, self, 15360, 300); 429 chunked_sendfile(_metadata, self, 1, 4096); 430 chunked_sendfile(_metadata, self, 2048, 4096); 431 chunked_sendfile(_metadata, self, 2048, 8192); 432 chunked_sendfile(_metadata, self, 4096, 8192); 433 chunked_sendfile(_metadata, self, 1024, 12288); 434 chunked_sendfile(_metadata, self, 2000, 12288); 435 chunked_sendfile(_metadata, self, 100, 15360); 436 chunked_sendfile(_metadata, self, 300, 15360); 437 } 438 439 TEST_F(tls, recv_max) 440 { 441 unsigned int send_len = TLS_PAYLOAD_MAX_LEN; 442 char recv_mem[TLS_PAYLOAD_MAX_LEN]; 443 char buf[TLS_PAYLOAD_MAX_LEN]; 444 445 memrnd(buf, sizeof(buf)); 446 447 EXPECT_GE(send(self->fd, buf, send_len, 0), 0); 448 EXPECT_NE(recv(self->cfd, recv_mem, send_len, 0), -1); 449 EXPECT_EQ(memcmp(buf, recv_mem, send_len), 0); 450 } 451 452 TEST_F(tls, recv_small) 453 { 454 char const *test_str = "test_read"; 455 int send_len = 10; 456 char buf[10]; 457 458 send_len = strlen(test_str) + 1; 459 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 460 EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1); 461 EXPECT_EQ(memcmp(buf, test_str, send_len), 0); 462 } 463 464 TEST_F(tls, msg_more) 465 { 466 char const *test_str = "test_read"; 467 int send_len = 10; 468 char buf[10 * 2]; 469 470 EXPECT_EQ(send(self->fd, test_str, send_len, MSG_MORE), send_len); 471 EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_DONTWAIT), -1); 472 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 473 EXPECT_EQ(recv(self->cfd, buf, send_len * 2, MSG_WAITALL), 474 send_len * 2); 475 EXPECT_EQ(memcmp(buf, test_str, send_len), 0); 476 } 477 478 TEST_F(tls, msg_more_unsent) 479 { 480 char const *test_str = "test_read"; 481 int send_len = 10; 482 char buf[10]; 483 484 EXPECT_EQ(send(self->fd, test_str, send_len, MSG_MORE), send_len); 485 EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_DONTWAIT), -1); 486 } 487 488 TEST_F(tls, sendmsg_single) 489 { 490 struct msghdr msg; 491 492 char const *test_str = "test_sendmsg"; 493 size_t send_len = 13; 494 struct iovec vec; 495 char buf[13]; 496 497 vec.iov_base = (char *)test_str; 498 vec.iov_len = send_len; 499 memset(&msg, 0, sizeof(struct msghdr)); 500 msg.msg_iov = &vec; 501 msg.msg_iovlen = 1; 502 EXPECT_EQ(sendmsg(self->fd, &msg, 0), send_len); 503 EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_WAITALL), send_len); 504 EXPECT_EQ(memcmp(buf, test_str, send_len), 0); 505 } 506 507 #define MAX_FRAGS 64 508 #define SEND_LEN 13 509 TEST_F(tls, sendmsg_fragmented) 510 { 511 char const *test_str = "test_sendmsg"; 512 char buf[SEND_LEN * MAX_FRAGS]; 513 struct iovec vec[MAX_FRAGS]; 514 struct msghdr msg; 515 int i, frags; 516 517 for (frags = 1; frags <= MAX_FRAGS; frags++) { 518 for (i = 0; i < frags; i++) { 519 vec[i].iov_base = (char *)test_str; 520 vec[i].iov_len = SEND_LEN; 521 } 522 523 memset(&msg, 0, sizeof(struct msghdr)); 524 msg.msg_iov = vec; 525 msg.msg_iovlen = frags; 526 527 EXPECT_EQ(sendmsg(self->fd, &msg, 0), SEND_LEN * frags); 528 EXPECT_EQ(recv(self->cfd, buf, SEND_LEN * frags, MSG_WAITALL), 529 SEND_LEN * frags); 530 531 for (i = 0; i < frags; i++) 532 EXPECT_EQ(memcmp(buf + SEND_LEN * i, 533 test_str, SEND_LEN), 0); 534 } 535 } 536 #undef MAX_FRAGS 537 #undef SEND_LEN 538 539 TEST_F(tls, sendmsg_large) 540 { 541 void *mem = malloc(16384); 542 size_t send_len = 16384; 543 size_t sends = 128; 544 struct msghdr msg; 545 size_t recvs = 0; 546 size_t sent = 0; 547 548 memset(&msg, 0, sizeof(struct msghdr)); 549 while (sent++ < sends) { 550 struct iovec vec = { (void *)mem, send_len }; 551 552 msg.msg_iov = &vec; 553 msg.msg_iovlen = 1; 554 EXPECT_EQ(sendmsg(self->cfd, &msg, 0), send_len); 555 } 556 557 while (recvs++ < sends) { 558 EXPECT_NE(recv(self->fd, mem, send_len, 0), -1); 559 } 560 561 free(mem); 562 } 563 564 TEST_F(tls, sendmsg_multiple) 565 { 566 char const *test_str = "test_sendmsg_multiple"; 567 struct iovec vec[5]; 568 char *test_strs[5]; 569 struct msghdr msg; 570 int total_len = 0; 571 int len_cmp = 0; 572 int iov_len = 5; 573 char *buf; 574 int i; 575 576 memset(&msg, 0, sizeof(struct msghdr)); 577 for (i = 0; i < iov_len; i++) { 578 test_strs[i] = (char *)malloc(strlen(test_str) + 1); 579 snprintf(test_strs[i], strlen(test_str) + 1, "%s", test_str); 580 vec[i].iov_base = (void *)test_strs[i]; 581 vec[i].iov_len = strlen(test_strs[i]) + 1; 582 total_len += vec[i].iov_len; 583 } 584 msg.msg_iov = vec; 585 msg.msg_iovlen = iov_len; 586 587 EXPECT_EQ(sendmsg(self->cfd, &msg, 0), total_len); 588 buf = malloc(total_len); 589 EXPECT_NE(recv(self->fd, buf, total_len, 0), -1); 590 for (i = 0; i < iov_len; i++) { 591 EXPECT_EQ(memcmp(test_strs[i], buf + len_cmp, 592 strlen(test_strs[i])), 593 0); 594 len_cmp += strlen(buf + len_cmp) + 1; 595 } 596 for (i = 0; i < iov_len; i++) 597 free(test_strs[i]); 598 free(buf); 599 } 600 601 TEST_F(tls, sendmsg_multiple_stress) 602 { 603 char const *test_str = "abcdefghijklmno"; 604 struct iovec vec[1024]; 605 char *test_strs[1024]; 606 int iov_len = 1024; 607 int total_len = 0; 608 char buf[1 << 14]; 609 struct msghdr msg; 610 int len_cmp = 0; 611 int i; 612 613 memset(&msg, 0, sizeof(struct msghdr)); 614 for (i = 0; i < iov_len; i++) { 615 test_strs[i] = (char *)malloc(strlen(test_str) + 1); 616 snprintf(test_strs[i], strlen(test_str) + 1, "%s", test_str); 617 vec[i].iov_base = (void *)test_strs[i]; 618 vec[i].iov_len = strlen(test_strs[i]) + 1; 619 total_len += vec[i].iov_len; 620 } 621 msg.msg_iov = vec; 622 msg.msg_iovlen = iov_len; 623 624 EXPECT_EQ(sendmsg(self->fd, &msg, 0), total_len); 625 EXPECT_NE(recv(self->cfd, buf, total_len, 0), -1); 626 627 for (i = 0; i < iov_len; i++) 628 len_cmp += strlen(buf + len_cmp) + 1; 629 630 for (i = 0; i < iov_len; i++) 631 free(test_strs[i]); 632 } 633 634 TEST_F(tls, splice_from_pipe) 635 { 636 int send_len = TLS_PAYLOAD_MAX_LEN; 637 char mem_send[TLS_PAYLOAD_MAX_LEN]; 638 char mem_recv[TLS_PAYLOAD_MAX_LEN]; 639 int p[2]; 640 641 ASSERT_GE(pipe(p), 0); 642 EXPECT_GE(write(p[1], mem_send, send_len), 0); 643 EXPECT_GE(splice(p[0], NULL, self->fd, NULL, send_len, 0), 0); 644 EXPECT_EQ(recv(self->cfd, mem_recv, send_len, MSG_WAITALL), send_len); 645 EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0); 646 } 647 648 TEST_F(tls, splice_from_pipe2) 649 { 650 int send_len = 16000; 651 char mem_send[16000]; 652 char mem_recv[16000]; 653 int p2[2]; 654 int p[2]; 655 656 memrnd(mem_send, sizeof(mem_send)); 657 658 ASSERT_GE(pipe(p), 0); 659 ASSERT_GE(pipe(p2), 0); 660 EXPECT_EQ(write(p[1], mem_send, 8000), 8000); 661 EXPECT_EQ(splice(p[0], NULL, self->fd, NULL, 8000, 0), 8000); 662 EXPECT_EQ(write(p2[1], mem_send + 8000, 8000), 8000); 663 EXPECT_EQ(splice(p2[0], NULL, self->fd, NULL, 8000, 0), 8000); 664 EXPECT_EQ(recv(self->cfd, mem_recv, send_len, MSG_WAITALL), send_len); 665 EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0); 666 } 667 668 TEST_F(tls, send_and_splice) 669 { 670 int send_len = TLS_PAYLOAD_MAX_LEN; 671 char mem_send[TLS_PAYLOAD_MAX_LEN]; 672 char mem_recv[TLS_PAYLOAD_MAX_LEN]; 673 char const *test_str = "test_read"; 674 int send_len2 = 10; 675 char buf[10]; 676 int p[2]; 677 678 ASSERT_GE(pipe(p), 0); 679 EXPECT_EQ(send(self->fd, test_str, send_len2, 0), send_len2); 680 EXPECT_EQ(recv(self->cfd, buf, send_len2, MSG_WAITALL), send_len2); 681 EXPECT_EQ(memcmp(test_str, buf, send_len2), 0); 682 683 EXPECT_GE(write(p[1], mem_send, send_len), send_len); 684 EXPECT_GE(splice(p[0], NULL, self->fd, NULL, send_len, 0), send_len); 685 686 EXPECT_EQ(recv(self->cfd, mem_recv, send_len, MSG_WAITALL), send_len); 687 EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0); 688 } 689 690 TEST_F(tls, splice_to_pipe) 691 { 692 int send_len = TLS_PAYLOAD_MAX_LEN; 693 char mem_send[TLS_PAYLOAD_MAX_LEN]; 694 char mem_recv[TLS_PAYLOAD_MAX_LEN]; 695 int p[2]; 696 697 memrnd(mem_send, sizeof(mem_send)); 698 699 ASSERT_GE(pipe(p), 0); 700 EXPECT_EQ(send(self->fd, mem_send, send_len, 0), send_len); 701 EXPECT_EQ(splice(self->cfd, NULL, p[1], NULL, send_len, 0), send_len); 702 EXPECT_EQ(read(p[0], mem_recv, send_len), send_len); 703 EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0); 704 } 705 706 TEST_F(tls, splice_cmsg_to_pipe) 707 { 708 char *test_str = "test_read"; 709 char record_type = 100; 710 int send_len = 10; 711 char buf[10]; 712 int p[2]; 713 714 if (self->notls) 715 SKIP(return, "no TLS support"); 716 717 ASSERT_GE(pipe(p), 0); 718 EXPECT_EQ(tls_send_cmsg(self->fd, 100, test_str, send_len, 0), 10); 719 EXPECT_EQ(splice(self->cfd, NULL, p[1], NULL, send_len, 0), -1); 720 EXPECT_EQ(errno, EINVAL); 721 EXPECT_EQ(recv(self->cfd, buf, send_len, 0), -1); 722 EXPECT_EQ(errno, EIO); 723 EXPECT_EQ(tls_recv_cmsg(_metadata, self->cfd, record_type, 724 buf, sizeof(buf), MSG_WAITALL), 725 send_len); 726 EXPECT_EQ(memcmp(test_str, buf, send_len), 0); 727 } 728 729 TEST_F(tls, splice_dec_cmsg_to_pipe) 730 { 731 char *test_str = "test_read"; 732 char record_type = 100; 733 int send_len = 10; 734 char buf[10]; 735 int p[2]; 736 737 if (self->notls) 738 SKIP(return, "no TLS support"); 739 740 ASSERT_GE(pipe(p), 0); 741 EXPECT_EQ(tls_send_cmsg(self->fd, 100, test_str, send_len, 0), 10); 742 EXPECT_EQ(recv(self->cfd, buf, send_len, 0), -1); 743 EXPECT_EQ(errno, EIO); 744 EXPECT_EQ(splice(self->cfd, NULL, p[1], NULL, send_len, 0), -1); 745 EXPECT_EQ(errno, EINVAL); 746 EXPECT_EQ(tls_recv_cmsg(_metadata, self->cfd, record_type, 747 buf, sizeof(buf), MSG_WAITALL), 748 send_len); 749 EXPECT_EQ(memcmp(test_str, buf, send_len), 0); 750 } 751 752 TEST_F(tls, recv_and_splice) 753 { 754 int send_len = TLS_PAYLOAD_MAX_LEN; 755 char mem_send[TLS_PAYLOAD_MAX_LEN]; 756 char mem_recv[TLS_PAYLOAD_MAX_LEN]; 757 int half = send_len / 2; 758 int p[2]; 759 760 ASSERT_GE(pipe(p), 0); 761 EXPECT_EQ(send(self->fd, mem_send, send_len, 0), send_len); 762 /* Recv hald of the record, splice the other half */ 763 EXPECT_EQ(recv(self->cfd, mem_recv, half, MSG_WAITALL), half); 764 EXPECT_EQ(splice(self->cfd, NULL, p[1], NULL, half, SPLICE_F_NONBLOCK), 765 half); 766 EXPECT_EQ(read(p[0], &mem_recv[half], half), half); 767 EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0); 768 } 769 770 TEST_F(tls, peek_and_splice) 771 { 772 int send_len = TLS_PAYLOAD_MAX_LEN; 773 char mem_send[TLS_PAYLOAD_MAX_LEN]; 774 char mem_recv[TLS_PAYLOAD_MAX_LEN]; 775 int chunk = TLS_PAYLOAD_MAX_LEN / 4; 776 int n, i, p[2]; 777 778 memrnd(mem_send, sizeof(mem_send)); 779 780 ASSERT_GE(pipe(p), 0); 781 for (i = 0; i < 4; i++) 782 EXPECT_EQ(send(self->fd, &mem_send[chunk * i], chunk, 0), 783 chunk); 784 785 EXPECT_EQ(recv(self->cfd, mem_recv, chunk * 5 / 2, 786 MSG_WAITALL | MSG_PEEK), 787 chunk * 5 / 2); 788 EXPECT_EQ(memcmp(mem_send, mem_recv, chunk * 5 / 2), 0); 789 790 n = 0; 791 while (n < send_len) { 792 i = splice(self->cfd, NULL, p[1], NULL, send_len - n, 0); 793 EXPECT_GT(i, 0); 794 n += i; 795 } 796 EXPECT_EQ(n, send_len); 797 EXPECT_EQ(read(p[0], mem_recv, send_len), send_len); 798 EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0); 799 } 800 801 TEST_F(tls, recvmsg_single) 802 { 803 char const *test_str = "test_recvmsg_single"; 804 int send_len = strlen(test_str) + 1; 805 char buf[20]; 806 struct msghdr hdr; 807 struct iovec vec; 808 809 memset(&hdr, 0, sizeof(hdr)); 810 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 811 vec.iov_base = (char *)buf; 812 vec.iov_len = send_len; 813 hdr.msg_iovlen = 1; 814 hdr.msg_iov = &vec; 815 EXPECT_NE(recvmsg(self->cfd, &hdr, 0), -1); 816 EXPECT_EQ(memcmp(test_str, buf, send_len), 0); 817 } 818 819 TEST_F(tls, recvmsg_single_max) 820 { 821 int send_len = TLS_PAYLOAD_MAX_LEN; 822 char send_mem[TLS_PAYLOAD_MAX_LEN]; 823 char recv_mem[TLS_PAYLOAD_MAX_LEN]; 824 struct iovec vec; 825 struct msghdr hdr; 826 827 memrnd(send_mem, sizeof(send_mem)); 828 829 EXPECT_EQ(send(self->fd, send_mem, send_len, 0), send_len); 830 vec.iov_base = (char *)recv_mem; 831 vec.iov_len = TLS_PAYLOAD_MAX_LEN; 832 833 hdr.msg_iovlen = 1; 834 hdr.msg_iov = &vec; 835 EXPECT_NE(recvmsg(self->cfd, &hdr, 0), -1); 836 EXPECT_EQ(memcmp(send_mem, recv_mem, send_len), 0); 837 } 838 839 TEST_F(tls, recvmsg_multiple) 840 { 841 unsigned int msg_iovlen = 1024; 842 struct iovec vec[1024]; 843 char *iov_base[1024]; 844 unsigned int iov_len = 16; 845 int send_len = 1 << 14; 846 char buf[1 << 14]; 847 struct msghdr hdr; 848 int i; 849 850 memrnd(buf, sizeof(buf)); 851 852 EXPECT_EQ(send(self->fd, buf, send_len, 0), send_len); 853 for (i = 0; i < msg_iovlen; i++) { 854 iov_base[i] = (char *)malloc(iov_len); 855 vec[i].iov_base = iov_base[i]; 856 vec[i].iov_len = iov_len; 857 } 858 859 hdr.msg_iovlen = msg_iovlen; 860 hdr.msg_iov = vec; 861 EXPECT_NE(recvmsg(self->cfd, &hdr, 0), -1); 862 863 for (i = 0; i < msg_iovlen; i++) 864 free(iov_base[i]); 865 } 866 867 TEST_F(tls, single_send_multiple_recv) 868 { 869 unsigned int total_len = TLS_PAYLOAD_MAX_LEN * 2; 870 unsigned int send_len = TLS_PAYLOAD_MAX_LEN; 871 char send_mem[TLS_PAYLOAD_MAX_LEN * 2]; 872 char recv_mem[TLS_PAYLOAD_MAX_LEN * 2]; 873 874 memrnd(send_mem, sizeof(send_mem)); 875 876 EXPECT_GE(send(self->fd, send_mem, total_len, 0), 0); 877 memset(recv_mem, 0, total_len); 878 879 EXPECT_NE(recv(self->cfd, recv_mem, send_len, 0), -1); 880 EXPECT_NE(recv(self->cfd, recv_mem + send_len, send_len, 0), -1); 881 EXPECT_EQ(memcmp(send_mem, recv_mem, total_len), 0); 882 } 883 884 TEST_F(tls, multiple_send_single_recv) 885 { 886 unsigned int total_len = 2 * 10; 887 unsigned int send_len = 10; 888 char recv_mem[2 * 10]; 889 char send_mem[10]; 890 891 memrnd(send_mem, sizeof(send_mem)); 892 893 EXPECT_GE(send(self->fd, send_mem, send_len, 0), 0); 894 EXPECT_GE(send(self->fd, send_mem, send_len, 0), 0); 895 memset(recv_mem, 0, total_len); 896 EXPECT_EQ(recv(self->cfd, recv_mem, total_len, MSG_WAITALL), total_len); 897 898 EXPECT_EQ(memcmp(send_mem, recv_mem, send_len), 0); 899 EXPECT_EQ(memcmp(send_mem, recv_mem + send_len, send_len), 0); 900 } 901 902 TEST_F(tls, single_send_multiple_recv_non_align) 903 { 904 const unsigned int total_len = 15; 905 const unsigned int recv_len = 10; 906 char recv_mem[recv_len * 2]; 907 char send_mem[total_len]; 908 909 memrnd(send_mem, sizeof(send_mem)); 910 911 EXPECT_GE(send(self->fd, send_mem, total_len, 0), 0); 912 memset(recv_mem, 0, total_len); 913 914 EXPECT_EQ(recv(self->cfd, recv_mem, recv_len, 0), recv_len); 915 EXPECT_EQ(recv(self->cfd, recv_mem + recv_len, recv_len, 0), 5); 916 EXPECT_EQ(memcmp(send_mem, recv_mem, total_len), 0); 917 } 918 919 TEST_F(tls, recv_partial) 920 { 921 char const *test_str = "test_read_partial"; 922 char const *test_str_first = "test_read"; 923 char const *test_str_second = "_partial"; 924 int send_len = strlen(test_str) + 1; 925 char recv_mem[18]; 926 927 memset(recv_mem, 0, sizeof(recv_mem)); 928 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 929 EXPECT_NE(recv(self->cfd, recv_mem, strlen(test_str_first), 930 MSG_WAITALL), -1); 931 EXPECT_EQ(memcmp(test_str_first, recv_mem, strlen(test_str_first)), 0); 932 memset(recv_mem, 0, sizeof(recv_mem)); 933 EXPECT_NE(recv(self->cfd, recv_mem, strlen(test_str_second), 934 MSG_WAITALL), -1); 935 EXPECT_EQ(memcmp(test_str_second, recv_mem, strlen(test_str_second)), 936 0); 937 } 938 939 TEST_F(tls, recv_nonblock) 940 { 941 char buf[4096]; 942 bool err; 943 944 EXPECT_EQ(recv(self->cfd, buf, sizeof(buf), MSG_DONTWAIT), -1); 945 err = (errno == EAGAIN || errno == EWOULDBLOCK); 946 EXPECT_EQ(err, true); 947 } 948 949 TEST_F(tls, recv_peek) 950 { 951 char const *test_str = "test_read_peek"; 952 int send_len = strlen(test_str) + 1; 953 char buf[15]; 954 955 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 956 EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_PEEK), send_len); 957 EXPECT_EQ(memcmp(test_str, buf, send_len), 0); 958 memset(buf, 0, sizeof(buf)); 959 EXPECT_EQ(recv(self->cfd, buf, send_len, 0), send_len); 960 EXPECT_EQ(memcmp(test_str, buf, send_len), 0); 961 } 962 963 TEST_F(tls, recv_peek_multiple) 964 { 965 char const *test_str = "test_read_peek"; 966 int send_len = strlen(test_str) + 1; 967 unsigned int num_peeks = 100; 968 char buf[15]; 969 int i; 970 971 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 972 for (i = 0; i < num_peeks; i++) { 973 EXPECT_NE(recv(self->cfd, buf, send_len, MSG_PEEK), -1); 974 EXPECT_EQ(memcmp(test_str, buf, send_len), 0); 975 memset(buf, 0, sizeof(buf)); 976 } 977 EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1); 978 EXPECT_EQ(memcmp(test_str, buf, send_len), 0); 979 } 980 981 TEST_F(tls, recv_peek_multiple_records) 982 { 983 char const *test_str = "test_read_peek_mult_recs"; 984 char const *test_str_first = "test_read_peek"; 985 char const *test_str_second = "_mult_recs"; 986 int len; 987 char buf[64]; 988 989 len = strlen(test_str_first); 990 EXPECT_EQ(send(self->fd, test_str_first, len, 0), len); 991 992 len = strlen(test_str_second) + 1; 993 EXPECT_EQ(send(self->fd, test_str_second, len, 0), len); 994 995 len = strlen(test_str_first); 996 memset(buf, 0, len); 997 EXPECT_EQ(recv(self->cfd, buf, len, MSG_PEEK | MSG_WAITALL), len); 998 999 /* MSG_PEEK can only peek into the current record. */ 1000 len = strlen(test_str_first); 1001 EXPECT_EQ(memcmp(test_str_first, buf, len), 0); 1002 1003 len = strlen(test_str) + 1; 1004 memset(buf, 0, len); 1005 EXPECT_EQ(recv(self->cfd, buf, len, MSG_WAITALL), len); 1006 1007 /* Non-MSG_PEEK will advance strparser (and therefore record) 1008 * however. 1009 */ 1010 len = strlen(test_str) + 1; 1011 EXPECT_EQ(memcmp(test_str, buf, len), 0); 1012 1013 /* MSG_MORE will hold current record open, so later MSG_PEEK 1014 * will see everything. 1015 */ 1016 len = strlen(test_str_first); 1017 EXPECT_EQ(send(self->fd, test_str_first, len, MSG_MORE), len); 1018 1019 len = strlen(test_str_second) + 1; 1020 EXPECT_EQ(send(self->fd, test_str_second, len, 0), len); 1021 1022 len = strlen(test_str) + 1; 1023 memset(buf, 0, len); 1024 EXPECT_EQ(recv(self->cfd, buf, len, MSG_PEEK | MSG_WAITALL), len); 1025 1026 len = strlen(test_str) + 1; 1027 EXPECT_EQ(memcmp(test_str, buf, len), 0); 1028 } 1029 1030 TEST_F(tls, recv_peek_large_buf_mult_recs) 1031 { 1032 char const *test_str = "test_read_peek_mult_recs"; 1033 char const *test_str_first = "test_read_peek"; 1034 char const *test_str_second = "_mult_recs"; 1035 int len; 1036 char buf[64]; 1037 1038 len = strlen(test_str_first); 1039 EXPECT_EQ(send(self->fd, test_str_first, len, 0), len); 1040 1041 len = strlen(test_str_second) + 1; 1042 EXPECT_EQ(send(self->fd, test_str_second, len, 0), len); 1043 1044 len = strlen(test_str) + 1; 1045 memset(buf, 0, len); 1046 EXPECT_NE((len = recv(self->cfd, buf, len, 1047 MSG_PEEK | MSG_WAITALL)), -1); 1048 len = strlen(test_str) + 1; 1049 EXPECT_EQ(memcmp(test_str, buf, len), 0); 1050 } 1051 1052 TEST_F(tls, recv_lowat) 1053 { 1054 char send_mem[10] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 }; 1055 char recv_mem[20]; 1056 int lowat = 8; 1057 1058 EXPECT_EQ(send(self->fd, send_mem, 10, 0), 10); 1059 EXPECT_EQ(send(self->fd, send_mem, 5, 0), 5); 1060 1061 memset(recv_mem, 0, 20); 1062 EXPECT_EQ(setsockopt(self->cfd, SOL_SOCKET, SO_RCVLOWAT, 1063 &lowat, sizeof(lowat)), 0); 1064 EXPECT_EQ(recv(self->cfd, recv_mem, 1, MSG_WAITALL), 1); 1065 EXPECT_EQ(recv(self->cfd, recv_mem + 1, 6, MSG_WAITALL), 6); 1066 EXPECT_EQ(recv(self->cfd, recv_mem + 7, 10, 0), 8); 1067 1068 EXPECT_EQ(memcmp(send_mem, recv_mem, 10), 0); 1069 EXPECT_EQ(memcmp(send_mem, recv_mem + 10, 5), 0); 1070 } 1071 1072 TEST_F(tls, bidir) 1073 { 1074 char const *test_str = "test_read"; 1075 int send_len = 10; 1076 char buf[10]; 1077 int ret; 1078 1079 if (!self->notls) { 1080 struct tls_crypto_info_keys tls12; 1081 1082 tls_crypto_info_init(variant->tls_version, variant->cipher_type, 1083 &tls12); 1084 1085 ret = setsockopt(self->fd, SOL_TLS, TLS_RX, &tls12, 1086 tls12.len); 1087 ASSERT_EQ(ret, 0); 1088 1089 ret = setsockopt(self->cfd, SOL_TLS, TLS_TX, &tls12, 1090 tls12.len); 1091 ASSERT_EQ(ret, 0); 1092 } 1093 1094 ASSERT_EQ(strlen(test_str) + 1, send_len); 1095 1096 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 1097 EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1); 1098 EXPECT_EQ(memcmp(buf, test_str, send_len), 0); 1099 1100 memset(buf, 0, sizeof(buf)); 1101 1102 EXPECT_EQ(send(self->cfd, test_str, send_len, 0), send_len); 1103 EXPECT_NE(recv(self->fd, buf, send_len, 0), -1); 1104 EXPECT_EQ(memcmp(buf, test_str, send_len), 0); 1105 }; 1106 1107 TEST_F(tls, pollin) 1108 { 1109 char const *test_str = "test_poll"; 1110 struct pollfd fd = { 0, 0, 0 }; 1111 char buf[10]; 1112 int send_len = 10; 1113 1114 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 1115 fd.fd = self->cfd; 1116 fd.events = POLLIN; 1117 1118 EXPECT_EQ(poll(&fd, 1, 20), 1); 1119 EXPECT_EQ(fd.revents & POLLIN, 1); 1120 EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_WAITALL), send_len); 1121 /* Test timing out */ 1122 EXPECT_EQ(poll(&fd, 1, 20), 0); 1123 } 1124 1125 TEST_F(tls, poll_wait) 1126 { 1127 char const *test_str = "test_poll_wait"; 1128 int send_len = strlen(test_str) + 1; 1129 struct pollfd fd = { 0, 0, 0 }; 1130 char recv_mem[15]; 1131 1132 fd.fd = self->cfd; 1133 fd.events = POLLIN; 1134 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 1135 /* Set timeout to inf. secs */ 1136 EXPECT_EQ(poll(&fd, 1, -1), 1); 1137 EXPECT_EQ(fd.revents & POLLIN, 1); 1138 EXPECT_EQ(recv(self->cfd, recv_mem, send_len, MSG_WAITALL), send_len); 1139 } 1140 1141 TEST_F(tls, poll_wait_split) 1142 { 1143 struct pollfd fd = { 0, 0, 0 }; 1144 char send_mem[20] = {}; 1145 char recv_mem[15]; 1146 1147 fd.fd = self->cfd; 1148 fd.events = POLLIN; 1149 /* Send 20 bytes */ 1150 EXPECT_EQ(send(self->fd, send_mem, sizeof(send_mem), 0), 1151 sizeof(send_mem)); 1152 /* Poll with inf. timeout */ 1153 EXPECT_EQ(poll(&fd, 1, -1), 1); 1154 EXPECT_EQ(fd.revents & POLLIN, 1); 1155 EXPECT_EQ(recv(self->cfd, recv_mem, sizeof(recv_mem), MSG_WAITALL), 1156 sizeof(recv_mem)); 1157 1158 /* Now the remaining 5 bytes of record data are in TLS ULP */ 1159 fd.fd = self->cfd; 1160 fd.events = POLLIN; 1161 EXPECT_EQ(poll(&fd, 1, -1), 1); 1162 EXPECT_EQ(fd.revents & POLLIN, 1); 1163 EXPECT_EQ(recv(self->cfd, recv_mem, sizeof(recv_mem), 0), 1164 sizeof(send_mem) - sizeof(recv_mem)); 1165 } 1166 1167 TEST_F(tls, blocking) 1168 { 1169 size_t data = 100000; 1170 int res = fork(); 1171 1172 EXPECT_NE(res, -1); 1173 1174 if (res) { 1175 /* parent */ 1176 size_t left = data; 1177 char buf[16384]; 1178 int status; 1179 int pid2; 1180 1181 while (left) { 1182 int res = send(self->fd, buf, 1183 left > 16384 ? 16384 : left, 0); 1184 1185 EXPECT_GE(res, 0); 1186 left -= res; 1187 } 1188 1189 pid2 = wait(&status); 1190 EXPECT_EQ(status, 0); 1191 EXPECT_EQ(res, pid2); 1192 } else { 1193 /* child */ 1194 size_t left = data; 1195 char buf[16384]; 1196 1197 while (left) { 1198 int res = recv(self->cfd, buf, 1199 left > 16384 ? 16384 : left, 0); 1200 1201 EXPECT_GE(res, 0); 1202 left -= res; 1203 } 1204 } 1205 } 1206 1207 TEST_F(tls, nonblocking) 1208 { 1209 size_t data = 100000; 1210 int sendbuf = 100; 1211 int flags; 1212 int res; 1213 1214 flags = fcntl(self->fd, F_GETFL, 0); 1215 fcntl(self->fd, F_SETFL, flags | O_NONBLOCK); 1216 fcntl(self->cfd, F_SETFL, flags | O_NONBLOCK); 1217 1218 /* Ensure nonblocking behavior by imposing a small send 1219 * buffer. 1220 */ 1221 EXPECT_EQ(setsockopt(self->fd, SOL_SOCKET, SO_SNDBUF, 1222 &sendbuf, sizeof(sendbuf)), 0); 1223 1224 res = fork(); 1225 EXPECT_NE(res, -1); 1226 1227 if (res) { 1228 /* parent */ 1229 bool eagain = false; 1230 size_t left = data; 1231 char buf[16384]; 1232 int status; 1233 int pid2; 1234 1235 while (left) { 1236 int res = send(self->fd, buf, 1237 left > 16384 ? 16384 : left, 0); 1238 1239 if (res == -1 && errno == EAGAIN) { 1240 eagain = true; 1241 usleep(10000); 1242 continue; 1243 } 1244 EXPECT_GE(res, 0); 1245 left -= res; 1246 } 1247 1248 EXPECT_TRUE(eagain); 1249 pid2 = wait(&status); 1250 1251 EXPECT_EQ(status, 0); 1252 EXPECT_EQ(res, pid2); 1253 } else { 1254 /* child */ 1255 bool eagain = false; 1256 size_t left = data; 1257 char buf[16384]; 1258 1259 while (left) { 1260 int res = recv(self->cfd, buf, 1261 left > 16384 ? 16384 : left, 0); 1262 1263 if (res == -1 && errno == EAGAIN) { 1264 eagain = true; 1265 usleep(10000); 1266 continue; 1267 } 1268 EXPECT_GE(res, 0); 1269 left -= res; 1270 } 1271 EXPECT_TRUE(eagain); 1272 } 1273 } 1274 1275 static void 1276 test_mutliproc(struct __test_metadata *_metadata, struct _test_data_tls *self, 1277 bool sendpg, unsigned int n_readers, unsigned int n_writers) 1278 { 1279 const unsigned int n_children = n_readers + n_writers; 1280 const size_t data = 6 * 1000 * 1000; 1281 const size_t file_sz = data / 100; 1282 size_t read_bias, write_bias; 1283 int i, fd, child_id; 1284 char buf[file_sz]; 1285 pid_t pid; 1286 1287 /* Only allow multiples for simplicity */ 1288 ASSERT_EQ(!(n_readers % n_writers) || !(n_writers % n_readers), true); 1289 read_bias = n_writers / n_readers ?: 1; 1290 write_bias = n_readers / n_writers ?: 1; 1291 1292 /* prep a file to send */ 1293 fd = open("/tmp/", O_TMPFILE | O_RDWR, 0600); 1294 ASSERT_GE(fd, 0); 1295 1296 memset(buf, 0xac, file_sz); 1297 ASSERT_EQ(write(fd, buf, file_sz), file_sz); 1298 1299 /* spawn children */ 1300 for (child_id = 0; child_id < n_children; child_id++) { 1301 pid = fork(); 1302 ASSERT_NE(pid, -1); 1303 if (!pid) 1304 break; 1305 } 1306 1307 /* parent waits for all children */ 1308 if (pid) { 1309 for (i = 0; i < n_children; i++) { 1310 int status; 1311 1312 wait(&status); 1313 EXPECT_EQ(status, 0); 1314 } 1315 1316 return; 1317 } 1318 1319 /* Split threads for reading and writing */ 1320 if (child_id < n_readers) { 1321 size_t left = data * read_bias; 1322 char rb[8001]; 1323 1324 while (left) { 1325 int res; 1326 1327 res = recv(self->cfd, rb, 1328 left > sizeof(rb) ? sizeof(rb) : left, 0); 1329 1330 EXPECT_GE(res, 0); 1331 left -= res; 1332 } 1333 } else { 1334 size_t left = data * write_bias; 1335 1336 while (left) { 1337 int res; 1338 1339 ASSERT_EQ(lseek(fd, 0, SEEK_SET), 0); 1340 if (sendpg) 1341 res = sendfile(self->fd, fd, NULL, 1342 left > file_sz ? file_sz : left); 1343 else 1344 res = send(self->fd, buf, 1345 left > file_sz ? file_sz : left, 0); 1346 1347 EXPECT_GE(res, 0); 1348 left -= res; 1349 } 1350 } 1351 } 1352 1353 TEST_F(tls, mutliproc_even) 1354 { 1355 test_mutliproc(_metadata, self, false, 6, 6); 1356 } 1357 1358 TEST_F(tls, mutliproc_readers) 1359 { 1360 test_mutliproc(_metadata, self, false, 4, 12); 1361 } 1362 1363 TEST_F(tls, mutliproc_writers) 1364 { 1365 test_mutliproc(_metadata, self, false, 10, 2); 1366 } 1367 1368 TEST_F(tls, mutliproc_sendpage_even) 1369 { 1370 test_mutliproc(_metadata, self, true, 6, 6); 1371 } 1372 1373 TEST_F(tls, mutliproc_sendpage_readers) 1374 { 1375 test_mutliproc(_metadata, self, true, 4, 12); 1376 } 1377 1378 TEST_F(tls, mutliproc_sendpage_writers) 1379 { 1380 test_mutliproc(_metadata, self, true, 10, 2); 1381 } 1382 1383 TEST_F(tls, control_msg) 1384 { 1385 char *test_str = "test_read"; 1386 char record_type = 100; 1387 int send_len = 10; 1388 char buf[10]; 1389 1390 if (self->notls) 1391 SKIP(return, "no TLS support"); 1392 1393 EXPECT_EQ(tls_send_cmsg(self->fd, record_type, test_str, send_len, 0), 1394 send_len); 1395 /* Should fail because we didn't provide a control message */ 1396 EXPECT_EQ(recv(self->cfd, buf, send_len, 0), -1); 1397 1398 EXPECT_EQ(tls_recv_cmsg(_metadata, self->cfd, record_type, 1399 buf, sizeof(buf), MSG_WAITALL | MSG_PEEK), 1400 send_len); 1401 EXPECT_EQ(memcmp(buf, test_str, send_len), 0); 1402 1403 /* Recv the message again without MSG_PEEK */ 1404 memset(buf, 0, sizeof(buf)); 1405 1406 EXPECT_EQ(tls_recv_cmsg(_metadata, self->cfd, record_type, 1407 buf, sizeof(buf), MSG_WAITALL), 1408 send_len); 1409 EXPECT_EQ(memcmp(buf, test_str, send_len), 0); 1410 } 1411 1412 TEST_F(tls, shutdown) 1413 { 1414 char const *test_str = "test_read"; 1415 int send_len = 10; 1416 char buf[10]; 1417 1418 ASSERT_EQ(strlen(test_str) + 1, send_len); 1419 1420 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 1421 EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1); 1422 EXPECT_EQ(memcmp(buf, test_str, send_len), 0); 1423 1424 shutdown(self->fd, SHUT_RDWR); 1425 shutdown(self->cfd, SHUT_RDWR); 1426 } 1427 1428 TEST_F(tls, shutdown_unsent) 1429 { 1430 char const *test_str = "test_read"; 1431 int send_len = 10; 1432 1433 EXPECT_EQ(send(self->fd, test_str, send_len, MSG_MORE), send_len); 1434 1435 shutdown(self->fd, SHUT_RDWR); 1436 shutdown(self->cfd, SHUT_RDWR); 1437 } 1438 1439 TEST_F(tls, shutdown_reuse) 1440 { 1441 struct sockaddr_in addr; 1442 int ret; 1443 1444 shutdown(self->fd, SHUT_RDWR); 1445 shutdown(self->cfd, SHUT_RDWR); 1446 close(self->cfd); 1447 1448 addr.sin_family = AF_INET; 1449 addr.sin_addr.s_addr = htonl(INADDR_ANY); 1450 addr.sin_port = 0; 1451 1452 ret = bind(self->fd, &addr, sizeof(addr)); 1453 EXPECT_EQ(ret, 0); 1454 ret = listen(self->fd, 10); 1455 EXPECT_EQ(ret, -1); 1456 EXPECT_EQ(errno, EINVAL); 1457 1458 ret = connect(self->fd, &addr, sizeof(addr)); 1459 EXPECT_EQ(ret, -1); 1460 EXPECT_EQ(errno, EISCONN); 1461 } 1462 1463 FIXTURE(tls_err) 1464 { 1465 int fd, cfd; 1466 int fd2, cfd2; 1467 bool notls; 1468 }; 1469 1470 FIXTURE_VARIANT(tls_err) 1471 { 1472 uint16_t tls_version; 1473 }; 1474 1475 FIXTURE_VARIANT_ADD(tls_err, 12_aes_gcm) 1476 { 1477 .tls_version = TLS_1_2_VERSION, 1478 }; 1479 1480 FIXTURE_VARIANT_ADD(tls_err, 13_aes_gcm) 1481 { 1482 .tls_version = TLS_1_3_VERSION, 1483 }; 1484 1485 FIXTURE_SETUP(tls_err) 1486 { 1487 struct tls_crypto_info_keys tls12; 1488 int ret; 1489 1490 tls_crypto_info_init(variant->tls_version, TLS_CIPHER_AES_GCM_128, 1491 &tls12); 1492 1493 ulp_sock_pair(_metadata, &self->fd, &self->cfd, &self->notls); 1494 ulp_sock_pair(_metadata, &self->fd2, &self->cfd2, &self->notls); 1495 if (self->notls) 1496 return; 1497 1498 ret = setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, tls12.len); 1499 ASSERT_EQ(ret, 0); 1500 1501 ret = setsockopt(self->cfd2, SOL_TLS, TLS_RX, &tls12, tls12.len); 1502 ASSERT_EQ(ret, 0); 1503 } 1504 1505 FIXTURE_TEARDOWN(tls_err) 1506 { 1507 close(self->fd); 1508 close(self->cfd); 1509 close(self->fd2); 1510 close(self->cfd2); 1511 } 1512 1513 TEST_F(tls_err, bad_rec) 1514 { 1515 char buf[64]; 1516 1517 if (self->notls) 1518 SKIP(return, "no TLS support"); 1519 1520 memset(buf, 0x55, sizeof(buf)); 1521 EXPECT_EQ(send(self->fd2, buf, sizeof(buf), 0), sizeof(buf)); 1522 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1); 1523 EXPECT_EQ(errno, EMSGSIZE); 1524 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), MSG_DONTWAIT), -1); 1525 EXPECT_EQ(errno, EAGAIN); 1526 } 1527 1528 TEST_F(tls_err, bad_auth) 1529 { 1530 char buf[128]; 1531 int n; 1532 1533 if (self->notls) 1534 SKIP(return, "no TLS support"); 1535 1536 memrnd(buf, sizeof(buf) / 2); 1537 EXPECT_EQ(send(self->fd, buf, sizeof(buf) / 2, 0), sizeof(buf) / 2); 1538 n = recv(self->cfd, buf, sizeof(buf), 0); 1539 EXPECT_GT(n, sizeof(buf) / 2); 1540 1541 buf[n - 1]++; 1542 1543 EXPECT_EQ(send(self->fd2, buf, n, 0), n); 1544 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1); 1545 EXPECT_EQ(errno, EBADMSG); 1546 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1); 1547 EXPECT_EQ(errno, EBADMSG); 1548 } 1549 1550 TEST_F(tls_err, bad_in_large_read) 1551 { 1552 char txt[3][64]; 1553 char cip[3][128]; 1554 char buf[3 * 128]; 1555 int i, n; 1556 1557 if (self->notls) 1558 SKIP(return, "no TLS support"); 1559 1560 /* Put 3 records in the sockets */ 1561 for (i = 0; i < 3; i++) { 1562 memrnd(txt[i], sizeof(txt[i])); 1563 EXPECT_EQ(send(self->fd, txt[i], sizeof(txt[i]), 0), 1564 sizeof(txt[i])); 1565 n = recv(self->cfd, cip[i], sizeof(cip[i]), 0); 1566 EXPECT_GT(n, sizeof(txt[i])); 1567 /* Break the third message */ 1568 if (i == 2) 1569 cip[2][n - 1]++; 1570 EXPECT_EQ(send(self->fd2, cip[i], n, 0), n); 1571 } 1572 1573 /* We should be able to receive the first two messages */ 1574 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), sizeof(txt[0]) * 2); 1575 EXPECT_EQ(memcmp(buf, txt[0], sizeof(txt[0])), 0); 1576 EXPECT_EQ(memcmp(buf + sizeof(txt[0]), txt[1], sizeof(txt[1])), 0); 1577 /* Third mesasge is bad */ 1578 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1); 1579 EXPECT_EQ(errno, EBADMSG); 1580 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1); 1581 EXPECT_EQ(errno, EBADMSG); 1582 } 1583 1584 TEST_F(tls_err, bad_cmsg) 1585 { 1586 char *test_str = "test_read"; 1587 int send_len = 10; 1588 char cip[128]; 1589 char buf[128]; 1590 char txt[64]; 1591 int n; 1592 1593 if (self->notls) 1594 SKIP(return, "no TLS support"); 1595 1596 /* Queue up one data record */ 1597 memrnd(txt, sizeof(txt)); 1598 EXPECT_EQ(send(self->fd, txt, sizeof(txt), 0), sizeof(txt)); 1599 n = recv(self->cfd, cip, sizeof(cip), 0); 1600 EXPECT_GT(n, sizeof(txt)); 1601 EXPECT_EQ(send(self->fd2, cip, n, 0), n); 1602 1603 EXPECT_EQ(tls_send_cmsg(self->fd, 100, test_str, send_len, 0), 10); 1604 n = recv(self->cfd, cip, sizeof(cip), 0); 1605 cip[n - 1]++; /* Break it */ 1606 EXPECT_GT(n, send_len); 1607 EXPECT_EQ(send(self->fd2, cip, n, 0), n); 1608 1609 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), sizeof(txt)); 1610 EXPECT_EQ(memcmp(buf, txt, sizeof(txt)), 0); 1611 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1); 1612 EXPECT_EQ(errno, EBADMSG); 1613 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1); 1614 EXPECT_EQ(errno, EBADMSG); 1615 } 1616 1617 TEST_F(tls_err, timeo) 1618 { 1619 struct timeval tv = { .tv_usec = 10000, }; 1620 char buf[128]; 1621 int ret; 1622 1623 if (self->notls) 1624 SKIP(return, "no TLS support"); 1625 1626 ret = setsockopt(self->cfd2, SOL_SOCKET, SO_RCVTIMEO, &tv, sizeof(tv)); 1627 ASSERT_EQ(ret, 0); 1628 1629 ret = fork(); 1630 ASSERT_GE(ret, 0); 1631 1632 if (ret) { 1633 usleep(1000); /* Give child a head start */ 1634 1635 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1); 1636 EXPECT_EQ(errno, EAGAIN); 1637 1638 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1); 1639 EXPECT_EQ(errno, EAGAIN); 1640 1641 wait(&ret); 1642 } else { 1643 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1); 1644 EXPECT_EQ(errno, EAGAIN); 1645 exit(0); 1646 } 1647 } 1648 1649 TEST(non_established) { 1650 struct tls12_crypto_info_aes_gcm_256 tls12; 1651 struct sockaddr_in addr; 1652 int sfd, ret, fd; 1653 socklen_t len; 1654 1655 len = sizeof(addr); 1656 1657 memset(&tls12, 0, sizeof(tls12)); 1658 tls12.info.version = TLS_1_2_VERSION; 1659 tls12.info.cipher_type = TLS_CIPHER_AES_GCM_256; 1660 1661 addr.sin_family = AF_INET; 1662 addr.sin_addr.s_addr = htonl(INADDR_ANY); 1663 addr.sin_port = 0; 1664 1665 fd = socket(AF_INET, SOCK_STREAM, 0); 1666 sfd = socket(AF_INET, SOCK_STREAM, 0); 1667 1668 ret = bind(sfd, &addr, sizeof(addr)); 1669 ASSERT_EQ(ret, 0); 1670 ret = listen(sfd, 10); 1671 ASSERT_EQ(ret, 0); 1672 1673 ret = setsockopt(fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")); 1674 EXPECT_EQ(ret, -1); 1675 /* TLS ULP not supported */ 1676 if (errno == ENOENT) 1677 return; 1678 EXPECT_EQ(errno, ENOTCONN); 1679 1680 ret = setsockopt(sfd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")); 1681 EXPECT_EQ(ret, -1); 1682 EXPECT_EQ(errno, ENOTCONN); 1683 1684 ret = getsockname(sfd, &addr, &len); 1685 ASSERT_EQ(ret, 0); 1686 1687 ret = connect(fd, &addr, sizeof(addr)); 1688 ASSERT_EQ(ret, 0); 1689 1690 ret = setsockopt(fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")); 1691 ASSERT_EQ(ret, 0); 1692 1693 ret = setsockopt(fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")); 1694 EXPECT_EQ(ret, -1); 1695 EXPECT_EQ(errno, EEXIST); 1696 1697 close(fd); 1698 close(sfd); 1699 } 1700 1701 TEST(keysizes) { 1702 struct tls12_crypto_info_aes_gcm_256 tls12; 1703 int ret, fd, cfd; 1704 bool notls; 1705 1706 memset(&tls12, 0, sizeof(tls12)); 1707 tls12.info.version = TLS_1_2_VERSION; 1708 tls12.info.cipher_type = TLS_CIPHER_AES_GCM_256; 1709 1710 ulp_sock_pair(_metadata, &fd, &cfd, ¬ls); 1711 1712 if (!notls) { 1713 ret = setsockopt(fd, SOL_TLS, TLS_TX, &tls12, 1714 sizeof(tls12)); 1715 EXPECT_EQ(ret, 0); 1716 1717 ret = setsockopt(cfd, SOL_TLS, TLS_RX, &tls12, 1718 sizeof(tls12)); 1719 EXPECT_EQ(ret, 0); 1720 } 1721 1722 close(fd); 1723 close(cfd); 1724 } 1725 1726 TEST(no_pad) { 1727 struct tls12_crypto_info_aes_gcm_256 tls12; 1728 int ret, fd, cfd, val; 1729 socklen_t len; 1730 bool notls; 1731 1732 memset(&tls12, 0, sizeof(tls12)); 1733 tls12.info.version = TLS_1_3_VERSION; 1734 tls12.info.cipher_type = TLS_CIPHER_AES_GCM_256; 1735 1736 ulp_sock_pair(_metadata, &fd, &cfd, ¬ls); 1737 1738 if (notls) 1739 exit(KSFT_SKIP); 1740 1741 ret = setsockopt(fd, SOL_TLS, TLS_TX, &tls12, sizeof(tls12)); 1742 EXPECT_EQ(ret, 0); 1743 1744 ret = setsockopt(cfd, SOL_TLS, TLS_RX, &tls12, sizeof(tls12)); 1745 EXPECT_EQ(ret, 0); 1746 1747 val = 1; 1748 ret = setsockopt(cfd, SOL_TLS, TLS_RX_EXPECT_NO_PAD, 1749 (void *)&val, sizeof(val)); 1750 EXPECT_EQ(ret, 0); 1751 1752 len = sizeof(val); 1753 val = 2; 1754 ret = getsockopt(cfd, SOL_TLS, TLS_RX_EXPECT_NO_PAD, 1755 (void *)&val, &len); 1756 EXPECT_EQ(ret, 0); 1757 EXPECT_EQ(val, 1); 1758 EXPECT_EQ(len, 4); 1759 1760 val = 0; 1761 ret = setsockopt(cfd, SOL_TLS, TLS_RX_EXPECT_NO_PAD, 1762 (void *)&val, sizeof(val)); 1763 EXPECT_EQ(ret, 0); 1764 1765 len = sizeof(val); 1766 val = 2; 1767 ret = getsockopt(cfd, SOL_TLS, TLS_RX_EXPECT_NO_PAD, 1768 (void *)&val, &len); 1769 EXPECT_EQ(ret, 0); 1770 EXPECT_EQ(val, 0); 1771 EXPECT_EQ(len, 4); 1772 1773 close(fd); 1774 close(cfd); 1775 } 1776 1777 TEST(tls_v6ops) { 1778 struct tls_crypto_info_keys tls12; 1779 struct sockaddr_in6 addr, addr2; 1780 int sfd, ret, fd; 1781 socklen_t len, len2; 1782 1783 tls_crypto_info_init(TLS_1_2_VERSION, TLS_CIPHER_AES_GCM_128, &tls12); 1784 1785 addr.sin6_family = AF_INET6; 1786 addr.sin6_addr = in6addr_any; 1787 addr.sin6_port = 0; 1788 1789 fd = socket(AF_INET6, SOCK_STREAM, 0); 1790 sfd = socket(AF_INET6, SOCK_STREAM, 0); 1791 1792 ret = bind(sfd, &addr, sizeof(addr)); 1793 ASSERT_EQ(ret, 0); 1794 ret = listen(sfd, 10); 1795 ASSERT_EQ(ret, 0); 1796 1797 len = sizeof(addr); 1798 ret = getsockname(sfd, &addr, &len); 1799 ASSERT_EQ(ret, 0); 1800 1801 ret = connect(fd, &addr, sizeof(addr)); 1802 ASSERT_EQ(ret, 0); 1803 1804 len = sizeof(addr); 1805 ret = getsockname(fd, &addr, &len); 1806 ASSERT_EQ(ret, 0); 1807 1808 ret = setsockopt(fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")); 1809 if (ret) { 1810 ASSERT_EQ(errno, ENOENT); 1811 SKIP(return, "no TLS support"); 1812 } 1813 ASSERT_EQ(ret, 0); 1814 1815 ret = setsockopt(fd, SOL_TLS, TLS_TX, &tls12, tls12.len); 1816 ASSERT_EQ(ret, 0); 1817 1818 ret = setsockopt(fd, SOL_TLS, TLS_RX, &tls12, tls12.len); 1819 ASSERT_EQ(ret, 0); 1820 1821 len2 = sizeof(addr2); 1822 ret = getsockname(fd, &addr2, &len2); 1823 ASSERT_EQ(ret, 0); 1824 1825 EXPECT_EQ(len2, len); 1826 EXPECT_EQ(memcmp(&addr, &addr2, len), 0); 1827 1828 close(fd); 1829 close(sfd); 1830 } 1831 1832 TEST(prequeue) { 1833 struct tls_crypto_info_keys tls12; 1834 char buf[20000], buf2[20000]; 1835 struct sockaddr_in addr; 1836 int sfd, cfd, ret, fd; 1837 socklen_t len; 1838 1839 len = sizeof(addr); 1840 memrnd(buf, sizeof(buf)); 1841 1842 tls_crypto_info_init(TLS_1_2_VERSION, TLS_CIPHER_AES_GCM_256, &tls12); 1843 1844 addr.sin_family = AF_INET; 1845 addr.sin_addr.s_addr = htonl(INADDR_ANY); 1846 addr.sin_port = 0; 1847 1848 fd = socket(AF_INET, SOCK_STREAM, 0); 1849 sfd = socket(AF_INET, SOCK_STREAM, 0); 1850 1851 ASSERT_EQ(bind(sfd, &addr, sizeof(addr)), 0); 1852 ASSERT_EQ(listen(sfd, 10), 0); 1853 ASSERT_EQ(getsockname(sfd, &addr, &len), 0); 1854 ASSERT_EQ(connect(fd, &addr, sizeof(addr)), 0); 1855 ASSERT_GE(cfd = accept(sfd, &addr, &len), 0); 1856 close(sfd); 1857 1858 ret = setsockopt(fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")); 1859 if (ret) { 1860 ASSERT_EQ(errno, ENOENT); 1861 SKIP(return, "no TLS support"); 1862 } 1863 1864 ASSERT_EQ(setsockopt(fd, SOL_TLS, TLS_TX, &tls12, tls12.len), 0); 1865 EXPECT_EQ(send(fd, buf, sizeof(buf), MSG_DONTWAIT), sizeof(buf)); 1866 1867 ASSERT_EQ(setsockopt(cfd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")), 0); 1868 ASSERT_EQ(setsockopt(cfd, SOL_TLS, TLS_RX, &tls12, tls12.len), 0); 1869 EXPECT_EQ(recv(cfd, buf2, sizeof(buf2), MSG_WAITALL), sizeof(buf2)); 1870 1871 EXPECT_EQ(memcmp(buf, buf2, sizeof(buf)), 0); 1872 1873 close(fd); 1874 close(cfd); 1875 } 1876 1877 static void __attribute__((constructor)) fips_check(void) { 1878 int res; 1879 FILE *f; 1880 1881 f = fopen("/proc/sys/crypto/fips_enabled", "r"); 1882 if (f) { 1883 res = fscanf(f, "%d", &fips_enabled); 1884 if (res != 1) 1885 ksft_print_msg("ERROR: Couldn't read /proc/sys/crypto/fips_enabled\n"); 1886 fclose(f); 1887 } 1888 } 1889 1890 TEST_HARNESS_MAIN 1891