1 // SPDX-License-Identifier: GPL-2.0 2 3 #define _GNU_SOURCE 4 5 #include <arpa/inet.h> 6 #include <errno.h> 7 #include <error.h> 8 #include <fcntl.h> 9 #include <poll.h> 10 #include <stdio.h> 11 #include <stdlib.h> 12 #include <unistd.h> 13 14 #include <linux/tls.h> 15 #include <linux/tcp.h> 16 #include <linux/socket.h> 17 18 #include <sys/types.h> 19 #include <sys/sendfile.h> 20 #include <sys/socket.h> 21 #include <sys/stat.h> 22 23 #include "../kselftest_harness.h" 24 25 #define TLS_PAYLOAD_MAX_LEN 16384 26 #define SOL_TLS 282 27 28 FIXTURE(tls_basic) 29 { 30 int fd, cfd; 31 bool notls; 32 }; 33 34 FIXTURE_SETUP(tls_basic) 35 { 36 struct sockaddr_in addr; 37 socklen_t len; 38 int sfd, ret; 39 40 self->notls = false; 41 len = sizeof(addr); 42 43 addr.sin_family = AF_INET; 44 addr.sin_addr.s_addr = htonl(INADDR_ANY); 45 addr.sin_port = 0; 46 47 self->fd = socket(AF_INET, SOCK_STREAM, 0); 48 sfd = socket(AF_INET, SOCK_STREAM, 0); 49 50 ret = bind(sfd, &addr, sizeof(addr)); 51 ASSERT_EQ(ret, 0); 52 ret = listen(sfd, 10); 53 ASSERT_EQ(ret, 0); 54 55 ret = getsockname(sfd, &addr, &len); 56 ASSERT_EQ(ret, 0); 57 58 ret = connect(self->fd, &addr, sizeof(addr)); 59 ASSERT_EQ(ret, 0); 60 61 self->cfd = accept(sfd, &addr, &len); 62 ASSERT_GE(self->cfd, 0); 63 64 close(sfd); 65 66 ret = setsockopt(self->fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")); 67 if (ret != 0) { 68 ASSERT_EQ(errno, ENOENT); 69 self->notls = true; 70 printf("Failure setting TCP_ULP, testing without tls\n"); 71 return; 72 } 73 74 ret = setsockopt(self->cfd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")); 75 ASSERT_EQ(ret, 0); 76 } 77 78 FIXTURE_TEARDOWN(tls_basic) 79 { 80 close(self->fd); 81 close(self->cfd); 82 } 83 84 /* Send some data through with ULP but no keys */ 85 TEST_F(tls_basic, base_base) 86 { 87 char const *test_str = "test_read"; 88 int send_len = 10; 89 char buf[10]; 90 91 ASSERT_EQ(strlen(test_str) + 1, send_len); 92 93 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 94 EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1); 95 EXPECT_EQ(memcmp(buf, test_str, send_len), 0); 96 }; 97 98 FIXTURE(tls) 99 { 100 int fd, cfd; 101 bool notls; 102 }; 103 104 FIXTURE_SETUP(tls) 105 { 106 struct tls12_crypto_info_aes_gcm_128 tls12; 107 struct sockaddr_in addr; 108 socklen_t len; 109 int sfd, ret; 110 111 self->notls = false; 112 len = sizeof(addr); 113 114 memset(&tls12, 0, sizeof(tls12)); 115 tls12.info.version = TLS_1_3_VERSION; 116 tls12.info.cipher_type = TLS_CIPHER_AES_GCM_128; 117 118 addr.sin_family = AF_INET; 119 addr.sin_addr.s_addr = htonl(INADDR_ANY); 120 addr.sin_port = 0; 121 122 self->fd = socket(AF_INET, SOCK_STREAM, 0); 123 sfd = socket(AF_INET, SOCK_STREAM, 0); 124 125 ret = bind(sfd, &addr, sizeof(addr)); 126 ASSERT_EQ(ret, 0); 127 ret = listen(sfd, 10); 128 ASSERT_EQ(ret, 0); 129 130 ret = getsockname(sfd, &addr, &len); 131 ASSERT_EQ(ret, 0); 132 133 ret = connect(self->fd, &addr, sizeof(addr)); 134 ASSERT_EQ(ret, 0); 135 136 ret = setsockopt(self->fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")); 137 if (ret != 0) { 138 self->notls = true; 139 printf("Failure setting TCP_ULP, testing without tls\n"); 140 } 141 142 if (!self->notls) { 143 ret = setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, 144 sizeof(tls12)); 145 ASSERT_EQ(ret, 0); 146 } 147 148 self->cfd = accept(sfd, &addr, &len); 149 ASSERT_GE(self->cfd, 0); 150 151 if (!self->notls) { 152 ret = setsockopt(self->cfd, IPPROTO_TCP, TCP_ULP, "tls", 153 sizeof("tls")); 154 ASSERT_EQ(ret, 0); 155 156 ret = setsockopt(self->cfd, SOL_TLS, TLS_RX, &tls12, 157 sizeof(tls12)); 158 ASSERT_EQ(ret, 0); 159 } 160 161 close(sfd); 162 } 163 164 FIXTURE_TEARDOWN(tls) 165 { 166 close(self->fd); 167 close(self->cfd); 168 } 169 170 TEST_F(tls, sendfile) 171 { 172 int filefd = open("/proc/self/exe", O_RDONLY); 173 struct stat st; 174 175 EXPECT_GE(filefd, 0); 176 fstat(filefd, &st); 177 EXPECT_GE(sendfile(self->fd, filefd, 0, st.st_size), 0); 178 } 179 180 TEST_F(tls, send_then_sendfile) 181 { 182 int filefd = open("/proc/self/exe", O_RDONLY); 183 char const *test_str = "test_send"; 184 int to_send = strlen(test_str) + 1; 185 char recv_buf[10]; 186 struct stat st; 187 char *buf; 188 189 EXPECT_GE(filefd, 0); 190 fstat(filefd, &st); 191 buf = (char *)malloc(st.st_size); 192 193 EXPECT_EQ(send(self->fd, test_str, to_send, 0), to_send); 194 EXPECT_EQ(recv(self->cfd, recv_buf, to_send, MSG_WAITALL), to_send); 195 EXPECT_EQ(memcmp(test_str, recv_buf, to_send), 0); 196 197 EXPECT_GE(sendfile(self->fd, filefd, 0, st.st_size), 0); 198 EXPECT_EQ(recv(self->cfd, buf, st.st_size, MSG_WAITALL), st.st_size); 199 } 200 201 TEST_F(tls, recv_max) 202 { 203 unsigned int send_len = TLS_PAYLOAD_MAX_LEN; 204 char recv_mem[TLS_PAYLOAD_MAX_LEN]; 205 char buf[TLS_PAYLOAD_MAX_LEN]; 206 207 EXPECT_GE(send(self->fd, buf, send_len, 0), 0); 208 EXPECT_NE(recv(self->cfd, recv_mem, send_len, 0), -1); 209 EXPECT_EQ(memcmp(buf, recv_mem, send_len), 0); 210 } 211 212 TEST_F(tls, recv_small) 213 { 214 char const *test_str = "test_read"; 215 int send_len = 10; 216 char buf[10]; 217 218 send_len = strlen(test_str) + 1; 219 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 220 EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1); 221 EXPECT_EQ(memcmp(buf, test_str, send_len), 0); 222 } 223 224 TEST_F(tls, msg_more) 225 { 226 char const *test_str = "test_read"; 227 int send_len = 10; 228 char buf[10 * 2]; 229 230 EXPECT_EQ(send(self->fd, test_str, send_len, MSG_MORE), send_len); 231 EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_DONTWAIT), -1); 232 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 233 EXPECT_EQ(recv(self->cfd, buf, send_len * 2, MSG_WAITALL), 234 send_len * 2); 235 EXPECT_EQ(memcmp(buf, test_str, send_len), 0); 236 } 237 238 TEST_F(tls, msg_more_unsent) 239 { 240 char const *test_str = "test_read"; 241 int send_len = 10; 242 char buf[10]; 243 244 EXPECT_EQ(send(self->fd, test_str, send_len, MSG_MORE), send_len); 245 EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_DONTWAIT), -1); 246 } 247 248 TEST_F(tls, sendmsg_single) 249 { 250 struct msghdr msg; 251 252 char const *test_str = "test_sendmsg"; 253 size_t send_len = 13; 254 struct iovec vec; 255 char buf[13]; 256 257 vec.iov_base = (char *)test_str; 258 vec.iov_len = send_len; 259 memset(&msg, 0, sizeof(struct msghdr)); 260 msg.msg_iov = &vec; 261 msg.msg_iovlen = 1; 262 EXPECT_EQ(sendmsg(self->fd, &msg, 0), send_len); 263 EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_WAITALL), send_len); 264 EXPECT_EQ(memcmp(buf, test_str, send_len), 0); 265 } 266 267 #define MAX_FRAGS 64 268 #define SEND_LEN 13 269 TEST_F(tls, sendmsg_fragmented) 270 { 271 char const *test_str = "test_sendmsg"; 272 char buf[SEND_LEN * MAX_FRAGS]; 273 struct iovec vec[MAX_FRAGS]; 274 struct msghdr msg; 275 int i, frags; 276 277 for (frags = 1; frags <= MAX_FRAGS; frags++) { 278 for (i = 0; i < frags; i++) { 279 vec[i].iov_base = (char *)test_str; 280 vec[i].iov_len = SEND_LEN; 281 } 282 283 memset(&msg, 0, sizeof(struct msghdr)); 284 msg.msg_iov = vec; 285 msg.msg_iovlen = frags; 286 287 EXPECT_EQ(sendmsg(self->fd, &msg, 0), SEND_LEN * frags); 288 EXPECT_EQ(recv(self->cfd, buf, SEND_LEN * frags, MSG_WAITALL), 289 SEND_LEN * frags); 290 291 for (i = 0; i < frags; i++) 292 EXPECT_EQ(memcmp(buf + SEND_LEN * i, 293 test_str, SEND_LEN), 0); 294 } 295 } 296 #undef MAX_FRAGS 297 #undef SEND_LEN 298 299 TEST_F(tls, sendmsg_large) 300 { 301 void *mem = malloc(16384); 302 size_t send_len = 16384; 303 size_t sends = 128; 304 struct msghdr msg; 305 size_t recvs = 0; 306 size_t sent = 0; 307 308 memset(&msg, 0, sizeof(struct msghdr)); 309 while (sent++ < sends) { 310 struct iovec vec = { (void *)mem, send_len }; 311 312 msg.msg_iov = &vec; 313 msg.msg_iovlen = 1; 314 EXPECT_EQ(sendmsg(self->cfd, &msg, 0), send_len); 315 } 316 317 while (recvs++ < sends) 318 EXPECT_NE(recv(self->fd, mem, send_len, 0), -1); 319 320 free(mem); 321 } 322 323 TEST_F(tls, sendmsg_multiple) 324 { 325 char const *test_str = "test_sendmsg_multiple"; 326 struct iovec vec[5]; 327 char *test_strs[5]; 328 struct msghdr msg; 329 int total_len = 0; 330 int len_cmp = 0; 331 int iov_len = 5; 332 char *buf; 333 int i; 334 335 memset(&msg, 0, sizeof(struct msghdr)); 336 for (i = 0; i < iov_len; i++) { 337 test_strs[i] = (char *)malloc(strlen(test_str) + 1); 338 snprintf(test_strs[i], strlen(test_str) + 1, "%s", test_str); 339 vec[i].iov_base = (void *)test_strs[i]; 340 vec[i].iov_len = strlen(test_strs[i]) + 1; 341 total_len += vec[i].iov_len; 342 } 343 msg.msg_iov = vec; 344 msg.msg_iovlen = iov_len; 345 346 EXPECT_EQ(sendmsg(self->cfd, &msg, 0), total_len); 347 buf = malloc(total_len); 348 EXPECT_NE(recv(self->fd, buf, total_len, 0), -1); 349 for (i = 0; i < iov_len; i++) { 350 EXPECT_EQ(memcmp(test_strs[i], buf + len_cmp, 351 strlen(test_strs[i])), 352 0); 353 len_cmp += strlen(buf + len_cmp) + 1; 354 } 355 for (i = 0; i < iov_len; i++) 356 free(test_strs[i]); 357 free(buf); 358 } 359 360 TEST_F(tls, sendmsg_multiple_stress) 361 { 362 char const *test_str = "abcdefghijklmno"; 363 struct iovec vec[1024]; 364 char *test_strs[1024]; 365 int iov_len = 1024; 366 int total_len = 0; 367 char buf[1 << 14]; 368 struct msghdr msg; 369 int len_cmp = 0; 370 int i; 371 372 memset(&msg, 0, sizeof(struct msghdr)); 373 for (i = 0; i < iov_len; i++) { 374 test_strs[i] = (char *)malloc(strlen(test_str) + 1); 375 snprintf(test_strs[i], strlen(test_str) + 1, "%s", test_str); 376 vec[i].iov_base = (void *)test_strs[i]; 377 vec[i].iov_len = strlen(test_strs[i]) + 1; 378 total_len += vec[i].iov_len; 379 } 380 msg.msg_iov = vec; 381 msg.msg_iovlen = iov_len; 382 383 EXPECT_EQ(sendmsg(self->fd, &msg, 0), total_len); 384 EXPECT_NE(recv(self->cfd, buf, total_len, 0), -1); 385 386 for (i = 0; i < iov_len; i++) 387 len_cmp += strlen(buf + len_cmp) + 1; 388 389 for (i = 0; i < iov_len; i++) 390 free(test_strs[i]); 391 } 392 393 TEST_F(tls, splice_from_pipe) 394 { 395 int send_len = TLS_PAYLOAD_MAX_LEN; 396 char mem_send[TLS_PAYLOAD_MAX_LEN]; 397 char mem_recv[TLS_PAYLOAD_MAX_LEN]; 398 int p[2]; 399 400 ASSERT_GE(pipe(p), 0); 401 EXPECT_GE(write(p[1], mem_send, send_len), 0); 402 EXPECT_GE(splice(p[0], NULL, self->fd, NULL, send_len, 0), 0); 403 EXPECT_EQ(recv(self->cfd, mem_recv, send_len, MSG_WAITALL), send_len); 404 EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0); 405 } 406 407 TEST_F(tls, splice_from_pipe2) 408 { 409 int send_len = 16000; 410 char mem_send[16000]; 411 char mem_recv[16000]; 412 int p2[2]; 413 int p[2]; 414 415 ASSERT_GE(pipe(p), 0); 416 ASSERT_GE(pipe(p2), 0); 417 EXPECT_GE(write(p[1], mem_send, 8000), 0); 418 EXPECT_GE(splice(p[0], NULL, self->fd, NULL, 8000, 0), 0); 419 EXPECT_GE(write(p2[1], mem_send + 8000, 8000), 0); 420 EXPECT_GE(splice(p2[0], NULL, self->fd, NULL, 8000, 0), 0); 421 EXPECT_EQ(recv(self->cfd, mem_recv, send_len, MSG_WAITALL), send_len); 422 EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0); 423 } 424 425 TEST_F(tls, send_and_splice) 426 { 427 int send_len = TLS_PAYLOAD_MAX_LEN; 428 char mem_send[TLS_PAYLOAD_MAX_LEN]; 429 char mem_recv[TLS_PAYLOAD_MAX_LEN]; 430 char const *test_str = "test_read"; 431 int send_len2 = 10; 432 char buf[10]; 433 int p[2]; 434 435 ASSERT_GE(pipe(p), 0); 436 EXPECT_EQ(send(self->fd, test_str, send_len2, 0), send_len2); 437 EXPECT_EQ(recv(self->cfd, buf, send_len2, MSG_WAITALL), send_len2); 438 EXPECT_EQ(memcmp(test_str, buf, send_len2), 0); 439 440 EXPECT_GE(write(p[1], mem_send, send_len), send_len); 441 EXPECT_GE(splice(p[0], NULL, self->fd, NULL, send_len, 0), send_len); 442 443 EXPECT_EQ(recv(self->cfd, mem_recv, send_len, MSG_WAITALL), send_len); 444 EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0); 445 } 446 447 TEST_F(tls, splice_to_pipe) 448 { 449 int send_len = TLS_PAYLOAD_MAX_LEN; 450 char mem_send[TLS_PAYLOAD_MAX_LEN]; 451 char mem_recv[TLS_PAYLOAD_MAX_LEN]; 452 int p[2]; 453 454 ASSERT_GE(pipe(p), 0); 455 EXPECT_GE(send(self->fd, mem_send, send_len, 0), 0); 456 EXPECT_GE(splice(self->cfd, NULL, p[1], NULL, send_len, 0), 0); 457 EXPECT_GE(read(p[0], mem_recv, send_len), 0); 458 EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0); 459 } 460 461 TEST_F(tls, recvmsg_single) 462 { 463 char const *test_str = "test_recvmsg_single"; 464 int send_len = strlen(test_str) + 1; 465 char buf[20]; 466 struct msghdr hdr; 467 struct iovec vec; 468 469 memset(&hdr, 0, sizeof(hdr)); 470 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 471 vec.iov_base = (char *)buf; 472 vec.iov_len = send_len; 473 hdr.msg_iovlen = 1; 474 hdr.msg_iov = &vec; 475 EXPECT_NE(recvmsg(self->cfd, &hdr, 0), -1); 476 EXPECT_EQ(memcmp(test_str, buf, send_len), 0); 477 } 478 479 TEST_F(tls, recvmsg_single_max) 480 { 481 int send_len = TLS_PAYLOAD_MAX_LEN; 482 char send_mem[TLS_PAYLOAD_MAX_LEN]; 483 char recv_mem[TLS_PAYLOAD_MAX_LEN]; 484 struct iovec vec; 485 struct msghdr hdr; 486 487 EXPECT_EQ(send(self->fd, send_mem, send_len, 0), send_len); 488 vec.iov_base = (char *)recv_mem; 489 vec.iov_len = TLS_PAYLOAD_MAX_LEN; 490 491 hdr.msg_iovlen = 1; 492 hdr.msg_iov = &vec; 493 EXPECT_NE(recvmsg(self->cfd, &hdr, 0), -1); 494 EXPECT_EQ(memcmp(send_mem, recv_mem, send_len), 0); 495 } 496 497 TEST_F(tls, recvmsg_multiple) 498 { 499 unsigned int msg_iovlen = 1024; 500 unsigned int len_compared = 0; 501 struct iovec vec[1024]; 502 char *iov_base[1024]; 503 unsigned int iov_len = 16; 504 int send_len = 1 << 14; 505 char buf[1 << 14]; 506 struct msghdr hdr; 507 int i; 508 509 EXPECT_EQ(send(self->fd, buf, send_len, 0), send_len); 510 for (i = 0; i < msg_iovlen; i++) { 511 iov_base[i] = (char *)malloc(iov_len); 512 vec[i].iov_base = iov_base[i]; 513 vec[i].iov_len = iov_len; 514 } 515 516 hdr.msg_iovlen = msg_iovlen; 517 hdr.msg_iov = vec; 518 EXPECT_NE(recvmsg(self->cfd, &hdr, 0), -1); 519 for (i = 0; i < msg_iovlen; i++) 520 len_compared += iov_len; 521 522 for (i = 0; i < msg_iovlen; i++) 523 free(iov_base[i]); 524 } 525 526 TEST_F(tls, single_send_multiple_recv) 527 { 528 unsigned int total_len = TLS_PAYLOAD_MAX_LEN * 2; 529 unsigned int send_len = TLS_PAYLOAD_MAX_LEN; 530 char send_mem[TLS_PAYLOAD_MAX_LEN * 2]; 531 char recv_mem[TLS_PAYLOAD_MAX_LEN * 2]; 532 533 EXPECT_GE(send(self->fd, send_mem, total_len, 0), 0); 534 memset(recv_mem, 0, total_len); 535 536 EXPECT_NE(recv(self->cfd, recv_mem, send_len, 0), -1); 537 EXPECT_NE(recv(self->cfd, recv_mem + send_len, send_len, 0), -1); 538 EXPECT_EQ(memcmp(send_mem, recv_mem, total_len), 0); 539 } 540 541 TEST_F(tls, multiple_send_single_recv) 542 { 543 unsigned int total_len = 2 * 10; 544 unsigned int send_len = 10; 545 char recv_mem[2 * 10]; 546 char send_mem[10]; 547 548 EXPECT_GE(send(self->fd, send_mem, send_len, 0), 0); 549 EXPECT_GE(send(self->fd, send_mem, send_len, 0), 0); 550 memset(recv_mem, 0, total_len); 551 EXPECT_EQ(recv(self->cfd, recv_mem, total_len, MSG_WAITALL), total_len); 552 553 EXPECT_EQ(memcmp(send_mem, recv_mem, send_len), 0); 554 EXPECT_EQ(memcmp(send_mem, recv_mem + send_len, send_len), 0); 555 } 556 557 TEST_F(tls, single_send_multiple_recv_non_align) 558 { 559 const unsigned int total_len = 15; 560 const unsigned int recv_len = 10; 561 char recv_mem[recv_len * 2]; 562 char send_mem[total_len]; 563 564 EXPECT_GE(send(self->fd, send_mem, total_len, 0), 0); 565 memset(recv_mem, 0, total_len); 566 567 EXPECT_EQ(recv(self->cfd, recv_mem, recv_len, 0), recv_len); 568 EXPECT_EQ(recv(self->cfd, recv_mem + recv_len, recv_len, 0), 5); 569 EXPECT_EQ(memcmp(send_mem, recv_mem, total_len), 0); 570 } 571 572 TEST_F(tls, recv_partial) 573 { 574 char const *test_str = "test_read_partial"; 575 char const *test_str_first = "test_read"; 576 char const *test_str_second = "_partial"; 577 int send_len = strlen(test_str) + 1; 578 char recv_mem[18]; 579 580 memset(recv_mem, 0, sizeof(recv_mem)); 581 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 582 EXPECT_NE(recv(self->cfd, recv_mem, strlen(test_str_first), 583 MSG_WAITALL), -1); 584 EXPECT_EQ(memcmp(test_str_first, recv_mem, strlen(test_str_first)), 0); 585 memset(recv_mem, 0, sizeof(recv_mem)); 586 EXPECT_NE(recv(self->cfd, recv_mem, strlen(test_str_second), 587 MSG_WAITALL), -1); 588 EXPECT_EQ(memcmp(test_str_second, recv_mem, strlen(test_str_second)), 589 0); 590 } 591 592 TEST_F(tls, recv_nonblock) 593 { 594 char buf[4096]; 595 bool err; 596 597 EXPECT_EQ(recv(self->cfd, buf, sizeof(buf), MSG_DONTWAIT), -1); 598 err = (errno == EAGAIN || errno == EWOULDBLOCK); 599 EXPECT_EQ(err, true); 600 } 601 602 TEST_F(tls, recv_peek) 603 { 604 char const *test_str = "test_read_peek"; 605 int send_len = strlen(test_str) + 1; 606 char buf[15]; 607 608 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 609 EXPECT_NE(recv(self->cfd, buf, send_len, MSG_PEEK), -1); 610 EXPECT_EQ(memcmp(test_str, buf, send_len), 0); 611 memset(buf, 0, sizeof(buf)); 612 EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1); 613 EXPECT_EQ(memcmp(test_str, buf, send_len), 0); 614 } 615 616 TEST_F(tls, recv_peek_multiple) 617 { 618 char const *test_str = "test_read_peek"; 619 int send_len = strlen(test_str) + 1; 620 unsigned int num_peeks = 100; 621 char buf[15]; 622 int i; 623 624 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 625 for (i = 0; i < num_peeks; i++) { 626 EXPECT_NE(recv(self->cfd, buf, send_len, MSG_PEEK), -1); 627 EXPECT_EQ(memcmp(test_str, buf, send_len), 0); 628 memset(buf, 0, sizeof(buf)); 629 } 630 EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1); 631 EXPECT_EQ(memcmp(test_str, buf, send_len), 0); 632 } 633 634 TEST_F(tls, recv_peek_multiple_records) 635 { 636 char const *test_str = "test_read_peek_mult_recs"; 637 char const *test_str_first = "test_read_peek"; 638 char const *test_str_second = "_mult_recs"; 639 int len; 640 char buf[64]; 641 642 len = strlen(test_str_first); 643 EXPECT_EQ(send(self->fd, test_str_first, len, 0), len); 644 645 len = strlen(test_str_second) + 1; 646 EXPECT_EQ(send(self->fd, test_str_second, len, 0), len); 647 648 len = strlen(test_str_first); 649 memset(buf, 0, len); 650 EXPECT_EQ(recv(self->cfd, buf, len, MSG_PEEK | MSG_WAITALL), len); 651 652 /* MSG_PEEK can only peek into the current record. */ 653 len = strlen(test_str_first); 654 EXPECT_EQ(memcmp(test_str_first, buf, len), 0); 655 656 len = strlen(test_str) + 1; 657 memset(buf, 0, len); 658 EXPECT_EQ(recv(self->cfd, buf, len, MSG_WAITALL), len); 659 660 /* Non-MSG_PEEK will advance strparser (and therefore record) 661 * however. 662 */ 663 len = strlen(test_str) + 1; 664 EXPECT_EQ(memcmp(test_str, buf, len), 0); 665 666 /* MSG_MORE will hold current record open, so later MSG_PEEK 667 * will see everything. 668 */ 669 len = strlen(test_str_first); 670 EXPECT_EQ(send(self->fd, test_str_first, len, MSG_MORE), len); 671 672 len = strlen(test_str_second) + 1; 673 EXPECT_EQ(send(self->fd, test_str_second, len, 0), len); 674 675 len = strlen(test_str) + 1; 676 memset(buf, 0, len); 677 EXPECT_EQ(recv(self->cfd, buf, len, MSG_PEEK | MSG_WAITALL), len); 678 679 len = strlen(test_str) + 1; 680 EXPECT_EQ(memcmp(test_str, buf, len), 0); 681 } 682 683 TEST_F(tls, recv_peek_large_buf_mult_recs) 684 { 685 char const *test_str = "test_read_peek_mult_recs"; 686 char const *test_str_first = "test_read_peek"; 687 char const *test_str_second = "_mult_recs"; 688 int len; 689 char buf[64]; 690 691 len = strlen(test_str_first); 692 EXPECT_EQ(send(self->fd, test_str_first, len, 0), len); 693 694 len = strlen(test_str_second) + 1; 695 EXPECT_EQ(send(self->fd, test_str_second, len, 0), len); 696 697 len = strlen(test_str) + 1; 698 memset(buf, 0, len); 699 EXPECT_NE((len = recv(self->cfd, buf, len, 700 MSG_PEEK | MSG_WAITALL)), -1); 701 len = strlen(test_str) + 1; 702 EXPECT_EQ(memcmp(test_str, buf, len), 0); 703 } 704 705 TEST_F(tls, recv_lowat) 706 { 707 char send_mem[10] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 }; 708 char recv_mem[20]; 709 int lowat = 8; 710 711 EXPECT_EQ(send(self->fd, send_mem, 10, 0), 10); 712 EXPECT_EQ(send(self->fd, send_mem, 5, 0), 5); 713 714 memset(recv_mem, 0, 20); 715 EXPECT_EQ(setsockopt(self->cfd, SOL_SOCKET, SO_RCVLOWAT, 716 &lowat, sizeof(lowat)), 0); 717 EXPECT_EQ(recv(self->cfd, recv_mem, 1, MSG_WAITALL), 1); 718 EXPECT_EQ(recv(self->cfd, recv_mem + 1, 6, MSG_WAITALL), 6); 719 EXPECT_EQ(recv(self->cfd, recv_mem + 7, 10, 0), 8); 720 721 EXPECT_EQ(memcmp(send_mem, recv_mem, 10), 0); 722 EXPECT_EQ(memcmp(send_mem, recv_mem + 10, 5), 0); 723 } 724 725 TEST_F(tls, recv_rcvbuf) 726 { 727 char send_mem[4096]; 728 char recv_mem[4096]; 729 int rcv_buf = 1024; 730 731 memset(send_mem, 0x1c, sizeof(send_mem)); 732 733 EXPECT_EQ(setsockopt(self->cfd, SOL_SOCKET, SO_RCVBUF, 734 &rcv_buf, sizeof(rcv_buf)), 0); 735 736 EXPECT_EQ(send(self->fd, send_mem, 512, 0), 512); 737 memset(recv_mem, 0, sizeof(recv_mem)); 738 EXPECT_EQ(recv(self->cfd, recv_mem, sizeof(recv_mem), 0), 512); 739 EXPECT_EQ(memcmp(send_mem, recv_mem, 512), 0); 740 741 if (self->notls) 742 return; 743 744 EXPECT_EQ(send(self->fd, send_mem, 4096, 0), 4096); 745 memset(recv_mem, 0, sizeof(recv_mem)); 746 EXPECT_EQ(recv(self->cfd, recv_mem, sizeof(recv_mem), 0), -1); 747 EXPECT_EQ(errno, EMSGSIZE); 748 749 EXPECT_EQ(recv(self->cfd, recv_mem, sizeof(recv_mem), 0), -1); 750 EXPECT_EQ(errno, EMSGSIZE); 751 } 752 753 TEST_F(tls, bidir) 754 { 755 char const *test_str = "test_read"; 756 int send_len = 10; 757 char buf[10]; 758 int ret; 759 760 if (!self->notls) { 761 struct tls12_crypto_info_aes_gcm_128 tls12; 762 763 memset(&tls12, 0, sizeof(tls12)); 764 tls12.info.version = TLS_1_3_VERSION; 765 tls12.info.cipher_type = TLS_CIPHER_AES_GCM_128; 766 767 ret = setsockopt(self->fd, SOL_TLS, TLS_RX, &tls12, 768 sizeof(tls12)); 769 ASSERT_EQ(ret, 0); 770 771 ret = setsockopt(self->cfd, SOL_TLS, TLS_TX, &tls12, 772 sizeof(tls12)); 773 ASSERT_EQ(ret, 0); 774 } 775 776 ASSERT_EQ(strlen(test_str) + 1, send_len); 777 778 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 779 EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1); 780 EXPECT_EQ(memcmp(buf, test_str, send_len), 0); 781 782 memset(buf, 0, sizeof(buf)); 783 784 EXPECT_EQ(send(self->cfd, test_str, send_len, 0), send_len); 785 EXPECT_NE(recv(self->fd, buf, send_len, 0), -1); 786 EXPECT_EQ(memcmp(buf, test_str, send_len), 0); 787 }; 788 789 TEST_F(tls, pollin) 790 { 791 char const *test_str = "test_poll"; 792 struct pollfd fd = { 0, 0, 0 }; 793 char buf[10]; 794 int send_len = 10; 795 796 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 797 fd.fd = self->cfd; 798 fd.events = POLLIN; 799 800 EXPECT_EQ(poll(&fd, 1, 20), 1); 801 EXPECT_EQ(fd.revents & POLLIN, 1); 802 EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_WAITALL), send_len); 803 /* Test timing out */ 804 EXPECT_EQ(poll(&fd, 1, 20), 0); 805 } 806 807 TEST_F(tls, poll_wait) 808 { 809 char const *test_str = "test_poll_wait"; 810 int send_len = strlen(test_str) + 1; 811 struct pollfd fd = { 0, 0, 0 }; 812 char recv_mem[15]; 813 814 fd.fd = self->cfd; 815 fd.events = POLLIN; 816 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 817 /* Set timeout to inf. secs */ 818 EXPECT_EQ(poll(&fd, 1, -1), 1); 819 EXPECT_EQ(fd.revents & POLLIN, 1); 820 EXPECT_EQ(recv(self->cfd, recv_mem, send_len, MSG_WAITALL), send_len); 821 } 822 823 TEST_F(tls, poll_wait_split) 824 { 825 struct pollfd fd = { 0, 0, 0 }; 826 char send_mem[20] = {}; 827 char recv_mem[15]; 828 829 fd.fd = self->cfd; 830 fd.events = POLLIN; 831 /* Send 20 bytes */ 832 EXPECT_EQ(send(self->fd, send_mem, sizeof(send_mem), 0), 833 sizeof(send_mem)); 834 /* Poll with inf. timeout */ 835 EXPECT_EQ(poll(&fd, 1, -1), 1); 836 EXPECT_EQ(fd.revents & POLLIN, 1); 837 EXPECT_EQ(recv(self->cfd, recv_mem, sizeof(recv_mem), MSG_WAITALL), 838 sizeof(recv_mem)); 839 840 /* Now the remaining 5 bytes of record data are in TLS ULP */ 841 fd.fd = self->cfd; 842 fd.events = POLLIN; 843 EXPECT_EQ(poll(&fd, 1, -1), 1); 844 EXPECT_EQ(fd.revents & POLLIN, 1); 845 EXPECT_EQ(recv(self->cfd, recv_mem, sizeof(recv_mem), 0), 846 sizeof(send_mem) - sizeof(recv_mem)); 847 } 848 849 TEST_F(tls, blocking) 850 { 851 size_t data = 100000; 852 int res = fork(); 853 854 EXPECT_NE(res, -1); 855 856 if (res) { 857 /* parent */ 858 size_t left = data; 859 char buf[16384]; 860 int status; 861 int pid2; 862 863 while (left) { 864 int res = send(self->fd, buf, 865 left > 16384 ? 16384 : left, 0); 866 867 EXPECT_GE(res, 0); 868 left -= res; 869 } 870 871 pid2 = wait(&status); 872 EXPECT_EQ(status, 0); 873 EXPECT_EQ(res, pid2); 874 } else { 875 /* child */ 876 size_t left = data; 877 char buf[16384]; 878 879 while (left) { 880 int res = recv(self->cfd, buf, 881 left > 16384 ? 16384 : left, 0); 882 883 EXPECT_GE(res, 0); 884 left -= res; 885 } 886 } 887 } 888 889 TEST_F(tls, nonblocking) 890 { 891 size_t data = 100000; 892 int sendbuf = 100; 893 int flags; 894 int res; 895 896 flags = fcntl(self->fd, F_GETFL, 0); 897 fcntl(self->fd, F_SETFL, flags | O_NONBLOCK); 898 fcntl(self->cfd, F_SETFL, flags | O_NONBLOCK); 899 900 /* Ensure nonblocking behavior by imposing a small send 901 * buffer. 902 */ 903 EXPECT_EQ(setsockopt(self->fd, SOL_SOCKET, SO_SNDBUF, 904 &sendbuf, sizeof(sendbuf)), 0); 905 906 res = fork(); 907 EXPECT_NE(res, -1); 908 909 if (res) { 910 /* parent */ 911 bool eagain = false; 912 size_t left = data; 913 char buf[16384]; 914 int status; 915 int pid2; 916 917 while (left) { 918 int res = send(self->fd, buf, 919 left > 16384 ? 16384 : left, 0); 920 921 if (res == -1 && errno == EAGAIN) { 922 eagain = true; 923 usleep(10000); 924 continue; 925 } 926 EXPECT_GE(res, 0); 927 left -= res; 928 } 929 930 EXPECT_TRUE(eagain); 931 pid2 = wait(&status); 932 933 EXPECT_EQ(status, 0); 934 EXPECT_EQ(res, pid2); 935 } else { 936 /* child */ 937 bool eagain = false; 938 size_t left = data; 939 char buf[16384]; 940 941 while (left) { 942 int res = recv(self->cfd, buf, 943 left > 16384 ? 16384 : left, 0); 944 945 if (res == -1 && errno == EAGAIN) { 946 eagain = true; 947 usleep(10000); 948 continue; 949 } 950 EXPECT_GE(res, 0); 951 left -= res; 952 } 953 EXPECT_TRUE(eagain); 954 } 955 } 956 957 static void 958 test_mutliproc(struct __test_metadata *_metadata, struct _test_data_tls *self, 959 bool sendpg, unsigned int n_readers, unsigned int n_writers) 960 { 961 const unsigned int n_children = n_readers + n_writers; 962 const size_t data = 6 * 1000 * 1000; 963 const size_t file_sz = data / 100; 964 size_t read_bias, write_bias; 965 int i, fd, child_id; 966 char buf[file_sz]; 967 pid_t pid; 968 969 /* Only allow multiples for simplicity */ 970 ASSERT_EQ(!(n_readers % n_writers) || !(n_writers % n_readers), true); 971 read_bias = n_writers / n_readers ?: 1; 972 write_bias = n_readers / n_writers ?: 1; 973 974 /* prep a file to send */ 975 fd = open("/tmp/", O_TMPFILE | O_RDWR, 0600); 976 ASSERT_GE(fd, 0); 977 978 memset(buf, 0xac, file_sz); 979 ASSERT_EQ(write(fd, buf, file_sz), file_sz); 980 981 /* spawn children */ 982 for (child_id = 0; child_id < n_children; child_id++) { 983 pid = fork(); 984 ASSERT_NE(pid, -1); 985 if (!pid) 986 break; 987 } 988 989 /* parent waits for all children */ 990 if (pid) { 991 for (i = 0; i < n_children; i++) { 992 int status; 993 994 wait(&status); 995 EXPECT_EQ(status, 0); 996 } 997 998 return; 999 } 1000 1001 /* Split threads for reading and writing */ 1002 if (child_id < n_readers) { 1003 size_t left = data * read_bias; 1004 char rb[8001]; 1005 1006 while (left) { 1007 int res; 1008 1009 res = recv(self->cfd, rb, 1010 left > sizeof(rb) ? sizeof(rb) : left, 0); 1011 1012 EXPECT_GE(res, 0); 1013 left -= res; 1014 } 1015 } else { 1016 size_t left = data * write_bias; 1017 1018 while (left) { 1019 int res; 1020 1021 ASSERT_EQ(lseek(fd, 0, SEEK_SET), 0); 1022 if (sendpg) 1023 res = sendfile(self->fd, fd, NULL, 1024 left > file_sz ? file_sz : left); 1025 else 1026 res = send(self->fd, buf, 1027 left > file_sz ? file_sz : left, 0); 1028 1029 EXPECT_GE(res, 0); 1030 left -= res; 1031 } 1032 } 1033 } 1034 1035 TEST_F(tls, mutliproc_even) 1036 { 1037 test_mutliproc(_metadata, self, false, 6, 6); 1038 } 1039 1040 TEST_F(tls, mutliproc_readers) 1041 { 1042 test_mutliproc(_metadata, self, false, 4, 12); 1043 } 1044 1045 TEST_F(tls, mutliproc_writers) 1046 { 1047 test_mutliproc(_metadata, self, false, 10, 2); 1048 } 1049 1050 TEST_F(tls, mutliproc_sendpage_even) 1051 { 1052 test_mutliproc(_metadata, self, true, 6, 6); 1053 } 1054 1055 TEST_F(tls, mutliproc_sendpage_readers) 1056 { 1057 test_mutliproc(_metadata, self, true, 4, 12); 1058 } 1059 1060 TEST_F(tls, mutliproc_sendpage_writers) 1061 { 1062 test_mutliproc(_metadata, self, true, 10, 2); 1063 } 1064 1065 TEST_F(tls, control_msg) 1066 { 1067 if (self->notls) 1068 return; 1069 1070 char cbuf[CMSG_SPACE(sizeof(char))]; 1071 char const *test_str = "test_read"; 1072 int cmsg_len = sizeof(char); 1073 char record_type = 100; 1074 struct cmsghdr *cmsg; 1075 struct msghdr msg; 1076 int send_len = 10; 1077 struct iovec vec; 1078 char buf[10]; 1079 1080 vec.iov_base = (char *)test_str; 1081 vec.iov_len = 10; 1082 memset(&msg, 0, sizeof(struct msghdr)); 1083 msg.msg_iov = &vec; 1084 msg.msg_iovlen = 1; 1085 msg.msg_control = cbuf; 1086 msg.msg_controllen = sizeof(cbuf); 1087 cmsg = CMSG_FIRSTHDR(&msg); 1088 cmsg->cmsg_level = SOL_TLS; 1089 /* test sending non-record types. */ 1090 cmsg->cmsg_type = TLS_SET_RECORD_TYPE; 1091 cmsg->cmsg_len = CMSG_LEN(cmsg_len); 1092 *CMSG_DATA(cmsg) = record_type; 1093 msg.msg_controllen = cmsg->cmsg_len; 1094 1095 EXPECT_EQ(sendmsg(self->fd, &msg, 0), send_len); 1096 /* Should fail because we didn't provide a control message */ 1097 EXPECT_EQ(recv(self->cfd, buf, send_len, 0), -1); 1098 1099 vec.iov_base = buf; 1100 EXPECT_EQ(recvmsg(self->cfd, &msg, MSG_WAITALL | MSG_PEEK), send_len); 1101 1102 cmsg = CMSG_FIRSTHDR(&msg); 1103 EXPECT_NE(cmsg, NULL); 1104 EXPECT_EQ(cmsg->cmsg_level, SOL_TLS); 1105 EXPECT_EQ(cmsg->cmsg_type, TLS_GET_RECORD_TYPE); 1106 record_type = *((unsigned char *)CMSG_DATA(cmsg)); 1107 EXPECT_EQ(record_type, 100); 1108 EXPECT_EQ(memcmp(buf, test_str, send_len), 0); 1109 1110 /* Recv the message again without MSG_PEEK */ 1111 record_type = 0; 1112 memset(buf, 0, sizeof(buf)); 1113 1114 EXPECT_EQ(recvmsg(self->cfd, &msg, MSG_WAITALL), send_len); 1115 cmsg = CMSG_FIRSTHDR(&msg); 1116 EXPECT_NE(cmsg, NULL); 1117 EXPECT_EQ(cmsg->cmsg_level, SOL_TLS); 1118 EXPECT_EQ(cmsg->cmsg_type, TLS_GET_RECORD_TYPE); 1119 record_type = *((unsigned char *)CMSG_DATA(cmsg)); 1120 EXPECT_EQ(record_type, 100); 1121 EXPECT_EQ(memcmp(buf, test_str, send_len), 0); 1122 } 1123 1124 TEST_F(tls, shutdown) 1125 { 1126 char const *test_str = "test_read"; 1127 int send_len = 10; 1128 char buf[10]; 1129 1130 ASSERT_EQ(strlen(test_str) + 1, send_len); 1131 1132 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 1133 EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1); 1134 EXPECT_EQ(memcmp(buf, test_str, send_len), 0); 1135 1136 shutdown(self->fd, SHUT_RDWR); 1137 shutdown(self->cfd, SHUT_RDWR); 1138 } 1139 1140 TEST_F(tls, shutdown_unsent) 1141 { 1142 char const *test_str = "test_read"; 1143 int send_len = 10; 1144 1145 EXPECT_EQ(send(self->fd, test_str, send_len, MSG_MORE), send_len); 1146 1147 shutdown(self->fd, SHUT_RDWR); 1148 shutdown(self->cfd, SHUT_RDWR); 1149 } 1150 1151 TEST_F(tls, shutdown_reuse) 1152 { 1153 struct sockaddr_in addr; 1154 int ret; 1155 1156 shutdown(self->fd, SHUT_RDWR); 1157 shutdown(self->cfd, SHUT_RDWR); 1158 close(self->cfd); 1159 1160 addr.sin_family = AF_INET; 1161 addr.sin_addr.s_addr = htonl(INADDR_ANY); 1162 addr.sin_port = 0; 1163 1164 ret = bind(self->fd, &addr, sizeof(addr)); 1165 EXPECT_EQ(ret, 0); 1166 ret = listen(self->fd, 10); 1167 EXPECT_EQ(ret, -1); 1168 EXPECT_EQ(errno, EINVAL); 1169 1170 ret = connect(self->fd, &addr, sizeof(addr)); 1171 EXPECT_EQ(ret, -1); 1172 EXPECT_EQ(errno, EISCONN); 1173 } 1174 1175 TEST(non_established) { 1176 struct tls12_crypto_info_aes_gcm_256 tls12; 1177 struct sockaddr_in addr; 1178 int sfd, ret, fd; 1179 socklen_t len; 1180 1181 len = sizeof(addr); 1182 1183 memset(&tls12, 0, sizeof(tls12)); 1184 tls12.info.version = TLS_1_2_VERSION; 1185 tls12.info.cipher_type = TLS_CIPHER_AES_GCM_256; 1186 1187 addr.sin_family = AF_INET; 1188 addr.sin_addr.s_addr = htonl(INADDR_ANY); 1189 addr.sin_port = 0; 1190 1191 fd = socket(AF_INET, SOCK_STREAM, 0); 1192 sfd = socket(AF_INET, SOCK_STREAM, 0); 1193 1194 ret = bind(sfd, &addr, sizeof(addr)); 1195 ASSERT_EQ(ret, 0); 1196 ret = listen(sfd, 10); 1197 ASSERT_EQ(ret, 0); 1198 1199 ret = setsockopt(fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")); 1200 EXPECT_EQ(ret, -1); 1201 /* TLS ULP not supported */ 1202 if (errno == ENOENT) 1203 return; 1204 EXPECT_EQ(errno, ENOTCONN); 1205 1206 ret = setsockopt(sfd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")); 1207 EXPECT_EQ(ret, -1); 1208 EXPECT_EQ(errno, ENOTCONN); 1209 1210 ret = getsockname(sfd, &addr, &len); 1211 ASSERT_EQ(ret, 0); 1212 1213 ret = connect(fd, &addr, sizeof(addr)); 1214 ASSERT_EQ(ret, 0); 1215 1216 ret = setsockopt(fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")); 1217 ASSERT_EQ(ret, 0); 1218 1219 ret = setsockopt(fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")); 1220 EXPECT_EQ(ret, -1); 1221 EXPECT_EQ(errno, EEXIST); 1222 1223 close(fd); 1224 close(sfd); 1225 } 1226 1227 TEST(keysizes) { 1228 struct tls12_crypto_info_aes_gcm_256 tls12; 1229 struct sockaddr_in addr; 1230 int sfd, ret, fd, cfd; 1231 socklen_t len; 1232 bool notls; 1233 1234 notls = false; 1235 len = sizeof(addr); 1236 1237 memset(&tls12, 0, sizeof(tls12)); 1238 tls12.info.version = TLS_1_2_VERSION; 1239 tls12.info.cipher_type = TLS_CIPHER_AES_GCM_256; 1240 1241 addr.sin_family = AF_INET; 1242 addr.sin_addr.s_addr = htonl(INADDR_ANY); 1243 addr.sin_port = 0; 1244 1245 fd = socket(AF_INET, SOCK_STREAM, 0); 1246 sfd = socket(AF_INET, SOCK_STREAM, 0); 1247 1248 ret = bind(sfd, &addr, sizeof(addr)); 1249 ASSERT_EQ(ret, 0); 1250 ret = listen(sfd, 10); 1251 ASSERT_EQ(ret, 0); 1252 1253 ret = getsockname(sfd, &addr, &len); 1254 ASSERT_EQ(ret, 0); 1255 1256 ret = connect(fd, &addr, sizeof(addr)); 1257 ASSERT_EQ(ret, 0); 1258 1259 ret = setsockopt(fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")); 1260 if (ret != 0) { 1261 notls = true; 1262 printf("Failure setting TCP_ULP, testing without tls\n"); 1263 } 1264 1265 if (!notls) { 1266 ret = setsockopt(fd, SOL_TLS, TLS_TX, &tls12, 1267 sizeof(tls12)); 1268 EXPECT_EQ(ret, 0); 1269 } 1270 1271 cfd = accept(sfd, &addr, &len); 1272 ASSERT_GE(cfd, 0); 1273 1274 if (!notls) { 1275 ret = setsockopt(cfd, IPPROTO_TCP, TCP_ULP, "tls", 1276 sizeof("tls")); 1277 EXPECT_EQ(ret, 0); 1278 1279 ret = setsockopt(cfd, SOL_TLS, TLS_RX, &tls12, 1280 sizeof(tls12)); 1281 EXPECT_EQ(ret, 0); 1282 } 1283 1284 close(sfd); 1285 close(fd); 1286 close(cfd); 1287 } 1288 1289 TEST(tls12) { 1290 int fd, cfd; 1291 bool notls; 1292 1293 struct tls12_crypto_info_aes_gcm_128 tls12; 1294 struct sockaddr_in addr; 1295 socklen_t len; 1296 int sfd, ret; 1297 1298 notls = false; 1299 len = sizeof(addr); 1300 1301 memset(&tls12, 0, sizeof(tls12)); 1302 tls12.info.version = TLS_1_2_VERSION; 1303 tls12.info.cipher_type = TLS_CIPHER_AES_GCM_128; 1304 1305 addr.sin_family = AF_INET; 1306 addr.sin_addr.s_addr = htonl(INADDR_ANY); 1307 addr.sin_port = 0; 1308 1309 fd = socket(AF_INET, SOCK_STREAM, 0); 1310 sfd = socket(AF_INET, SOCK_STREAM, 0); 1311 1312 ret = bind(sfd, &addr, sizeof(addr)); 1313 ASSERT_EQ(ret, 0); 1314 ret = listen(sfd, 10); 1315 ASSERT_EQ(ret, 0); 1316 1317 ret = getsockname(sfd, &addr, &len); 1318 ASSERT_EQ(ret, 0); 1319 1320 ret = connect(fd, &addr, sizeof(addr)); 1321 ASSERT_EQ(ret, 0); 1322 1323 ret = setsockopt(fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")); 1324 if (ret != 0) { 1325 notls = true; 1326 printf("Failure setting TCP_ULP, testing without tls\n"); 1327 } 1328 1329 if (!notls) { 1330 ret = setsockopt(fd, SOL_TLS, TLS_TX, &tls12, 1331 sizeof(tls12)); 1332 ASSERT_EQ(ret, 0); 1333 } 1334 1335 cfd = accept(sfd, &addr, &len); 1336 ASSERT_GE(cfd, 0); 1337 1338 if (!notls) { 1339 ret = setsockopt(cfd, IPPROTO_TCP, TCP_ULP, "tls", 1340 sizeof("tls")); 1341 ASSERT_EQ(ret, 0); 1342 1343 ret = setsockopt(cfd, SOL_TLS, TLS_RX, &tls12, 1344 sizeof(tls12)); 1345 ASSERT_EQ(ret, 0); 1346 } 1347 1348 close(sfd); 1349 1350 char const *test_str = "test_read"; 1351 int send_len = 10; 1352 char buf[10]; 1353 1354 send_len = strlen(test_str) + 1; 1355 EXPECT_EQ(send(fd, test_str, send_len, 0), send_len); 1356 EXPECT_NE(recv(cfd, buf, send_len, 0), -1); 1357 EXPECT_EQ(memcmp(buf, test_str, send_len), 0); 1358 1359 close(fd); 1360 close(cfd); 1361 } 1362 1363 TEST_HARNESS_MAIN 1364