1 // SPDX-License-Identifier: GPL-2.0 2 3 #define _GNU_SOURCE 4 5 #include <arpa/inet.h> 6 #include <errno.h> 7 #include <error.h> 8 #include <fcntl.h> 9 #include <poll.h> 10 #include <stdio.h> 11 #include <stdlib.h> 12 #include <unistd.h> 13 14 #include <linux/tls.h> 15 #include <linux/tcp.h> 16 #include <linux/socket.h> 17 18 #include <sys/types.h> 19 #include <sys/sendfile.h> 20 #include <sys/socket.h> 21 #include <sys/stat.h> 22 23 #include "../kselftest_harness.h" 24 25 #define TLS_PAYLOAD_MAX_LEN 16384 26 #define SOL_TLS 282 27 28 FIXTURE(tls_basic) 29 { 30 int fd, cfd; 31 bool notls; 32 }; 33 34 FIXTURE_SETUP(tls_basic) 35 { 36 struct sockaddr_in addr; 37 socklen_t len; 38 int sfd, ret; 39 40 self->notls = false; 41 len = sizeof(addr); 42 43 addr.sin_family = AF_INET; 44 addr.sin_addr.s_addr = htonl(INADDR_ANY); 45 addr.sin_port = 0; 46 47 self->fd = socket(AF_INET, SOCK_STREAM, 0); 48 sfd = socket(AF_INET, SOCK_STREAM, 0); 49 50 ret = bind(sfd, &addr, sizeof(addr)); 51 ASSERT_EQ(ret, 0); 52 ret = listen(sfd, 10); 53 ASSERT_EQ(ret, 0); 54 55 ret = getsockname(sfd, &addr, &len); 56 ASSERT_EQ(ret, 0); 57 58 ret = connect(self->fd, &addr, sizeof(addr)); 59 ASSERT_EQ(ret, 0); 60 61 self->cfd = accept(sfd, &addr, &len); 62 ASSERT_GE(self->cfd, 0); 63 64 close(sfd); 65 66 ret = setsockopt(self->fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")); 67 if (ret != 0) { 68 ASSERT_EQ(errno, ENOENT); 69 self->notls = true; 70 printf("Failure setting TCP_ULP, testing without tls\n"); 71 return; 72 } 73 74 ret = setsockopt(self->cfd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")); 75 ASSERT_EQ(ret, 0); 76 } 77 78 FIXTURE_TEARDOWN(tls_basic) 79 { 80 close(self->fd); 81 close(self->cfd); 82 } 83 84 /* Send some data through with ULP but no keys */ 85 TEST_F(tls_basic, base_base) 86 { 87 char const *test_str = "test_read"; 88 int send_len = 10; 89 char buf[10]; 90 91 ASSERT_EQ(strlen(test_str) + 1, send_len); 92 93 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 94 EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1); 95 EXPECT_EQ(memcmp(buf, test_str, send_len), 0); 96 }; 97 98 FIXTURE(tls) 99 { 100 int fd, cfd; 101 bool notls; 102 }; 103 104 FIXTURE_VARIANT(tls) 105 { 106 unsigned int tls_version; 107 }; 108 109 FIXTURE_VARIANT_ADD(tls, 12) 110 { 111 .tls_version = TLS_1_2_VERSION, 112 }; 113 114 FIXTURE_VARIANT_ADD(tls, 13) 115 { 116 .tls_version = TLS_1_3_VERSION, 117 }; 118 119 FIXTURE_SETUP(tls) 120 { 121 struct tls12_crypto_info_aes_gcm_128 tls12; 122 struct sockaddr_in addr; 123 socklen_t len; 124 int sfd, ret; 125 126 self->notls = false; 127 len = sizeof(addr); 128 129 memset(&tls12, 0, sizeof(tls12)); 130 tls12.info.version = variant->tls_version; 131 tls12.info.cipher_type = TLS_CIPHER_AES_GCM_128; 132 133 addr.sin_family = AF_INET; 134 addr.sin_addr.s_addr = htonl(INADDR_ANY); 135 addr.sin_port = 0; 136 137 self->fd = socket(AF_INET, SOCK_STREAM, 0); 138 sfd = socket(AF_INET, SOCK_STREAM, 0); 139 140 ret = bind(sfd, &addr, sizeof(addr)); 141 ASSERT_EQ(ret, 0); 142 ret = listen(sfd, 10); 143 ASSERT_EQ(ret, 0); 144 145 ret = getsockname(sfd, &addr, &len); 146 ASSERT_EQ(ret, 0); 147 148 ret = connect(self->fd, &addr, sizeof(addr)); 149 ASSERT_EQ(ret, 0); 150 151 ret = setsockopt(self->fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")); 152 if (ret != 0) { 153 self->notls = true; 154 printf("Failure setting TCP_ULP, testing without tls\n"); 155 } 156 157 if (!self->notls) { 158 ret = setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, 159 sizeof(tls12)); 160 ASSERT_EQ(ret, 0); 161 } 162 163 self->cfd = accept(sfd, &addr, &len); 164 ASSERT_GE(self->cfd, 0); 165 166 if (!self->notls) { 167 ret = setsockopt(self->cfd, IPPROTO_TCP, TCP_ULP, "tls", 168 sizeof("tls")); 169 ASSERT_EQ(ret, 0); 170 171 ret = setsockopt(self->cfd, SOL_TLS, TLS_RX, &tls12, 172 sizeof(tls12)); 173 ASSERT_EQ(ret, 0); 174 } 175 176 close(sfd); 177 } 178 179 FIXTURE_TEARDOWN(tls) 180 { 181 close(self->fd); 182 close(self->cfd); 183 } 184 185 TEST_F(tls, sendfile) 186 { 187 int filefd = open("/proc/self/exe", O_RDONLY); 188 struct stat st; 189 190 EXPECT_GE(filefd, 0); 191 fstat(filefd, &st); 192 EXPECT_GE(sendfile(self->fd, filefd, 0, st.st_size), 0); 193 } 194 195 TEST_F(tls, send_then_sendfile) 196 { 197 int filefd = open("/proc/self/exe", O_RDONLY); 198 char const *test_str = "test_send"; 199 int to_send = strlen(test_str) + 1; 200 char recv_buf[10]; 201 struct stat st; 202 char *buf; 203 204 EXPECT_GE(filefd, 0); 205 fstat(filefd, &st); 206 buf = (char *)malloc(st.st_size); 207 208 EXPECT_EQ(send(self->fd, test_str, to_send, 0), to_send); 209 EXPECT_EQ(recv(self->cfd, recv_buf, to_send, MSG_WAITALL), to_send); 210 EXPECT_EQ(memcmp(test_str, recv_buf, to_send), 0); 211 212 EXPECT_GE(sendfile(self->fd, filefd, 0, st.st_size), 0); 213 EXPECT_EQ(recv(self->cfd, buf, st.st_size, MSG_WAITALL), st.st_size); 214 } 215 216 TEST_F(tls, recv_max) 217 { 218 unsigned int send_len = TLS_PAYLOAD_MAX_LEN; 219 char recv_mem[TLS_PAYLOAD_MAX_LEN]; 220 char buf[TLS_PAYLOAD_MAX_LEN]; 221 222 EXPECT_GE(send(self->fd, buf, send_len, 0), 0); 223 EXPECT_NE(recv(self->cfd, recv_mem, send_len, 0), -1); 224 EXPECT_EQ(memcmp(buf, recv_mem, send_len), 0); 225 } 226 227 TEST_F(tls, recv_small) 228 { 229 char const *test_str = "test_read"; 230 int send_len = 10; 231 char buf[10]; 232 233 send_len = strlen(test_str) + 1; 234 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 235 EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1); 236 EXPECT_EQ(memcmp(buf, test_str, send_len), 0); 237 } 238 239 TEST_F(tls, msg_more) 240 { 241 char const *test_str = "test_read"; 242 int send_len = 10; 243 char buf[10 * 2]; 244 245 EXPECT_EQ(send(self->fd, test_str, send_len, MSG_MORE), send_len); 246 EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_DONTWAIT), -1); 247 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 248 EXPECT_EQ(recv(self->cfd, buf, send_len * 2, MSG_WAITALL), 249 send_len * 2); 250 EXPECT_EQ(memcmp(buf, test_str, send_len), 0); 251 } 252 253 TEST_F(tls, msg_more_unsent) 254 { 255 char const *test_str = "test_read"; 256 int send_len = 10; 257 char buf[10]; 258 259 EXPECT_EQ(send(self->fd, test_str, send_len, MSG_MORE), send_len); 260 EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_DONTWAIT), -1); 261 } 262 263 TEST_F(tls, sendmsg_single) 264 { 265 struct msghdr msg; 266 267 char const *test_str = "test_sendmsg"; 268 size_t send_len = 13; 269 struct iovec vec; 270 char buf[13]; 271 272 vec.iov_base = (char *)test_str; 273 vec.iov_len = send_len; 274 memset(&msg, 0, sizeof(struct msghdr)); 275 msg.msg_iov = &vec; 276 msg.msg_iovlen = 1; 277 EXPECT_EQ(sendmsg(self->fd, &msg, 0), send_len); 278 EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_WAITALL), send_len); 279 EXPECT_EQ(memcmp(buf, test_str, send_len), 0); 280 } 281 282 #define MAX_FRAGS 64 283 #define SEND_LEN 13 284 TEST_F(tls, sendmsg_fragmented) 285 { 286 char const *test_str = "test_sendmsg"; 287 char buf[SEND_LEN * MAX_FRAGS]; 288 struct iovec vec[MAX_FRAGS]; 289 struct msghdr msg; 290 int i, frags; 291 292 for (frags = 1; frags <= MAX_FRAGS; frags++) { 293 for (i = 0; i < frags; i++) { 294 vec[i].iov_base = (char *)test_str; 295 vec[i].iov_len = SEND_LEN; 296 } 297 298 memset(&msg, 0, sizeof(struct msghdr)); 299 msg.msg_iov = vec; 300 msg.msg_iovlen = frags; 301 302 EXPECT_EQ(sendmsg(self->fd, &msg, 0), SEND_LEN * frags); 303 EXPECT_EQ(recv(self->cfd, buf, SEND_LEN * frags, MSG_WAITALL), 304 SEND_LEN * frags); 305 306 for (i = 0; i < frags; i++) 307 EXPECT_EQ(memcmp(buf + SEND_LEN * i, 308 test_str, SEND_LEN), 0); 309 } 310 } 311 #undef MAX_FRAGS 312 #undef SEND_LEN 313 314 TEST_F(tls, sendmsg_large) 315 { 316 void *mem = malloc(16384); 317 size_t send_len = 16384; 318 size_t sends = 128; 319 struct msghdr msg; 320 size_t recvs = 0; 321 size_t sent = 0; 322 323 memset(&msg, 0, sizeof(struct msghdr)); 324 while (sent++ < sends) { 325 struct iovec vec = { (void *)mem, send_len }; 326 327 msg.msg_iov = &vec; 328 msg.msg_iovlen = 1; 329 EXPECT_EQ(sendmsg(self->cfd, &msg, 0), send_len); 330 } 331 332 while (recvs++ < sends) 333 EXPECT_NE(recv(self->fd, mem, send_len, 0), -1); 334 335 free(mem); 336 } 337 338 TEST_F(tls, sendmsg_multiple) 339 { 340 char const *test_str = "test_sendmsg_multiple"; 341 struct iovec vec[5]; 342 char *test_strs[5]; 343 struct msghdr msg; 344 int total_len = 0; 345 int len_cmp = 0; 346 int iov_len = 5; 347 char *buf; 348 int i; 349 350 memset(&msg, 0, sizeof(struct msghdr)); 351 for (i = 0; i < iov_len; i++) { 352 test_strs[i] = (char *)malloc(strlen(test_str) + 1); 353 snprintf(test_strs[i], strlen(test_str) + 1, "%s", test_str); 354 vec[i].iov_base = (void *)test_strs[i]; 355 vec[i].iov_len = strlen(test_strs[i]) + 1; 356 total_len += vec[i].iov_len; 357 } 358 msg.msg_iov = vec; 359 msg.msg_iovlen = iov_len; 360 361 EXPECT_EQ(sendmsg(self->cfd, &msg, 0), total_len); 362 buf = malloc(total_len); 363 EXPECT_NE(recv(self->fd, buf, total_len, 0), -1); 364 for (i = 0; i < iov_len; i++) { 365 EXPECT_EQ(memcmp(test_strs[i], buf + len_cmp, 366 strlen(test_strs[i])), 367 0); 368 len_cmp += strlen(buf + len_cmp) + 1; 369 } 370 for (i = 0; i < iov_len; i++) 371 free(test_strs[i]); 372 free(buf); 373 } 374 375 TEST_F(tls, sendmsg_multiple_stress) 376 { 377 char const *test_str = "abcdefghijklmno"; 378 struct iovec vec[1024]; 379 char *test_strs[1024]; 380 int iov_len = 1024; 381 int total_len = 0; 382 char buf[1 << 14]; 383 struct msghdr msg; 384 int len_cmp = 0; 385 int i; 386 387 memset(&msg, 0, sizeof(struct msghdr)); 388 for (i = 0; i < iov_len; i++) { 389 test_strs[i] = (char *)malloc(strlen(test_str) + 1); 390 snprintf(test_strs[i], strlen(test_str) + 1, "%s", test_str); 391 vec[i].iov_base = (void *)test_strs[i]; 392 vec[i].iov_len = strlen(test_strs[i]) + 1; 393 total_len += vec[i].iov_len; 394 } 395 msg.msg_iov = vec; 396 msg.msg_iovlen = iov_len; 397 398 EXPECT_EQ(sendmsg(self->fd, &msg, 0), total_len); 399 EXPECT_NE(recv(self->cfd, buf, total_len, 0), -1); 400 401 for (i = 0; i < iov_len; i++) 402 len_cmp += strlen(buf + len_cmp) + 1; 403 404 for (i = 0; i < iov_len; i++) 405 free(test_strs[i]); 406 } 407 408 TEST_F(tls, splice_from_pipe) 409 { 410 int send_len = TLS_PAYLOAD_MAX_LEN; 411 char mem_send[TLS_PAYLOAD_MAX_LEN]; 412 char mem_recv[TLS_PAYLOAD_MAX_LEN]; 413 int p[2]; 414 415 ASSERT_GE(pipe(p), 0); 416 EXPECT_GE(write(p[1], mem_send, send_len), 0); 417 EXPECT_GE(splice(p[0], NULL, self->fd, NULL, send_len, 0), 0); 418 EXPECT_EQ(recv(self->cfd, mem_recv, send_len, MSG_WAITALL), send_len); 419 EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0); 420 } 421 422 TEST_F(tls, splice_from_pipe2) 423 { 424 int send_len = 16000; 425 char mem_send[16000]; 426 char mem_recv[16000]; 427 int p2[2]; 428 int p[2]; 429 430 ASSERT_GE(pipe(p), 0); 431 ASSERT_GE(pipe(p2), 0); 432 EXPECT_GE(write(p[1], mem_send, 8000), 0); 433 EXPECT_GE(splice(p[0], NULL, self->fd, NULL, 8000, 0), 0); 434 EXPECT_GE(write(p2[1], mem_send + 8000, 8000), 0); 435 EXPECT_GE(splice(p2[0], NULL, self->fd, NULL, 8000, 0), 0); 436 EXPECT_EQ(recv(self->cfd, mem_recv, send_len, MSG_WAITALL), send_len); 437 EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0); 438 } 439 440 TEST_F(tls, send_and_splice) 441 { 442 int send_len = TLS_PAYLOAD_MAX_LEN; 443 char mem_send[TLS_PAYLOAD_MAX_LEN]; 444 char mem_recv[TLS_PAYLOAD_MAX_LEN]; 445 char const *test_str = "test_read"; 446 int send_len2 = 10; 447 char buf[10]; 448 int p[2]; 449 450 ASSERT_GE(pipe(p), 0); 451 EXPECT_EQ(send(self->fd, test_str, send_len2, 0), send_len2); 452 EXPECT_EQ(recv(self->cfd, buf, send_len2, MSG_WAITALL), send_len2); 453 EXPECT_EQ(memcmp(test_str, buf, send_len2), 0); 454 455 EXPECT_GE(write(p[1], mem_send, send_len), send_len); 456 EXPECT_GE(splice(p[0], NULL, self->fd, NULL, send_len, 0), send_len); 457 458 EXPECT_EQ(recv(self->cfd, mem_recv, send_len, MSG_WAITALL), send_len); 459 EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0); 460 } 461 462 TEST_F(tls, splice_to_pipe) 463 { 464 int send_len = TLS_PAYLOAD_MAX_LEN; 465 char mem_send[TLS_PAYLOAD_MAX_LEN]; 466 char mem_recv[TLS_PAYLOAD_MAX_LEN]; 467 int p[2]; 468 469 ASSERT_GE(pipe(p), 0); 470 EXPECT_GE(send(self->fd, mem_send, send_len, 0), 0); 471 EXPECT_GE(splice(self->cfd, NULL, p[1], NULL, send_len, 0), 0); 472 EXPECT_GE(read(p[0], mem_recv, send_len), 0); 473 EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0); 474 } 475 476 TEST_F(tls, recvmsg_single) 477 { 478 char const *test_str = "test_recvmsg_single"; 479 int send_len = strlen(test_str) + 1; 480 char buf[20]; 481 struct msghdr hdr; 482 struct iovec vec; 483 484 memset(&hdr, 0, sizeof(hdr)); 485 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 486 vec.iov_base = (char *)buf; 487 vec.iov_len = send_len; 488 hdr.msg_iovlen = 1; 489 hdr.msg_iov = &vec; 490 EXPECT_NE(recvmsg(self->cfd, &hdr, 0), -1); 491 EXPECT_EQ(memcmp(test_str, buf, send_len), 0); 492 } 493 494 TEST_F(tls, recvmsg_single_max) 495 { 496 int send_len = TLS_PAYLOAD_MAX_LEN; 497 char send_mem[TLS_PAYLOAD_MAX_LEN]; 498 char recv_mem[TLS_PAYLOAD_MAX_LEN]; 499 struct iovec vec; 500 struct msghdr hdr; 501 502 EXPECT_EQ(send(self->fd, send_mem, send_len, 0), send_len); 503 vec.iov_base = (char *)recv_mem; 504 vec.iov_len = TLS_PAYLOAD_MAX_LEN; 505 506 hdr.msg_iovlen = 1; 507 hdr.msg_iov = &vec; 508 EXPECT_NE(recvmsg(self->cfd, &hdr, 0), -1); 509 EXPECT_EQ(memcmp(send_mem, recv_mem, send_len), 0); 510 } 511 512 TEST_F(tls, recvmsg_multiple) 513 { 514 unsigned int msg_iovlen = 1024; 515 unsigned int len_compared = 0; 516 struct iovec vec[1024]; 517 char *iov_base[1024]; 518 unsigned int iov_len = 16; 519 int send_len = 1 << 14; 520 char buf[1 << 14]; 521 struct msghdr hdr; 522 int i; 523 524 EXPECT_EQ(send(self->fd, buf, send_len, 0), send_len); 525 for (i = 0; i < msg_iovlen; i++) { 526 iov_base[i] = (char *)malloc(iov_len); 527 vec[i].iov_base = iov_base[i]; 528 vec[i].iov_len = iov_len; 529 } 530 531 hdr.msg_iovlen = msg_iovlen; 532 hdr.msg_iov = vec; 533 EXPECT_NE(recvmsg(self->cfd, &hdr, 0), -1); 534 for (i = 0; i < msg_iovlen; i++) 535 len_compared += iov_len; 536 537 for (i = 0; i < msg_iovlen; i++) 538 free(iov_base[i]); 539 } 540 541 TEST_F(tls, single_send_multiple_recv) 542 { 543 unsigned int total_len = TLS_PAYLOAD_MAX_LEN * 2; 544 unsigned int send_len = TLS_PAYLOAD_MAX_LEN; 545 char send_mem[TLS_PAYLOAD_MAX_LEN * 2]; 546 char recv_mem[TLS_PAYLOAD_MAX_LEN * 2]; 547 548 EXPECT_GE(send(self->fd, send_mem, total_len, 0), 0); 549 memset(recv_mem, 0, total_len); 550 551 EXPECT_NE(recv(self->cfd, recv_mem, send_len, 0), -1); 552 EXPECT_NE(recv(self->cfd, recv_mem + send_len, send_len, 0), -1); 553 EXPECT_EQ(memcmp(send_mem, recv_mem, total_len), 0); 554 } 555 556 TEST_F(tls, multiple_send_single_recv) 557 { 558 unsigned int total_len = 2 * 10; 559 unsigned int send_len = 10; 560 char recv_mem[2 * 10]; 561 char send_mem[10]; 562 563 EXPECT_GE(send(self->fd, send_mem, send_len, 0), 0); 564 EXPECT_GE(send(self->fd, send_mem, send_len, 0), 0); 565 memset(recv_mem, 0, total_len); 566 EXPECT_EQ(recv(self->cfd, recv_mem, total_len, MSG_WAITALL), total_len); 567 568 EXPECT_EQ(memcmp(send_mem, recv_mem, send_len), 0); 569 EXPECT_EQ(memcmp(send_mem, recv_mem + send_len, send_len), 0); 570 } 571 572 TEST_F(tls, single_send_multiple_recv_non_align) 573 { 574 const unsigned int total_len = 15; 575 const unsigned int recv_len = 10; 576 char recv_mem[recv_len * 2]; 577 char send_mem[total_len]; 578 579 EXPECT_GE(send(self->fd, send_mem, total_len, 0), 0); 580 memset(recv_mem, 0, total_len); 581 582 EXPECT_EQ(recv(self->cfd, recv_mem, recv_len, 0), recv_len); 583 EXPECT_EQ(recv(self->cfd, recv_mem + recv_len, recv_len, 0), 5); 584 EXPECT_EQ(memcmp(send_mem, recv_mem, total_len), 0); 585 } 586 587 TEST_F(tls, recv_partial) 588 { 589 char const *test_str = "test_read_partial"; 590 char const *test_str_first = "test_read"; 591 char const *test_str_second = "_partial"; 592 int send_len = strlen(test_str) + 1; 593 char recv_mem[18]; 594 595 memset(recv_mem, 0, sizeof(recv_mem)); 596 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 597 EXPECT_NE(recv(self->cfd, recv_mem, strlen(test_str_first), 598 MSG_WAITALL), -1); 599 EXPECT_EQ(memcmp(test_str_first, recv_mem, strlen(test_str_first)), 0); 600 memset(recv_mem, 0, sizeof(recv_mem)); 601 EXPECT_NE(recv(self->cfd, recv_mem, strlen(test_str_second), 602 MSG_WAITALL), -1); 603 EXPECT_EQ(memcmp(test_str_second, recv_mem, strlen(test_str_second)), 604 0); 605 } 606 607 TEST_F(tls, recv_nonblock) 608 { 609 char buf[4096]; 610 bool err; 611 612 EXPECT_EQ(recv(self->cfd, buf, sizeof(buf), MSG_DONTWAIT), -1); 613 err = (errno == EAGAIN || errno == EWOULDBLOCK); 614 EXPECT_EQ(err, true); 615 } 616 617 TEST_F(tls, recv_peek) 618 { 619 char const *test_str = "test_read_peek"; 620 int send_len = strlen(test_str) + 1; 621 char buf[15]; 622 623 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 624 EXPECT_NE(recv(self->cfd, buf, send_len, MSG_PEEK), -1); 625 EXPECT_EQ(memcmp(test_str, buf, send_len), 0); 626 memset(buf, 0, sizeof(buf)); 627 EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1); 628 EXPECT_EQ(memcmp(test_str, buf, send_len), 0); 629 } 630 631 TEST_F(tls, recv_peek_multiple) 632 { 633 char const *test_str = "test_read_peek"; 634 int send_len = strlen(test_str) + 1; 635 unsigned int num_peeks = 100; 636 char buf[15]; 637 int i; 638 639 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 640 for (i = 0; i < num_peeks; i++) { 641 EXPECT_NE(recv(self->cfd, buf, send_len, MSG_PEEK), -1); 642 EXPECT_EQ(memcmp(test_str, buf, send_len), 0); 643 memset(buf, 0, sizeof(buf)); 644 } 645 EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1); 646 EXPECT_EQ(memcmp(test_str, buf, send_len), 0); 647 } 648 649 TEST_F(tls, recv_peek_multiple_records) 650 { 651 char const *test_str = "test_read_peek_mult_recs"; 652 char const *test_str_first = "test_read_peek"; 653 char const *test_str_second = "_mult_recs"; 654 int len; 655 char buf[64]; 656 657 len = strlen(test_str_first); 658 EXPECT_EQ(send(self->fd, test_str_first, len, 0), len); 659 660 len = strlen(test_str_second) + 1; 661 EXPECT_EQ(send(self->fd, test_str_second, len, 0), len); 662 663 len = strlen(test_str_first); 664 memset(buf, 0, len); 665 EXPECT_EQ(recv(self->cfd, buf, len, MSG_PEEK | MSG_WAITALL), len); 666 667 /* MSG_PEEK can only peek into the current record. */ 668 len = strlen(test_str_first); 669 EXPECT_EQ(memcmp(test_str_first, buf, len), 0); 670 671 len = strlen(test_str) + 1; 672 memset(buf, 0, len); 673 EXPECT_EQ(recv(self->cfd, buf, len, MSG_WAITALL), len); 674 675 /* Non-MSG_PEEK will advance strparser (and therefore record) 676 * however. 677 */ 678 len = strlen(test_str) + 1; 679 EXPECT_EQ(memcmp(test_str, buf, len), 0); 680 681 /* MSG_MORE will hold current record open, so later MSG_PEEK 682 * will see everything. 683 */ 684 len = strlen(test_str_first); 685 EXPECT_EQ(send(self->fd, test_str_first, len, MSG_MORE), len); 686 687 len = strlen(test_str_second) + 1; 688 EXPECT_EQ(send(self->fd, test_str_second, len, 0), len); 689 690 len = strlen(test_str) + 1; 691 memset(buf, 0, len); 692 EXPECT_EQ(recv(self->cfd, buf, len, MSG_PEEK | MSG_WAITALL), len); 693 694 len = strlen(test_str) + 1; 695 EXPECT_EQ(memcmp(test_str, buf, len), 0); 696 } 697 698 TEST_F(tls, recv_peek_large_buf_mult_recs) 699 { 700 char const *test_str = "test_read_peek_mult_recs"; 701 char const *test_str_first = "test_read_peek"; 702 char const *test_str_second = "_mult_recs"; 703 int len; 704 char buf[64]; 705 706 len = strlen(test_str_first); 707 EXPECT_EQ(send(self->fd, test_str_first, len, 0), len); 708 709 len = strlen(test_str_second) + 1; 710 EXPECT_EQ(send(self->fd, test_str_second, len, 0), len); 711 712 len = strlen(test_str) + 1; 713 memset(buf, 0, len); 714 EXPECT_NE((len = recv(self->cfd, buf, len, 715 MSG_PEEK | MSG_WAITALL)), -1); 716 len = strlen(test_str) + 1; 717 EXPECT_EQ(memcmp(test_str, buf, len), 0); 718 } 719 720 TEST_F(tls, recv_lowat) 721 { 722 char send_mem[10] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 }; 723 char recv_mem[20]; 724 int lowat = 8; 725 726 EXPECT_EQ(send(self->fd, send_mem, 10, 0), 10); 727 EXPECT_EQ(send(self->fd, send_mem, 5, 0), 5); 728 729 memset(recv_mem, 0, 20); 730 EXPECT_EQ(setsockopt(self->cfd, SOL_SOCKET, SO_RCVLOWAT, 731 &lowat, sizeof(lowat)), 0); 732 EXPECT_EQ(recv(self->cfd, recv_mem, 1, MSG_WAITALL), 1); 733 EXPECT_EQ(recv(self->cfd, recv_mem + 1, 6, MSG_WAITALL), 6); 734 EXPECT_EQ(recv(self->cfd, recv_mem + 7, 10, 0), 8); 735 736 EXPECT_EQ(memcmp(send_mem, recv_mem, 10), 0); 737 EXPECT_EQ(memcmp(send_mem, recv_mem + 10, 5), 0); 738 } 739 740 TEST_F(tls, bidir) 741 { 742 char const *test_str = "test_read"; 743 int send_len = 10; 744 char buf[10]; 745 int ret; 746 747 if (!self->notls) { 748 struct tls12_crypto_info_aes_gcm_128 tls12; 749 750 memset(&tls12, 0, sizeof(tls12)); 751 tls12.info.version = variant->tls_version; 752 tls12.info.cipher_type = TLS_CIPHER_AES_GCM_128; 753 754 ret = setsockopt(self->fd, SOL_TLS, TLS_RX, &tls12, 755 sizeof(tls12)); 756 ASSERT_EQ(ret, 0); 757 758 ret = setsockopt(self->cfd, SOL_TLS, TLS_TX, &tls12, 759 sizeof(tls12)); 760 ASSERT_EQ(ret, 0); 761 } 762 763 ASSERT_EQ(strlen(test_str) + 1, send_len); 764 765 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 766 EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1); 767 EXPECT_EQ(memcmp(buf, test_str, send_len), 0); 768 769 memset(buf, 0, sizeof(buf)); 770 771 EXPECT_EQ(send(self->cfd, test_str, send_len, 0), send_len); 772 EXPECT_NE(recv(self->fd, buf, send_len, 0), -1); 773 EXPECT_EQ(memcmp(buf, test_str, send_len), 0); 774 }; 775 776 TEST_F(tls, pollin) 777 { 778 char const *test_str = "test_poll"; 779 struct pollfd fd = { 0, 0, 0 }; 780 char buf[10]; 781 int send_len = 10; 782 783 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 784 fd.fd = self->cfd; 785 fd.events = POLLIN; 786 787 EXPECT_EQ(poll(&fd, 1, 20), 1); 788 EXPECT_EQ(fd.revents & POLLIN, 1); 789 EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_WAITALL), send_len); 790 /* Test timing out */ 791 EXPECT_EQ(poll(&fd, 1, 20), 0); 792 } 793 794 TEST_F(tls, poll_wait) 795 { 796 char const *test_str = "test_poll_wait"; 797 int send_len = strlen(test_str) + 1; 798 struct pollfd fd = { 0, 0, 0 }; 799 char recv_mem[15]; 800 801 fd.fd = self->cfd; 802 fd.events = POLLIN; 803 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 804 /* Set timeout to inf. secs */ 805 EXPECT_EQ(poll(&fd, 1, -1), 1); 806 EXPECT_EQ(fd.revents & POLLIN, 1); 807 EXPECT_EQ(recv(self->cfd, recv_mem, send_len, MSG_WAITALL), send_len); 808 } 809 810 TEST_F(tls, poll_wait_split) 811 { 812 struct pollfd fd = { 0, 0, 0 }; 813 char send_mem[20] = {}; 814 char recv_mem[15]; 815 816 fd.fd = self->cfd; 817 fd.events = POLLIN; 818 /* Send 20 bytes */ 819 EXPECT_EQ(send(self->fd, send_mem, sizeof(send_mem), 0), 820 sizeof(send_mem)); 821 /* Poll with inf. timeout */ 822 EXPECT_EQ(poll(&fd, 1, -1), 1); 823 EXPECT_EQ(fd.revents & POLLIN, 1); 824 EXPECT_EQ(recv(self->cfd, recv_mem, sizeof(recv_mem), MSG_WAITALL), 825 sizeof(recv_mem)); 826 827 /* Now the remaining 5 bytes of record data are in TLS ULP */ 828 fd.fd = self->cfd; 829 fd.events = POLLIN; 830 EXPECT_EQ(poll(&fd, 1, -1), 1); 831 EXPECT_EQ(fd.revents & POLLIN, 1); 832 EXPECT_EQ(recv(self->cfd, recv_mem, sizeof(recv_mem), 0), 833 sizeof(send_mem) - sizeof(recv_mem)); 834 } 835 836 TEST_F(tls, blocking) 837 { 838 size_t data = 100000; 839 int res = fork(); 840 841 EXPECT_NE(res, -1); 842 843 if (res) { 844 /* parent */ 845 size_t left = data; 846 char buf[16384]; 847 int status; 848 int pid2; 849 850 while (left) { 851 int res = send(self->fd, buf, 852 left > 16384 ? 16384 : left, 0); 853 854 EXPECT_GE(res, 0); 855 left -= res; 856 } 857 858 pid2 = wait(&status); 859 EXPECT_EQ(status, 0); 860 EXPECT_EQ(res, pid2); 861 } else { 862 /* child */ 863 size_t left = data; 864 char buf[16384]; 865 866 while (left) { 867 int res = recv(self->cfd, buf, 868 left > 16384 ? 16384 : left, 0); 869 870 EXPECT_GE(res, 0); 871 left -= res; 872 } 873 } 874 } 875 876 TEST_F(tls, nonblocking) 877 { 878 size_t data = 100000; 879 int sendbuf = 100; 880 int flags; 881 int res; 882 883 flags = fcntl(self->fd, F_GETFL, 0); 884 fcntl(self->fd, F_SETFL, flags | O_NONBLOCK); 885 fcntl(self->cfd, F_SETFL, flags | O_NONBLOCK); 886 887 /* Ensure nonblocking behavior by imposing a small send 888 * buffer. 889 */ 890 EXPECT_EQ(setsockopt(self->fd, SOL_SOCKET, SO_SNDBUF, 891 &sendbuf, sizeof(sendbuf)), 0); 892 893 res = fork(); 894 EXPECT_NE(res, -1); 895 896 if (res) { 897 /* parent */ 898 bool eagain = false; 899 size_t left = data; 900 char buf[16384]; 901 int status; 902 int pid2; 903 904 while (left) { 905 int res = send(self->fd, buf, 906 left > 16384 ? 16384 : left, 0); 907 908 if (res == -1 && errno == EAGAIN) { 909 eagain = true; 910 usleep(10000); 911 continue; 912 } 913 EXPECT_GE(res, 0); 914 left -= res; 915 } 916 917 EXPECT_TRUE(eagain); 918 pid2 = wait(&status); 919 920 EXPECT_EQ(status, 0); 921 EXPECT_EQ(res, pid2); 922 } else { 923 /* child */ 924 bool eagain = false; 925 size_t left = data; 926 char buf[16384]; 927 928 while (left) { 929 int res = recv(self->cfd, buf, 930 left > 16384 ? 16384 : left, 0); 931 932 if (res == -1 && errno == EAGAIN) { 933 eagain = true; 934 usleep(10000); 935 continue; 936 } 937 EXPECT_GE(res, 0); 938 left -= res; 939 } 940 EXPECT_TRUE(eagain); 941 } 942 } 943 944 static void 945 test_mutliproc(struct __test_metadata *_metadata, struct _test_data_tls *self, 946 bool sendpg, unsigned int n_readers, unsigned int n_writers) 947 { 948 const unsigned int n_children = n_readers + n_writers; 949 const size_t data = 6 * 1000 * 1000; 950 const size_t file_sz = data / 100; 951 size_t read_bias, write_bias; 952 int i, fd, child_id; 953 char buf[file_sz]; 954 pid_t pid; 955 956 /* Only allow multiples for simplicity */ 957 ASSERT_EQ(!(n_readers % n_writers) || !(n_writers % n_readers), true); 958 read_bias = n_writers / n_readers ?: 1; 959 write_bias = n_readers / n_writers ?: 1; 960 961 /* prep a file to send */ 962 fd = open("/tmp/", O_TMPFILE | O_RDWR, 0600); 963 ASSERT_GE(fd, 0); 964 965 memset(buf, 0xac, file_sz); 966 ASSERT_EQ(write(fd, buf, file_sz), file_sz); 967 968 /* spawn children */ 969 for (child_id = 0; child_id < n_children; child_id++) { 970 pid = fork(); 971 ASSERT_NE(pid, -1); 972 if (!pid) 973 break; 974 } 975 976 /* parent waits for all children */ 977 if (pid) { 978 for (i = 0; i < n_children; i++) { 979 int status; 980 981 wait(&status); 982 EXPECT_EQ(status, 0); 983 } 984 985 return; 986 } 987 988 /* Split threads for reading and writing */ 989 if (child_id < n_readers) { 990 size_t left = data * read_bias; 991 char rb[8001]; 992 993 while (left) { 994 int res; 995 996 res = recv(self->cfd, rb, 997 left > sizeof(rb) ? sizeof(rb) : left, 0); 998 999 EXPECT_GE(res, 0); 1000 left -= res; 1001 } 1002 } else { 1003 size_t left = data * write_bias; 1004 1005 while (left) { 1006 int res; 1007 1008 ASSERT_EQ(lseek(fd, 0, SEEK_SET), 0); 1009 if (sendpg) 1010 res = sendfile(self->fd, fd, NULL, 1011 left > file_sz ? file_sz : left); 1012 else 1013 res = send(self->fd, buf, 1014 left > file_sz ? file_sz : left, 0); 1015 1016 EXPECT_GE(res, 0); 1017 left -= res; 1018 } 1019 } 1020 } 1021 1022 TEST_F(tls, mutliproc_even) 1023 { 1024 test_mutliproc(_metadata, self, false, 6, 6); 1025 } 1026 1027 TEST_F(tls, mutliproc_readers) 1028 { 1029 test_mutliproc(_metadata, self, false, 4, 12); 1030 } 1031 1032 TEST_F(tls, mutliproc_writers) 1033 { 1034 test_mutliproc(_metadata, self, false, 10, 2); 1035 } 1036 1037 TEST_F(tls, mutliproc_sendpage_even) 1038 { 1039 test_mutliproc(_metadata, self, true, 6, 6); 1040 } 1041 1042 TEST_F(tls, mutliproc_sendpage_readers) 1043 { 1044 test_mutliproc(_metadata, self, true, 4, 12); 1045 } 1046 1047 TEST_F(tls, mutliproc_sendpage_writers) 1048 { 1049 test_mutliproc(_metadata, self, true, 10, 2); 1050 } 1051 1052 TEST_F(tls, control_msg) 1053 { 1054 if (self->notls) 1055 return; 1056 1057 char cbuf[CMSG_SPACE(sizeof(char))]; 1058 char const *test_str = "test_read"; 1059 int cmsg_len = sizeof(char); 1060 char record_type = 100; 1061 struct cmsghdr *cmsg; 1062 struct msghdr msg; 1063 int send_len = 10; 1064 struct iovec vec; 1065 char buf[10]; 1066 1067 vec.iov_base = (char *)test_str; 1068 vec.iov_len = 10; 1069 memset(&msg, 0, sizeof(struct msghdr)); 1070 msg.msg_iov = &vec; 1071 msg.msg_iovlen = 1; 1072 msg.msg_control = cbuf; 1073 msg.msg_controllen = sizeof(cbuf); 1074 cmsg = CMSG_FIRSTHDR(&msg); 1075 cmsg->cmsg_level = SOL_TLS; 1076 /* test sending non-record types. */ 1077 cmsg->cmsg_type = TLS_SET_RECORD_TYPE; 1078 cmsg->cmsg_len = CMSG_LEN(cmsg_len); 1079 *CMSG_DATA(cmsg) = record_type; 1080 msg.msg_controllen = cmsg->cmsg_len; 1081 1082 EXPECT_EQ(sendmsg(self->fd, &msg, 0), send_len); 1083 /* Should fail because we didn't provide a control message */ 1084 EXPECT_EQ(recv(self->cfd, buf, send_len, 0), -1); 1085 1086 vec.iov_base = buf; 1087 EXPECT_EQ(recvmsg(self->cfd, &msg, MSG_WAITALL | MSG_PEEK), send_len); 1088 1089 cmsg = CMSG_FIRSTHDR(&msg); 1090 EXPECT_NE(cmsg, NULL); 1091 EXPECT_EQ(cmsg->cmsg_level, SOL_TLS); 1092 EXPECT_EQ(cmsg->cmsg_type, TLS_GET_RECORD_TYPE); 1093 record_type = *((unsigned char *)CMSG_DATA(cmsg)); 1094 EXPECT_EQ(record_type, 100); 1095 EXPECT_EQ(memcmp(buf, test_str, send_len), 0); 1096 1097 /* Recv the message again without MSG_PEEK */ 1098 record_type = 0; 1099 memset(buf, 0, sizeof(buf)); 1100 1101 EXPECT_EQ(recvmsg(self->cfd, &msg, MSG_WAITALL), send_len); 1102 cmsg = CMSG_FIRSTHDR(&msg); 1103 EXPECT_NE(cmsg, NULL); 1104 EXPECT_EQ(cmsg->cmsg_level, SOL_TLS); 1105 EXPECT_EQ(cmsg->cmsg_type, TLS_GET_RECORD_TYPE); 1106 record_type = *((unsigned char *)CMSG_DATA(cmsg)); 1107 EXPECT_EQ(record_type, 100); 1108 EXPECT_EQ(memcmp(buf, test_str, send_len), 0); 1109 } 1110 1111 TEST_F(tls, shutdown) 1112 { 1113 char const *test_str = "test_read"; 1114 int send_len = 10; 1115 char buf[10]; 1116 1117 ASSERT_EQ(strlen(test_str) + 1, send_len); 1118 1119 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 1120 EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1); 1121 EXPECT_EQ(memcmp(buf, test_str, send_len), 0); 1122 1123 shutdown(self->fd, SHUT_RDWR); 1124 shutdown(self->cfd, SHUT_RDWR); 1125 } 1126 1127 TEST_F(tls, shutdown_unsent) 1128 { 1129 char const *test_str = "test_read"; 1130 int send_len = 10; 1131 1132 EXPECT_EQ(send(self->fd, test_str, send_len, MSG_MORE), send_len); 1133 1134 shutdown(self->fd, SHUT_RDWR); 1135 shutdown(self->cfd, SHUT_RDWR); 1136 } 1137 1138 TEST_F(tls, shutdown_reuse) 1139 { 1140 struct sockaddr_in addr; 1141 int ret; 1142 1143 shutdown(self->fd, SHUT_RDWR); 1144 shutdown(self->cfd, SHUT_RDWR); 1145 close(self->cfd); 1146 1147 addr.sin_family = AF_INET; 1148 addr.sin_addr.s_addr = htonl(INADDR_ANY); 1149 addr.sin_port = 0; 1150 1151 ret = bind(self->fd, &addr, sizeof(addr)); 1152 EXPECT_EQ(ret, 0); 1153 ret = listen(self->fd, 10); 1154 EXPECT_EQ(ret, -1); 1155 EXPECT_EQ(errno, EINVAL); 1156 1157 ret = connect(self->fd, &addr, sizeof(addr)); 1158 EXPECT_EQ(ret, -1); 1159 EXPECT_EQ(errno, EISCONN); 1160 } 1161 1162 TEST(non_established) { 1163 struct tls12_crypto_info_aes_gcm_256 tls12; 1164 struct sockaddr_in addr; 1165 int sfd, ret, fd; 1166 socklen_t len; 1167 1168 len = sizeof(addr); 1169 1170 memset(&tls12, 0, sizeof(tls12)); 1171 tls12.info.version = TLS_1_2_VERSION; 1172 tls12.info.cipher_type = TLS_CIPHER_AES_GCM_256; 1173 1174 addr.sin_family = AF_INET; 1175 addr.sin_addr.s_addr = htonl(INADDR_ANY); 1176 addr.sin_port = 0; 1177 1178 fd = socket(AF_INET, SOCK_STREAM, 0); 1179 sfd = socket(AF_INET, SOCK_STREAM, 0); 1180 1181 ret = bind(sfd, &addr, sizeof(addr)); 1182 ASSERT_EQ(ret, 0); 1183 ret = listen(sfd, 10); 1184 ASSERT_EQ(ret, 0); 1185 1186 ret = setsockopt(fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")); 1187 EXPECT_EQ(ret, -1); 1188 /* TLS ULP not supported */ 1189 if (errno == ENOENT) 1190 return; 1191 EXPECT_EQ(errno, ENOTCONN); 1192 1193 ret = setsockopt(sfd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")); 1194 EXPECT_EQ(ret, -1); 1195 EXPECT_EQ(errno, ENOTCONN); 1196 1197 ret = getsockname(sfd, &addr, &len); 1198 ASSERT_EQ(ret, 0); 1199 1200 ret = connect(fd, &addr, sizeof(addr)); 1201 ASSERT_EQ(ret, 0); 1202 1203 ret = setsockopt(fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")); 1204 ASSERT_EQ(ret, 0); 1205 1206 ret = setsockopt(fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")); 1207 EXPECT_EQ(ret, -1); 1208 EXPECT_EQ(errno, EEXIST); 1209 1210 close(fd); 1211 close(sfd); 1212 } 1213 1214 TEST(keysizes) { 1215 struct tls12_crypto_info_aes_gcm_256 tls12; 1216 struct sockaddr_in addr; 1217 int sfd, ret, fd, cfd; 1218 socklen_t len; 1219 bool notls; 1220 1221 notls = false; 1222 len = sizeof(addr); 1223 1224 memset(&tls12, 0, sizeof(tls12)); 1225 tls12.info.version = TLS_1_2_VERSION; 1226 tls12.info.cipher_type = TLS_CIPHER_AES_GCM_256; 1227 1228 addr.sin_family = AF_INET; 1229 addr.sin_addr.s_addr = htonl(INADDR_ANY); 1230 addr.sin_port = 0; 1231 1232 fd = socket(AF_INET, SOCK_STREAM, 0); 1233 sfd = socket(AF_INET, SOCK_STREAM, 0); 1234 1235 ret = bind(sfd, &addr, sizeof(addr)); 1236 ASSERT_EQ(ret, 0); 1237 ret = listen(sfd, 10); 1238 ASSERT_EQ(ret, 0); 1239 1240 ret = getsockname(sfd, &addr, &len); 1241 ASSERT_EQ(ret, 0); 1242 1243 ret = connect(fd, &addr, sizeof(addr)); 1244 ASSERT_EQ(ret, 0); 1245 1246 ret = setsockopt(fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")); 1247 if (ret != 0) { 1248 notls = true; 1249 printf("Failure setting TCP_ULP, testing without tls\n"); 1250 } 1251 1252 if (!notls) { 1253 ret = setsockopt(fd, SOL_TLS, TLS_TX, &tls12, 1254 sizeof(tls12)); 1255 EXPECT_EQ(ret, 0); 1256 } 1257 1258 cfd = accept(sfd, &addr, &len); 1259 ASSERT_GE(cfd, 0); 1260 1261 if (!notls) { 1262 ret = setsockopt(cfd, IPPROTO_TCP, TCP_ULP, "tls", 1263 sizeof("tls")); 1264 EXPECT_EQ(ret, 0); 1265 1266 ret = setsockopt(cfd, SOL_TLS, TLS_RX, &tls12, 1267 sizeof(tls12)); 1268 EXPECT_EQ(ret, 0); 1269 } 1270 1271 close(sfd); 1272 close(fd); 1273 close(cfd); 1274 } 1275 1276 TEST_HARNESS_MAIN 1277