1 // SPDX-License-Identifier: GPL-2.0 2 3 #define _GNU_SOURCE 4 5 #include <arpa/inet.h> 6 #include <errno.h> 7 #include <error.h> 8 #include <fcntl.h> 9 #include <poll.h> 10 #include <stdio.h> 11 #include <stdlib.h> 12 #include <unistd.h> 13 14 #include <linux/tls.h> 15 #include <linux/tcp.h> 16 #include <linux/socket.h> 17 18 #include <sys/epoll.h> 19 #include <sys/types.h> 20 #include <sys/sendfile.h> 21 #include <sys/socket.h> 22 #include <sys/stat.h> 23 24 #include "../kselftest_harness.h" 25 26 #define TLS_PAYLOAD_MAX_LEN 16384 27 #define SOL_TLS 282 28 29 static int fips_enabled; 30 31 struct tls_crypto_info_keys { 32 union { 33 struct tls12_crypto_info_aes_gcm_128 aes128; 34 struct tls12_crypto_info_chacha20_poly1305 chacha20; 35 struct tls12_crypto_info_sm4_gcm sm4gcm; 36 struct tls12_crypto_info_sm4_ccm sm4ccm; 37 struct tls12_crypto_info_aes_ccm_128 aesccm128; 38 struct tls12_crypto_info_aes_gcm_256 aesgcm256; 39 }; 40 size_t len; 41 }; 42 43 static void tls_crypto_info_init(uint16_t tls_version, uint16_t cipher_type, 44 struct tls_crypto_info_keys *tls12) 45 { 46 memset(tls12, 0, sizeof(*tls12)); 47 48 switch (cipher_type) { 49 case TLS_CIPHER_CHACHA20_POLY1305: 50 tls12->len = sizeof(struct tls12_crypto_info_chacha20_poly1305); 51 tls12->chacha20.info.version = tls_version; 52 tls12->chacha20.info.cipher_type = cipher_type; 53 break; 54 case TLS_CIPHER_AES_GCM_128: 55 tls12->len = sizeof(struct tls12_crypto_info_aes_gcm_128); 56 tls12->aes128.info.version = tls_version; 57 tls12->aes128.info.cipher_type = cipher_type; 58 break; 59 case TLS_CIPHER_SM4_GCM: 60 tls12->len = sizeof(struct tls12_crypto_info_sm4_gcm); 61 tls12->sm4gcm.info.version = tls_version; 62 tls12->sm4gcm.info.cipher_type = cipher_type; 63 break; 64 case TLS_CIPHER_SM4_CCM: 65 tls12->len = sizeof(struct tls12_crypto_info_sm4_ccm); 66 tls12->sm4ccm.info.version = tls_version; 67 tls12->sm4ccm.info.cipher_type = cipher_type; 68 break; 69 case TLS_CIPHER_AES_CCM_128: 70 tls12->len = sizeof(struct tls12_crypto_info_aes_ccm_128); 71 tls12->aesccm128.info.version = tls_version; 72 tls12->aesccm128.info.cipher_type = cipher_type; 73 break; 74 case TLS_CIPHER_AES_GCM_256: 75 tls12->len = sizeof(struct tls12_crypto_info_aes_gcm_256); 76 tls12->aesgcm256.info.version = tls_version; 77 tls12->aesgcm256.info.cipher_type = cipher_type; 78 break; 79 default: 80 break; 81 } 82 } 83 84 static void memrnd(void *s, size_t n) 85 { 86 int *dword = s; 87 char *byte; 88 89 for (; n >= 4; n -= 4) 90 *dword++ = rand(); 91 byte = (void *)dword; 92 while (n--) 93 *byte++ = rand(); 94 } 95 96 static void ulp_sock_pair(struct __test_metadata *_metadata, 97 int *fd, int *cfd, bool *notls) 98 { 99 struct sockaddr_in addr; 100 socklen_t len; 101 int sfd, ret; 102 103 *notls = false; 104 len = sizeof(addr); 105 106 addr.sin_family = AF_INET; 107 addr.sin_addr.s_addr = htonl(INADDR_ANY); 108 addr.sin_port = 0; 109 110 *fd = socket(AF_INET, SOCK_STREAM, 0); 111 sfd = socket(AF_INET, SOCK_STREAM, 0); 112 113 ret = bind(sfd, &addr, sizeof(addr)); 114 ASSERT_EQ(ret, 0); 115 ret = listen(sfd, 10); 116 ASSERT_EQ(ret, 0); 117 118 ret = getsockname(sfd, &addr, &len); 119 ASSERT_EQ(ret, 0); 120 121 ret = connect(*fd, &addr, sizeof(addr)); 122 ASSERT_EQ(ret, 0); 123 124 *cfd = accept(sfd, &addr, &len); 125 ASSERT_GE(*cfd, 0); 126 127 close(sfd); 128 129 ret = setsockopt(*fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")); 130 if (ret != 0) { 131 ASSERT_EQ(errno, ENOENT); 132 *notls = true; 133 printf("Failure setting TCP_ULP, testing without tls\n"); 134 return; 135 } 136 137 ret = setsockopt(*cfd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")); 138 ASSERT_EQ(ret, 0); 139 } 140 141 /* Produce a basic cmsg */ 142 static int tls_send_cmsg(int fd, unsigned char record_type, 143 void *data, size_t len, int flags) 144 { 145 char cbuf[CMSG_SPACE(sizeof(char))]; 146 int cmsg_len = sizeof(char); 147 struct cmsghdr *cmsg; 148 struct msghdr msg; 149 struct iovec vec; 150 151 vec.iov_base = data; 152 vec.iov_len = len; 153 memset(&msg, 0, sizeof(struct msghdr)); 154 msg.msg_iov = &vec; 155 msg.msg_iovlen = 1; 156 msg.msg_control = cbuf; 157 msg.msg_controllen = sizeof(cbuf); 158 cmsg = CMSG_FIRSTHDR(&msg); 159 cmsg->cmsg_level = SOL_TLS; 160 /* test sending non-record types. */ 161 cmsg->cmsg_type = TLS_SET_RECORD_TYPE; 162 cmsg->cmsg_len = CMSG_LEN(cmsg_len); 163 *CMSG_DATA(cmsg) = record_type; 164 msg.msg_controllen = cmsg->cmsg_len; 165 166 return sendmsg(fd, &msg, flags); 167 } 168 169 static int tls_recv_cmsg(struct __test_metadata *_metadata, 170 int fd, unsigned char record_type, 171 void *data, size_t len, int flags) 172 { 173 char cbuf[CMSG_SPACE(sizeof(char))]; 174 struct cmsghdr *cmsg; 175 unsigned char ctype; 176 struct msghdr msg; 177 struct iovec vec; 178 int n; 179 180 vec.iov_base = data; 181 vec.iov_len = len; 182 memset(&msg, 0, sizeof(struct msghdr)); 183 msg.msg_iov = &vec; 184 msg.msg_iovlen = 1; 185 msg.msg_control = cbuf; 186 msg.msg_controllen = sizeof(cbuf); 187 188 n = recvmsg(fd, &msg, flags); 189 190 cmsg = CMSG_FIRSTHDR(&msg); 191 EXPECT_NE(cmsg, NULL); 192 EXPECT_EQ(cmsg->cmsg_level, SOL_TLS); 193 EXPECT_EQ(cmsg->cmsg_type, TLS_GET_RECORD_TYPE); 194 ctype = *((unsigned char *)CMSG_DATA(cmsg)); 195 EXPECT_EQ(ctype, record_type); 196 197 return n; 198 } 199 200 FIXTURE(tls_basic) 201 { 202 int fd, cfd; 203 bool notls; 204 }; 205 206 FIXTURE_SETUP(tls_basic) 207 { 208 ulp_sock_pair(_metadata, &self->fd, &self->cfd, &self->notls); 209 } 210 211 FIXTURE_TEARDOWN(tls_basic) 212 { 213 close(self->fd); 214 close(self->cfd); 215 } 216 217 /* Send some data through with ULP but no keys */ 218 TEST_F(tls_basic, base_base) 219 { 220 char const *test_str = "test_read"; 221 int send_len = 10; 222 char buf[10]; 223 224 ASSERT_EQ(strlen(test_str) + 1, send_len); 225 226 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 227 EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1); 228 EXPECT_EQ(memcmp(buf, test_str, send_len), 0); 229 }; 230 231 FIXTURE(tls) 232 { 233 int fd, cfd; 234 bool notls; 235 }; 236 237 FIXTURE_VARIANT(tls) 238 { 239 uint16_t tls_version; 240 uint16_t cipher_type; 241 bool nopad, fips_non_compliant; 242 }; 243 244 FIXTURE_VARIANT_ADD(tls, 12_aes_gcm) 245 { 246 .tls_version = TLS_1_2_VERSION, 247 .cipher_type = TLS_CIPHER_AES_GCM_128, 248 }; 249 250 FIXTURE_VARIANT_ADD(tls, 13_aes_gcm) 251 { 252 .tls_version = TLS_1_3_VERSION, 253 .cipher_type = TLS_CIPHER_AES_GCM_128, 254 }; 255 256 FIXTURE_VARIANT_ADD(tls, 12_chacha) 257 { 258 .tls_version = TLS_1_2_VERSION, 259 .cipher_type = TLS_CIPHER_CHACHA20_POLY1305, 260 .fips_non_compliant = true, 261 }; 262 263 FIXTURE_VARIANT_ADD(tls, 13_chacha) 264 { 265 .tls_version = TLS_1_3_VERSION, 266 .cipher_type = TLS_CIPHER_CHACHA20_POLY1305, 267 .fips_non_compliant = true, 268 }; 269 270 FIXTURE_VARIANT_ADD(tls, 13_sm4_gcm) 271 { 272 .tls_version = TLS_1_3_VERSION, 273 .cipher_type = TLS_CIPHER_SM4_GCM, 274 .fips_non_compliant = true, 275 }; 276 277 FIXTURE_VARIANT_ADD(tls, 13_sm4_ccm) 278 { 279 .tls_version = TLS_1_3_VERSION, 280 .cipher_type = TLS_CIPHER_SM4_CCM, 281 .fips_non_compliant = true, 282 }; 283 284 FIXTURE_VARIANT_ADD(tls, 12_aes_ccm) 285 { 286 .tls_version = TLS_1_2_VERSION, 287 .cipher_type = TLS_CIPHER_AES_CCM_128, 288 }; 289 290 FIXTURE_VARIANT_ADD(tls, 13_aes_ccm) 291 { 292 .tls_version = TLS_1_3_VERSION, 293 .cipher_type = TLS_CIPHER_AES_CCM_128, 294 }; 295 296 FIXTURE_VARIANT_ADD(tls, 12_aes_gcm_256) 297 { 298 .tls_version = TLS_1_2_VERSION, 299 .cipher_type = TLS_CIPHER_AES_GCM_256, 300 }; 301 302 FIXTURE_VARIANT_ADD(tls, 13_aes_gcm_256) 303 { 304 .tls_version = TLS_1_3_VERSION, 305 .cipher_type = TLS_CIPHER_AES_GCM_256, 306 }; 307 308 FIXTURE_VARIANT_ADD(tls, 13_nopad) 309 { 310 .tls_version = TLS_1_3_VERSION, 311 .cipher_type = TLS_CIPHER_AES_GCM_128, 312 .nopad = true, 313 }; 314 315 FIXTURE_SETUP(tls) 316 { 317 struct tls_crypto_info_keys tls12; 318 int one = 1; 319 int ret; 320 321 if (fips_enabled && variant->fips_non_compliant) 322 SKIP(return, "Unsupported cipher in FIPS mode"); 323 324 tls_crypto_info_init(variant->tls_version, variant->cipher_type, 325 &tls12); 326 327 ulp_sock_pair(_metadata, &self->fd, &self->cfd, &self->notls); 328 329 if (self->notls) 330 return; 331 332 ret = setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, tls12.len); 333 ASSERT_EQ(ret, 0); 334 335 ret = setsockopt(self->cfd, SOL_TLS, TLS_RX, &tls12, tls12.len); 336 ASSERT_EQ(ret, 0); 337 338 if (variant->nopad) { 339 ret = setsockopt(self->cfd, SOL_TLS, TLS_RX_EXPECT_NO_PAD, 340 (void *)&one, sizeof(one)); 341 ASSERT_EQ(ret, 0); 342 } 343 } 344 345 FIXTURE_TEARDOWN(tls) 346 { 347 close(self->fd); 348 close(self->cfd); 349 } 350 351 TEST_F(tls, sendfile) 352 { 353 int filefd = open("/proc/self/exe", O_RDONLY); 354 struct stat st; 355 356 EXPECT_GE(filefd, 0); 357 fstat(filefd, &st); 358 EXPECT_GE(sendfile(self->fd, filefd, 0, st.st_size), 0); 359 } 360 361 TEST_F(tls, send_then_sendfile) 362 { 363 int filefd = open("/proc/self/exe", O_RDONLY); 364 char const *test_str = "test_send"; 365 int to_send = strlen(test_str) + 1; 366 char recv_buf[10]; 367 struct stat st; 368 char *buf; 369 370 EXPECT_GE(filefd, 0); 371 fstat(filefd, &st); 372 buf = (char *)malloc(st.st_size); 373 374 EXPECT_EQ(send(self->fd, test_str, to_send, 0), to_send); 375 EXPECT_EQ(recv(self->cfd, recv_buf, to_send, MSG_WAITALL), to_send); 376 EXPECT_EQ(memcmp(test_str, recv_buf, to_send), 0); 377 378 EXPECT_GE(sendfile(self->fd, filefd, 0, st.st_size), 0); 379 EXPECT_EQ(recv(self->cfd, buf, st.st_size, MSG_WAITALL), st.st_size); 380 } 381 382 static void chunked_sendfile(struct __test_metadata *_metadata, 383 struct _test_data_tls *self, 384 uint16_t chunk_size, 385 uint16_t extra_payload_size) 386 { 387 char buf[TLS_PAYLOAD_MAX_LEN]; 388 uint16_t test_payload_size; 389 int size = 0; 390 int ret; 391 char filename[] = "/tmp/mytemp.XXXXXX"; 392 int fd = mkstemp(filename); 393 off_t offset = 0; 394 395 unlink(filename); 396 ASSERT_GE(fd, 0); 397 EXPECT_GE(chunk_size, 1); 398 test_payload_size = chunk_size + extra_payload_size; 399 ASSERT_GE(TLS_PAYLOAD_MAX_LEN, test_payload_size); 400 memset(buf, 1, test_payload_size); 401 size = write(fd, buf, test_payload_size); 402 EXPECT_EQ(size, test_payload_size); 403 fsync(fd); 404 405 while (size > 0) { 406 ret = sendfile(self->fd, fd, &offset, chunk_size); 407 EXPECT_GE(ret, 0); 408 size -= ret; 409 } 410 411 EXPECT_EQ(recv(self->cfd, buf, test_payload_size, MSG_WAITALL), 412 test_payload_size); 413 414 close(fd); 415 } 416 417 TEST_F(tls, multi_chunk_sendfile) 418 { 419 chunked_sendfile(_metadata, self, 4096, 4096); 420 chunked_sendfile(_metadata, self, 4096, 0); 421 chunked_sendfile(_metadata, self, 4096, 1); 422 chunked_sendfile(_metadata, self, 4096, 2048); 423 chunked_sendfile(_metadata, self, 8192, 2048); 424 chunked_sendfile(_metadata, self, 4096, 8192); 425 chunked_sendfile(_metadata, self, 8192, 4096); 426 chunked_sendfile(_metadata, self, 12288, 1024); 427 chunked_sendfile(_metadata, self, 12288, 2000); 428 chunked_sendfile(_metadata, self, 15360, 100); 429 chunked_sendfile(_metadata, self, 15360, 300); 430 chunked_sendfile(_metadata, self, 1, 4096); 431 chunked_sendfile(_metadata, self, 2048, 4096); 432 chunked_sendfile(_metadata, self, 2048, 8192); 433 chunked_sendfile(_metadata, self, 4096, 8192); 434 chunked_sendfile(_metadata, self, 1024, 12288); 435 chunked_sendfile(_metadata, self, 2000, 12288); 436 chunked_sendfile(_metadata, self, 100, 15360); 437 chunked_sendfile(_metadata, self, 300, 15360); 438 } 439 440 TEST_F(tls, recv_max) 441 { 442 unsigned int send_len = TLS_PAYLOAD_MAX_LEN; 443 char recv_mem[TLS_PAYLOAD_MAX_LEN]; 444 char buf[TLS_PAYLOAD_MAX_LEN]; 445 446 memrnd(buf, sizeof(buf)); 447 448 EXPECT_GE(send(self->fd, buf, send_len, 0), 0); 449 EXPECT_NE(recv(self->cfd, recv_mem, send_len, 0), -1); 450 EXPECT_EQ(memcmp(buf, recv_mem, send_len), 0); 451 } 452 453 TEST_F(tls, recv_small) 454 { 455 char const *test_str = "test_read"; 456 int send_len = 10; 457 char buf[10]; 458 459 send_len = strlen(test_str) + 1; 460 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 461 EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1); 462 EXPECT_EQ(memcmp(buf, test_str, send_len), 0); 463 } 464 465 TEST_F(tls, msg_more) 466 { 467 char const *test_str = "test_read"; 468 int send_len = 10; 469 char buf[10 * 2]; 470 471 EXPECT_EQ(send(self->fd, test_str, send_len, MSG_MORE), send_len); 472 EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_DONTWAIT), -1); 473 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 474 EXPECT_EQ(recv(self->cfd, buf, send_len * 2, MSG_WAITALL), 475 send_len * 2); 476 EXPECT_EQ(memcmp(buf, test_str, send_len), 0); 477 } 478 479 TEST_F(tls, msg_more_unsent) 480 { 481 char const *test_str = "test_read"; 482 int send_len = 10; 483 char buf[10]; 484 485 EXPECT_EQ(send(self->fd, test_str, send_len, MSG_MORE), send_len); 486 EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_DONTWAIT), -1); 487 } 488 489 TEST_F(tls, sendmsg_single) 490 { 491 struct msghdr msg; 492 493 char const *test_str = "test_sendmsg"; 494 size_t send_len = 13; 495 struct iovec vec; 496 char buf[13]; 497 498 vec.iov_base = (char *)test_str; 499 vec.iov_len = send_len; 500 memset(&msg, 0, sizeof(struct msghdr)); 501 msg.msg_iov = &vec; 502 msg.msg_iovlen = 1; 503 EXPECT_EQ(sendmsg(self->fd, &msg, 0), send_len); 504 EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_WAITALL), send_len); 505 EXPECT_EQ(memcmp(buf, test_str, send_len), 0); 506 } 507 508 #define MAX_FRAGS 64 509 #define SEND_LEN 13 510 TEST_F(tls, sendmsg_fragmented) 511 { 512 char const *test_str = "test_sendmsg"; 513 char buf[SEND_LEN * MAX_FRAGS]; 514 struct iovec vec[MAX_FRAGS]; 515 struct msghdr msg; 516 int i, frags; 517 518 for (frags = 1; frags <= MAX_FRAGS; frags++) { 519 for (i = 0; i < frags; i++) { 520 vec[i].iov_base = (char *)test_str; 521 vec[i].iov_len = SEND_LEN; 522 } 523 524 memset(&msg, 0, sizeof(struct msghdr)); 525 msg.msg_iov = vec; 526 msg.msg_iovlen = frags; 527 528 EXPECT_EQ(sendmsg(self->fd, &msg, 0), SEND_LEN * frags); 529 EXPECT_EQ(recv(self->cfd, buf, SEND_LEN * frags, MSG_WAITALL), 530 SEND_LEN * frags); 531 532 for (i = 0; i < frags; i++) 533 EXPECT_EQ(memcmp(buf + SEND_LEN * i, 534 test_str, SEND_LEN), 0); 535 } 536 } 537 #undef MAX_FRAGS 538 #undef SEND_LEN 539 540 TEST_F(tls, sendmsg_large) 541 { 542 void *mem = malloc(16384); 543 size_t send_len = 16384; 544 size_t sends = 128; 545 struct msghdr msg; 546 size_t recvs = 0; 547 size_t sent = 0; 548 549 memset(&msg, 0, sizeof(struct msghdr)); 550 while (sent++ < sends) { 551 struct iovec vec = { (void *)mem, send_len }; 552 553 msg.msg_iov = &vec; 554 msg.msg_iovlen = 1; 555 EXPECT_EQ(sendmsg(self->cfd, &msg, 0), send_len); 556 } 557 558 while (recvs++ < sends) { 559 EXPECT_NE(recv(self->fd, mem, send_len, 0), -1); 560 } 561 562 free(mem); 563 } 564 565 TEST_F(tls, sendmsg_multiple) 566 { 567 char const *test_str = "test_sendmsg_multiple"; 568 struct iovec vec[5]; 569 char *test_strs[5]; 570 struct msghdr msg; 571 int total_len = 0; 572 int len_cmp = 0; 573 int iov_len = 5; 574 char *buf; 575 int i; 576 577 memset(&msg, 0, sizeof(struct msghdr)); 578 for (i = 0; i < iov_len; i++) { 579 test_strs[i] = (char *)malloc(strlen(test_str) + 1); 580 snprintf(test_strs[i], strlen(test_str) + 1, "%s", test_str); 581 vec[i].iov_base = (void *)test_strs[i]; 582 vec[i].iov_len = strlen(test_strs[i]) + 1; 583 total_len += vec[i].iov_len; 584 } 585 msg.msg_iov = vec; 586 msg.msg_iovlen = iov_len; 587 588 EXPECT_EQ(sendmsg(self->cfd, &msg, 0), total_len); 589 buf = malloc(total_len); 590 EXPECT_NE(recv(self->fd, buf, total_len, 0), -1); 591 for (i = 0; i < iov_len; i++) { 592 EXPECT_EQ(memcmp(test_strs[i], buf + len_cmp, 593 strlen(test_strs[i])), 594 0); 595 len_cmp += strlen(buf + len_cmp) + 1; 596 } 597 for (i = 0; i < iov_len; i++) 598 free(test_strs[i]); 599 free(buf); 600 } 601 602 TEST_F(tls, sendmsg_multiple_stress) 603 { 604 char const *test_str = "abcdefghijklmno"; 605 struct iovec vec[1024]; 606 char *test_strs[1024]; 607 int iov_len = 1024; 608 int total_len = 0; 609 char buf[1 << 14]; 610 struct msghdr msg; 611 int len_cmp = 0; 612 int i; 613 614 memset(&msg, 0, sizeof(struct msghdr)); 615 for (i = 0; i < iov_len; i++) { 616 test_strs[i] = (char *)malloc(strlen(test_str) + 1); 617 snprintf(test_strs[i], strlen(test_str) + 1, "%s", test_str); 618 vec[i].iov_base = (void *)test_strs[i]; 619 vec[i].iov_len = strlen(test_strs[i]) + 1; 620 total_len += vec[i].iov_len; 621 } 622 msg.msg_iov = vec; 623 msg.msg_iovlen = iov_len; 624 625 EXPECT_EQ(sendmsg(self->fd, &msg, 0), total_len); 626 EXPECT_NE(recv(self->cfd, buf, total_len, 0), -1); 627 628 for (i = 0; i < iov_len; i++) 629 len_cmp += strlen(buf + len_cmp) + 1; 630 631 for (i = 0; i < iov_len; i++) 632 free(test_strs[i]); 633 } 634 635 TEST_F(tls, splice_from_pipe) 636 { 637 int send_len = TLS_PAYLOAD_MAX_LEN; 638 char mem_send[TLS_PAYLOAD_MAX_LEN]; 639 char mem_recv[TLS_PAYLOAD_MAX_LEN]; 640 int p[2]; 641 642 ASSERT_GE(pipe(p), 0); 643 EXPECT_GE(write(p[1], mem_send, send_len), 0); 644 EXPECT_GE(splice(p[0], NULL, self->fd, NULL, send_len, 0), 0); 645 EXPECT_EQ(recv(self->cfd, mem_recv, send_len, MSG_WAITALL), send_len); 646 EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0); 647 } 648 649 TEST_F(tls, splice_from_pipe2) 650 { 651 int send_len = 16000; 652 char mem_send[16000]; 653 char mem_recv[16000]; 654 int p2[2]; 655 int p[2]; 656 657 memrnd(mem_send, sizeof(mem_send)); 658 659 ASSERT_GE(pipe(p), 0); 660 ASSERT_GE(pipe(p2), 0); 661 EXPECT_EQ(write(p[1], mem_send, 8000), 8000); 662 EXPECT_EQ(splice(p[0], NULL, self->fd, NULL, 8000, 0), 8000); 663 EXPECT_EQ(write(p2[1], mem_send + 8000, 8000), 8000); 664 EXPECT_EQ(splice(p2[0], NULL, self->fd, NULL, 8000, 0), 8000); 665 EXPECT_EQ(recv(self->cfd, mem_recv, send_len, MSG_WAITALL), send_len); 666 EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0); 667 } 668 669 TEST_F(tls, send_and_splice) 670 { 671 int send_len = TLS_PAYLOAD_MAX_LEN; 672 char mem_send[TLS_PAYLOAD_MAX_LEN]; 673 char mem_recv[TLS_PAYLOAD_MAX_LEN]; 674 char const *test_str = "test_read"; 675 int send_len2 = 10; 676 char buf[10]; 677 int p[2]; 678 679 ASSERT_GE(pipe(p), 0); 680 EXPECT_EQ(send(self->fd, test_str, send_len2, 0), send_len2); 681 EXPECT_EQ(recv(self->cfd, buf, send_len2, MSG_WAITALL), send_len2); 682 EXPECT_EQ(memcmp(test_str, buf, send_len2), 0); 683 684 EXPECT_GE(write(p[1], mem_send, send_len), send_len); 685 EXPECT_GE(splice(p[0], NULL, self->fd, NULL, send_len, 0), send_len); 686 687 EXPECT_EQ(recv(self->cfd, mem_recv, send_len, MSG_WAITALL), send_len); 688 EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0); 689 } 690 691 TEST_F(tls, splice_to_pipe) 692 { 693 int send_len = TLS_PAYLOAD_MAX_LEN; 694 char mem_send[TLS_PAYLOAD_MAX_LEN]; 695 char mem_recv[TLS_PAYLOAD_MAX_LEN]; 696 int p[2]; 697 698 memrnd(mem_send, sizeof(mem_send)); 699 700 ASSERT_GE(pipe(p), 0); 701 EXPECT_EQ(send(self->fd, mem_send, send_len, 0), send_len); 702 EXPECT_EQ(splice(self->cfd, NULL, p[1], NULL, send_len, 0), send_len); 703 EXPECT_EQ(read(p[0], mem_recv, send_len), send_len); 704 EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0); 705 } 706 707 TEST_F(tls, splice_cmsg_to_pipe) 708 { 709 char *test_str = "test_read"; 710 char record_type = 100; 711 int send_len = 10; 712 char buf[10]; 713 int p[2]; 714 715 if (self->notls) 716 SKIP(return, "no TLS support"); 717 718 ASSERT_GE(pipe(p), 0); 719 EXPECT_EQ(tls_send_cmsg(self->fd, 100, test_str, send_len, 0), 10); 720 EXPECT_EQ(splice(self->cfd, NULL, p[1], NULL, send_len, 0), -1); 721 EXPECT_EQ(errno, EINVAL); 722 EXPECT_EQ(recv(self->cfd, buf, send_len, 0), -1); 723 EXPECT_EQ(errno, EIO); 724 EXPECT_EQ(tls_recv_cmsg(_metadata, self->cfd, record_type, 725 buf, sizeof(buf), MSG_WAITALL), 726 send_len); 727 EXPECT_EQ(memcmp(test_str, buf, send_len), 0); 728 } 729 730 TEST_F(tls, splice_dec_cmsg_to_pipe) 731 { 732 char *test_str = "test_read"; 733 char record_type = 100; 734 int send_len = 10; 735 char buf[10]; 736 int p[2]; 737 738 if (self->notls) 739 SKIP(return, "no TLS support"); 740 741 ASSERT_GE(pipe(p), 0); 742 EXPECT_EQ(tls_send_cmsg(self->fd, 100, test_str, send_len, 0), 10); 743 EXPECT_EQ(recv(self->cfd, buf, send_len, 0), -1); 744 EXPECT_EQ(errno, EIO); 745 EXPECT_EQ(splice(self->cfd, NULL, p[1], NULL, send_len, 0), -1); 746 EXPECT_EQ(errno, EINVAL); 747 EXPECT_EQ(tls_recv_cmsg(_metadata, self->cfd, record_type, 748 buf, sizeof(buf), MSG_WAITALL), 749 send_len); 750 EXPECT_EQ(memcmp(test_str, buf, send_len), 0); 751 } 752 753 TEST_F(tls, recv_and_splice) 754 { 755 int send_len = TLS_PAYLOAD_MAX_LEN; 756 char mem_send[TLS_PAYLOAD_MAX_LEN]; 757 char mem_recv[TLS_PAYLOAD_MAX_LEN]; 758 int half = send_len / 2; 759 int p[2]; 760 761 ASSERT_GE(pipe(p), 0); 762 EXPECT_EQ(send(self->fd, mem_send, send_len, 0), send_len); 763 /* Recv hald of the record, splice the other half */ 764 EXPECT_EQ(recv(self->cfd, mem_recv, half, MSG_WAITALL), half); 765 EXPECT_EQ(splice(self->cfd, NULL, p[1], NULL, half, SPLICE_F_NONBLOCK), 766 half); 767 EXPECT_EQ(read(p[0], &mem_recv[half], half), half); 768 EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0); 769 } 770 771 TEST_F(tls, peek_and_splice) 772 { 773 int send_len = TLS_PAYLOAD_MAX_LEN; 774 char mem_send[TLS_PAYLOAD_MAX_LEN]; 775 char mem_recv[TLS_PAYLOAD_MAX_LEN]; 776 int chunk = TLS_PAYLOAD_MAX_LEN / 4; 777 int n, i, p[2]; 778 779 memrnd(mem_send, sizeof(mem_send)); 780 781 ASSERT_GE(pipe(p), 0); 782 for (i = 0; i < 4; i++) 783 EXPECT_EQ(send(self->fd, &mem_send[chunk * i], chunk, 0), 784 chunk); 785 786 EXPECT_EQ(recv(self->cfd, mem_recv, chunk * 5 / 2, 787 MSG_WAITALL | MSG_PEEK), 788 chunk * 5 / 2); 789 EXPECT_EQ(memcmp(mem_send, mem_recv, chunk * 5 / 2), 0); 790 791 n = 0; 792 while (n < send_len) { 793 i = splice(self->cfd, NULL, p[1], NULL, send_len - n, 0); 794 EXPECT_GT(i, 0); 795 n += i; 796 } 797 EXPECT_EQ(n, send_len); 798 EXPECT_EQ(read(p[0], mem_recv, send_len), send_len); 799 EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0); 800 } 801 802 TEST_F(tls, recvmsg_single) 803 { 804 char const *test_str = "test_recvmsg_single"; 805 int send_len = strlen(test_str) + 1; 806 char buf[20]; 807 struct msghdr hdr; 808 struct iovec vec; 809 810 memset(&hdr, 0, sizeof(hdr)); 811 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 812 vec.iov_base = (char *)buf; 813 vec.iov_len = send_len; 814 hdr.msg_iovlen = 1; 815 hdr.msg_iov = &vec; 816 EXPECT_NE(recvmsg(self->cfd, &hdr, 0), -1); 817 EXPECT_EQ(memcmp(test_str, buf, send_len), 0); 818 } 819 820 TEST_F(tls, recvmsg_single_max) 821 { 822 int send_len = TLS_PAYLOAD_MAX_LEN; 823 char send_mem[TLS_PAYLOAD_MAX_LEN]; 824 char recv_mem[TLS_PAYLOAD_MAX_LEN]; 825 struct iovec vec; 826 struct msghdr hdr; 827 828 memrnd(send_mem, sizeof(send_mem)); 829 830 EXPECT_EQ(send(self->fd, send_mem, send_len, 0), send_len); 831 vec.iov_base = (char *)recv_mem; 832 vec.iov_len = TLS_PAYLOAD_MAX_LEN; 833 834 hdr.msg_iovlen = 1; 835 hdr.msg_iov = &vec; 836 EXPECT_NE(recvmsg(self->cfd, &hdr, 0), -1); 837 EXPECT_EQ(memcmp(send_mem, recv_mem, send_len), 0); 838 } 839 840 TEST_F(tls, recvmsg_multiple) 841 { 842 unsigned int msg_iovlen = 1024; 843 struct iovec vec[1024]; 844 char *iov_base[1024]; 845 unsigned int iov_len = 16; 846 int send_len = 1 << 14; 847 char buf[1 << 14]; 848 struct msghdr hdr; 849 int i; 850 851 memrnd(buf, sizeof(buf)); 852 853 EXPECT_EQ(send(self->fd, buf, send_len, 0), send_len); 854 for (i = 0; i < msg_iovlen; i++) { 855 iov_base[i] = (char *)malloc(iov_len); 856 vec[i].iov_base = iov_base[i]; 857 vec[i].iov_len = iov_len; 858 } 859 860 hdr.msg_iovlen = msg_iovlen; 861 hdr.msg_iov = vec; 862 EXPECT_NE(recvmsg(self->cfd, &hdr, 0), -1); 863 864 for (i = 0; i < msg_iovlen; i++) 865 free(iov_base[i]); 866 } 867 868 TEST_F(tls, single_send_multiple_recv) 869 { 870 unsigned int total_len = TLS_PAYLOAD_MAX_LEN * 2; 871 unsigned int send_len = TLS_PAYLOAD_MAX_LEN; 872 char send_mem[TLS_PAYLOAD_MAX_LEN * 2]; 873 char recv_mem[TLS_PAYLOAD_MAX_LEN * 2]; 874 875 memrnd(send_mem, sizeof(send_mem)); 876 877 EXPECT_GE(send(self->fd, send_mem, total_len, 0), 0); 878 memset(recv_mem, 0, total_len); 879 880 EXPECT_NE(recv(self->cfd, recv_mem, send_len, 0), -1); 881 EXPECT_NE(recv(self->cfd, recv_mem + send_len, send_len, 0), -1); 882 EXPECT_EQ(memcmp(send_mem, recv_mem, total_len), 0); 883 } 884 885 TEST_F(tls, multiple_send_single_recv) 886 { 887 unsigned int total_len = 2 * 10; 888 unsigned int send_len = 10; 889 char recv_mem[2 * 10]; 890 char send_mem[10]; 891 892 memrnd(send_mem, sizeof(send_mem)); 893 894 EXPECT_GE(send(self->fd, send_mem, send_len, 0), 0); 895 EXPECT_GE(send(self->fd, send_mem, send_len, 0), 0); 896 memset(recv_mem, 0, total_len); 897 EXPECT_EQ(recv(self->cfd, recv_mem, total_len, MSG_WAITALL), total_len); 898 899 EXPECT_EQ(memcmp(send_mem, recv_mem, send_len), 0); 900 EXPECT_EQ(memcmp(send_mem, recv_mem + send_len, send_len), 0); 901 } 902 903 TEST_F(tls, single_send_multiple_recv_non_align) 904 { 905 const unsigned int total_len = 15; 906 const unsigned int recv_len = 10; 907 char recv_mem[recv_len * 2]; 908 char send_mem[total_len]; 909 910 memrnd(send_mem, sizeof(send_mem)); 911 912 EXPECT_GE(send(self->fd, send_mem, total_len, 0), 0); 913 memset(recv_mem, 0, total_len); 914 915 EXPECT_EQ(recv(self->cfd, recv_mem, recv_len, 0), recv_len); 916 EXPECT_EQ(recv(self->cfd, recv_mem + recv_len, recv_len, 0), 5); 917 EXPECT_EQ(memcmp(send_mem, recv_mem, total_len), 0); 918 } 919 920 TEST_F(tls, recv_partial) 921 { 922 char const *test_str = "test_read_partial"; 923 char const *test_str_first = "test_read"; 924 char const *test_str_second = "_partial"; 925 int send_len = strlen(test_str) + 1; 926 char recv_mem[18]; 927 928 memset(recv_mem, 0, sizeof(recv_mem)); 929 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 930 EXPECT_NE(recv(self->cfd, recv_mem, strlen(test_str_first), 931 MSG_WAITALL), -1); 932 EXPECT_EQ(memcmp(test_str_first, recv_mem, strlen(test_str_first)), 0); 933 memset(recv_mem, 0, sizeof(recv_mem)); 934 EXPECT_NE(recv(self->cfd, recv_mem, strlen(test_str_second), 935 MSG_WAITALL), -1); 936 EXPECT_EQ(memcmp(test_str_second, recv_mem, strlen(test_str_second)), 937 0); 938 } 939 940 TEST_F(tls, recv_nonblock) 941 { 942 char buf[4096]; 943 bool err; 944 945 EXPECT_EQ(recv(self->cfd, buf, sizeof(buf), MSG_DONTWAIT), -1); 946 err = (errno == EAGAIN || errno == EWOULDBLOCK); 947 EXPECT_EQ(err, true); 948 } 949 950 TEST_F(tls, recv_peek) 951 { 952 char const *test_str = "test_read_peek"; 953 int send_len = strlen(test_str) + 1; 954 char buf[15]; 955 956 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 957 EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_PEEK), send_len); 958 EXPECT_EQ(memcmp(test_str, buf, send_len), 0); 959 memset(buf, 0, sizeof(buf)); 960 EXPECT_EQ(recv(self->cfd, buf, send_len, 0), send_len); 961 EXPECT_EQ(memcmp(test_str, buf, send_len), 0); 962 } 963 964 TEST_F(tls, recv_peek_multiple) 965 { 966 char const *test_str = "test_read_peek"; 967 int send_len = strlen(test_str) + 1; 968 unsigned int num_peeks = 100; 969 char buf[15]; 970 int i; 971 972 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 973 for (i = 0; i < num_peeks; i++) { 974 EXPECT_NE(recv(self->cfd, buf, send_len, MSG_PEEK), -1); 975 EXPECT_EQ(memcmp(test_str, buf, send_len), 0); 976 memset(buf, 0, sizeof(buf)); 977 } 978 EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1); 979 EXPECT_EQ(memcmp(test_str, buf, send_len), 0); 980 } 981 982 TEST_F(tls, recv_peek_multiple_records) 983 { 984 char const *test_str = "test_read_peek_mult_recs"; 985 char const *test_str_first = "test_read_peek"; 986 char const *test_str_second = "_mult_recs"; 987 int len; 988 char buf[64]; 989 990 len = strlen(test_str_first); 991 EXPECT_EQ(send(self->fd, test_str_first, len, 0), len); 992 993 len = strlen(test_str_second) + 1; 994 EXPECT_EQ(send(self->fd, test_str_second, len, 0), len); 995 996 len = strlen(test_str_first); 997 memset(buf, 0, len); 998 EXPECT_EQ(recv(self->cfd, buf, len, MSG_PEEK | MSG_WAITALL), len); 999 1000 /* MSG_PEEK can only peek into the current record. */ 1001 len = strlen(test_str_first); 1002 EXPECT_EQ(memcmp(test_str_first, buf, len), 0); 1003 1004 len = strlen(test_str) + 1; 1005 memset(buf, 0, len); 1006 EXPECT_EQ(recv(self->cfd, buf, len, MSG_WAITALL), len); 1007 1008 /* Non-MSG_PEEK will advance strparser (and therefore record) 1009 * however. 1010 */ 1011 len = strlen(test_str) + 1; 1012 EXPECT_EQ(memcmp(test_str, buf, len), 0); 1013 1014 /* MSG_MORE will hold current record open, so later MSG_PEEK 1015 * will see everything. 1016 */ 1017 len = strlen(test_str_first); 1018 EXPECT_EQ(send(self->fd, test_str_first, len, MSG_MORE), len); 1019 1020 len = strlen(test_str_second) + 1; 1021 EXPECT_EQ(send(self->fd, test_str_second, len, 0), len); 1022 1023 len = strlen(test_str) + 1; 1024 memset(buf, 0, len); 1025 EXPECT_EQ(recv(self->cfd, buf, len, MSG_PEEK | MSG_WAITALL), len); 1026 1027 len = strlen(test_str) + 1; 1028 EXPECT_EQ(memcmp(test_str, buf, len), 0); 1029 } 1030 1031 TEST_F(tls, recv_peek_large_buf_mult_recs) 1032 { 1033 char const *test_str = "test_read_peek_mult_recs"; 1034 char const *test_str_first = "test_read_peek"; 1035 char const *test_str_second = "_mult_recs"; 1036 int len; 1037 char buf[64]; 1038 1039 len = strlen(test_str_first); 1040 EXPECT_EQ(send(self->fd, test_str_first, len, 0), len); 1041 1042 len = strlen(test_str_second) + 1; 1043 EXPECT_EQ(send(self->fd, test_str_second, len, 0), len); 1044 1045 len = strlen(test_str) + 1; 1046 memset(buf, 0, len); 1047 EXPECT_NE((len = recv(self->cfd, buf, len, 1048 MSG_PEEK | MSG_WAITALL)), -1); 1049 len = strlen(test_str) + 1; 1050 EXPECT_EQ(memcmp(test_str, buf, len), 0); 1051 } 1052 1053 TEST_F(tls, recv_lowat) 1054 { 1055 char send_mem[10] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 }; 1056 char recv_mem[20]; 1057 int lowat = 8; 1058 1059 EXPECT_EQ(send(self->fd, send_mem, 10, 0), 10); 1060 EXPECT_EQ(send(self->fd, send_mem, 5, 0), 5); 1061 1062 memset(recv_mem, 0, 20); 1063 EXPECT_EQ(setsockopt(self->cfd, SOL_SOCKET, SO_RCVLOWAT, 1064 &lowat, sizeof(lowat)), 0); 1065 EXPECT_EQ(recv(self->cfd, recv_mem, 1, MSG_WAITALL), 1); 1066 EXPECT_EQ(recv(self->cfd, recv_mem + 1, 6, MSG_WAITALL), 6); 1067 EXPECT_EQ(recv(self->cfd, recv_mem + 7, 10, 0), 8); 1068 1069 EXPECT_EQ(memcmp(send_mem, recv_mem, 10), 0); 1070 EXPECT_EQ(memcmp(send_mem, recv_mem + 10, 5), 0); 1071 } 1072 1073 TEST_F(tls, bidir) 1074 { 1075 char const *test_str = "test_read"; 1076 int send_len = 10; 1077 char buf[10]; 1078 int ret; 1079 1080 if (!self->notls) { 1081 struct tls_crypto_info_keys tls12; 1082 1083 tls_crypto_info_init(variant->tls_version, variant->cipher_type, 1084 &tls12); 1085 1086 ret = setsockopt(self->fd, SOL_TLS, TLS_RX, &tls12, 1087 tls12.len); 1088 ASSERT_EQ(ret, 0); 1089 1090 ret = setsockopt(self->cfd, SOL_TLS, TLS_TX, &tls12, 1091 tls12.len); 1092 ASSERT_EQ(ret, 0); 1093 } 1094 1095 ASSERT_EQ(strlen(test_str) + 1, send_len); 1096 1097 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 1098 EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1); 1099 EXPECT_EQ(memcmp(buf, test_str, send_len), 0); 1100 1101 memset(buf, 0, sizeof(buf)); 1102 1103 EXPECT_EQ(send(self->cfd, test_str, send_len, 0), send_len); 1104 EXPECT_NE(recv(self->fd, buf, send_len, 0), -1); 1105 EXPECT_EQ(memcmp(buf, test_str, send_len), 0); 1106 }; 1107 1108 TEST_F(tls, pollin) 1109 { 1110 char const *test_str = "test_poll"; 1111 struct pollfd fd = { 0, 0, 0 }; 1112 char buf[10]; 1113 int send_len = 10; 1114 1115 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 1116 fd.fd = self->cfd; 1117 fd.events = POLLIN; 1118 1119 EXPECT_EQ(poll(&fd, 1, 20), 1); 1120 EXPECT_EQ(fd.revents & POLLIN, 1); 1121 EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_WAITALL), send_len); 1122 /* Test timing out */ 1123 EXPECT_EQ(poll(&fd, 1, 20), 0); 1124 } 1125 1126 TEST_F(tls, poll_wait) 1127 { 1128 char const *test_str = "test_poll_wait"; 1129 int send_len = strlen(test_str) + 1; 1130 struct pollfd fd = { 0, 0, 0 }; 1131 char recv_mem[15]; 1132 1133 fd.fd = self->cfd; 1134 fd.events = POLLIN; 1135 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 1136 /* Set timeout to inf. secs */ 1137 EXPECT_EQ(poll(&fd, 1, -1), 1); 1138 EXPECT_EQ(fd.revents & POLLIN, 1); 1139 EXPECT_EQ(recv(self->cfd, recv_mem, send_len, MSG_WAITALL), send_len); 1140 } 1141 1142 TEST_F(tls, poll_wait_split) 1143 { 1144 struct pollfd fd = { 0, 0, 0 }; 1145 char send_mem[20] = {}; 1146 char recv_mem[15]; 1147 1148 fd.fd = self->cfd; 1149 fd.events = POLLIN; 1150 /* Send 20 bytes */ 1151 EXPECT_EQ(send(self->fd, send_mem, sizeof(send_mem), 0), 1152 sizeof(send_mem)); 1153 /* Poll with inf. timeout */ 1154 EXPECT_EQ(poll(&fd, 1, -1), 1); 1155 EXPECT_EQ(fd.revents & POLLIN, 1); 1156 EXPECT_EQ(recv(self->cfd, recv_mem, sizeof(recv_mem), MSG_WAITALL), 1157 sizeof(recv_mem)); 1158 1159 /* Now the remaining 5 bytes of record data are in TLS ULP */ 1160 fd.fd = self->cfd; 1161 fd.events = POLLIN; 1162 EXPECT_EQ(poll(&fd, 1, -1), 1); 1163 EXPECT_EQ(fd.revents & POLLIN, 1); 1164 EXPECT_EQ(recv(self->cfd, recv_mem, sizeof(recv_mem), 0), 1165 sizeof(send_mem) - sizeof(recv_mem)); 1166 } 1167 1168 TEST_F(tls, blocking) 1169 { 1170 size_t data = 100000; 1171 int res = fork(); 1172 1173 EXPECT_NE(res, -1); 1174 1175 if (res) { 1176 /* parent */ 1177 size_t left = data; 1178 char buf[16384]; 1179 int status; 1180 int pid2; 1181 1182 while (left) { 1183 int res = send(self->fd, buf, 1184 left > 16384 ? 16384 : left, 0); 1185 1186 EXPECT_GE(res, 0); 1187 left -= res; 1188 } 1189 1190 pid2 = wait(&status); 1191 EXPECT_EQ(status, 0); 1192 EXPECT_EQ(res, pid2); 1193 } else { 1194 /* child */ 1195 size_t left = data; 1196 char buf[16384]; 1197 1198 while (left) { 1199 int res = recv(self->cfd, buf, 1200 left > 16384 ? 16384 : left, 0); 1201 1202 EXPECT_GE(res, 0); 1203 left -= res; 1204 } 1205 } 1206 } 1207 1208 TEST_F(tls, nonblocking) 1209 { 1210 size_t data = 100000; 1211 int sendbuf = 100; 1212 int flags; 1213 int res; 1214 1215 flags = fcntl(self->fd, F_GETFL, 0); 1216 fcntl(self->fd, F_SETFL, flags | O_NONBLOCK); 1217 fcntl(self->cfd, F_SETFL, flags | O_NONBLOCK); 1218 1219 /* Ensure nonblocking behavior by imposing a small send 1220 * buffer. 1221 */ 1222 EXPECT_EQ(setsockopt(self->fd, SOL_SOCKET, SO_SNDBUF, 1223 &sendbuf, sizeof(sendbuf)), 0); 1224 1225 res = fork(); 1226 EXPECT_NE(res, -1); 1227 1228 if (res) { 1229 /* parent */ 1230 bool eagain = false; 1231 size_t left = data; 1232 char buf[16384]; 1233 int status; 1234 int pid2; 1235 1236 while (left) { 1237 int res = send(self->fd, buf, 1238 left > 16384 ? 16384 : left, 0); 1239 1240 if (res == -1 && errno == EAGAIN) { 1241 eagain = true; 1242 usleep(10000); 1243 continue; 1244 } 1245 EXPECT_GE(res, 0); 1246 left -= res; 1247 } 1248 1249 EXPECT_TRUE(eagain); 1250 pid2 = wait(&status); 1251 1252 EXPECT_EQ(status, 0); 1253 EXPECT_EQ(res, pid2); 1254 } else { 1255 /* child */ 1256 bool eagain = false; 1257 size_t left = data; 1258 char buf[16384]; 1259 1260 while (left) { 1261 int res = recv(self->cfd, buf, 1262 left > 16384 ? 16384 : left, 0); 1263 1264 if (res == -1 && errno == EAGAIN) { 1265 eagain = true; 1266 usleep(10000); 1267 continue; 1268 } 1269 EXPECT_GE(res, 0); 1270 left -= res; 1271 } 1272 EXPECT_TRUE(eagain); 1273 } 1274 } 1275 1276 static void 1277 test_mutliproc(struct __test_metadata *_metadata, struct _test_data_tls *self, 1278 bool sendpg, unsigned int n_readers, unsigned int n_writers) 1279 { 1280 const unsigned int n_children = n_readers + n_writers; 1281 const size_t data = 6 * 1000 * 1000; 1282 const size_t file_sz = data / 100; 1283 size_t read_bias, write_bias; 1284 int i, fd, child_id; 1285 char buf[file_sz]; 1286 pid_t pid; 1287 1288 /* Only allow multiples for simplicity */ 1289 ASSERT_EQ(!(n_readers % n_writers) || !(n_writers % n_readers), true); 1290 read_bias = n_writers / n_readers ?: 1; 1291 write_bias = n_readers / n_writers ?: 1; 1292 1293 /* prep a file to send */ 1294 fd = open("/tmp/", O_TMPFILE | O_RDWR, 0600); 1295 ASSERT_GE(fd, 0); 1296 1297 memset(buf, 0xac, file_sz); 1298 ASSERT_EQ(write(fd, buf, file_sz), file_sz); 1299 1300 /* spawn children */ 1301 for (child_id = 0; child_id < n_children; child_id++) { 1302 pid = fork(); 1303 ASSERT_NE(pid, -1); 1304 if (!pid) 1305 break; 1306 } 1307 1308 /* parent waits for all children */ 1309 if (pid) { 1310 for (i = 0; i < n_children; i++) { 1311 int status; 1312 1313 wait(&status); 1314 EXPECT_EQ(status, 0); 1315 } 1316 1317 return; 1318 } 1319 1320 /* Split threads for reading and writing */ 1321 if (child_id < n_readers) { 1322 size_t left = data * read_bias; 1323 char rb[8001]; 1324 1325 while (left) { 1326 int res; 1327 1328 res = recv(self->cfd, rb, 1329 left > sizeof(rb) ? sizeof(rb) : left, 0); 1330 1331 EXPECT_GE(res, 0); 1332 left -= res; 1333 } 1334 } else { 1335 size_t left = data * write_bias; 1336 1337 while (left) { 1338 int res; 1339 1340 ASSERT_EQ(lseek(fd, 0, SEEK_SET), 0); 1341 if (sendpg) 1342 res = sendfile(self->fd, fd, NULL, 1343 left > file_sz ? file_sz : left); 1344 else 1345 res = send(self->fd, buf, 1346 left > file_sz ? file_sz : left, 0); 1347 1348 EXPECT_GE(res, 0); 1349 left -= res; 1350 } 1351 } 1352 } 1353 1354 TEST_F(tls, mutliproc_even) 1355 { 1356 test_mutliproc(_metadata, self, false, 6, 6); 1357 } 1358 1359 TEST_F(tls, mutliproc_readers) 1360 { 1361 test_mutliproc(_metadata, self, false, 4, 12); 1362 } 1363 1364 TEST_F(tls, mutliproc_writers) 1365 { 1366 test_mutliproc(_metadata, self, false, 10, 2); 1367 } 1368 1369 TEST_F(tls, mutliproc_sendpage_even) 1370 { 1371 test_mutliproc(_metadata, self, true, 6, 6); 1372 } 1373 1374 TEST_F(tls, mutliproc_sendpage_readers) 1375 { 1376 test_mutliproc(_metadata, self, true, 4, 12); 1377 } 1378 1379 TEST_F(tls, mutliproc_sendpage_writers) 1380 { 1381 test_mutliproc(_metadata, self, true, 10, 2); 1382 } 1383 1384 TEST_F(tls, control_msg) 1385 { 1386 char *test_str = "test_read"; 1387 char record_type = 100; 1388 int send_len = 10; 1389 char buf[10]; 1390 1391 if (self->notls) 1392 SKIP(return, "no TLS support"); 1393 1394 EXPECT_EQ(tls_send_cmsg(self->fd, record_type, test_str, send_len, 0), 1395 send_len); 1396 /* Should fail because we didn't provide a control message */ 1397 EXPECT_EQ(recv(self->cfd, buf, send_len, 0), -1); 1398 1399 EXPECT_EQ(tls_recv_cmsg(_metadata, self->cfd, record_type, 1400 buf, sizeof(buf), MSG_WAITALL | MSG_PEEK), 1401 send_len); 1402 EXPECT_EQ(memcmp(buf, test_str, send_len), 0); 1403 1404 /* Recv the message again without MSG_PEEK */ 1405 memset(buf, 0, sizeof(buf)); 1406 1407 EXPECT_EQ(tls_recv_cmsg(_metadata, self->cfd, record_type, 1408 buf, sizeof(buf), MSG_WAITALL), 1409 send_len); 1410 EXPECT_EQ(memcmp(buf, test_str, send_len), 0); 1411 } 1412 1413 TEST_F(tls, shutdown) 1414 { 1415 char const *test_str = "test_read"; 1416 int send_len = 10; 1417 char buf[10]; 1418 1419 ASSERT_EQ(strlen(test_str) + 1, send_len); 1420 1421 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 1422 EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1); 1423 EXPECT_EQ(memcmp(buf, test_str, send_len), 0); 1424 1425 shutdown(self->fd, SHUT_RDWR); 1426 shutdown(self->cfd, SHUT_RDWR); 1427 } 1428 1429 TEST_F(tls, shutdown_unsent) 1430 { 1431 char const *test_str = "test_read"; 1432 int send_len = 10; 1433 1434 EXPECT_EQ(send(self->fd, test_str, send_len, MSG_MORE), send_len); 1435 1436 shutdown(self->fd, SHUT_RDWR); 1437 shutdown(self->cfd, SHUT_RDWR); 1438 } 1439 1440 TEST_F(tls, shutdown_reuse) 1441 { 1442 struct sockaddr_in addr; 1443 int ret; 1444 1445 shutdown(self->fd, SHUT_RDWR); 1446 shutdown(self->cfd, SHUT_RDWR); 1447 close(self->cfd); 1448 1449 addr.sin_family = AF_INET; 1450 addr.sin_addr.s_addr = htonl(INADDR_ANY); 1451 addr.sin_port = 0; 1452 1453 ret = bind(self->fd, &addr, sizeof(addr)); 1454 EXPECT_EQ(ret, 0); 1455 ret = listen(self->fd, 10); 1456 EXPECT_EQ(ret, -1); 1457 EXPECT_EQ(errno, EINVAL); 1458 1459 ret = connect(self->fd, &addr, sizeof(addr)); 1460 EXPECT_EQ(ret, -1); 1461 EXPECT_EQ(errno, EISCONN); 1462 } 1463 1464 FIXTURE(tls_err) 1465 { 1466 int fd, cfd; 1467 int fd2, cfd2; 1468 bool notls; 1469 }; 1470 1471 FIXTURE_VARIANT(tls_err) 1472 { 1473 uint16_t tls_version; 1474 }; 1475 1476 FIXTURE_VARIANT_ADD(tls_err, 12_aes_gcm) 1477 { 1478 .tls_version = TLS_1_2_VERSION, 1479 }; 1480 1481 FIXTURE_VARIANT_ADD(tls_err, 13_aes_gcm) 1482 { 1483 .tls_version = TLS_1_3_VERSION, 1484 }; 1485 1486 FIXTURE_SETUP(tls_err) 1487 { 1488 struct tls_crypto_info_keys tls12; 1489 int ret; 1490 1491 tls_crypto_info_init(variant->tls_version, TLS_CIPHER_AES_GCM_128, 1492 &tls12); 1493 1494 ulp_sock_pair(_metadata, &self->fd, &self->cfd, &self->notls); 1495 ulp_sock_pair(_metadata, &self->fd2, &self->cfd2, &self->notls); 1496 if (self->notls) 1497 return; 1498 1499 ret = setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, tls12.len); 1500 ASSERT_EQ(ret, 0); 1501 1502 ret = setsockopt(self->cfd2, SOL_TLS, TLS_RX, &tls12, tls12.len); 1503 ASSERT_EQ(ret, 0); 1504 } 1505 1506 FIXTURE_TEARDOWN(tls_err) 1507 { 1508 close(self->fd); 1509 close(self->cfd); 1510 close(self->fd2); 1511 close(self->cfd2); 1512 } 1513 1514 TEST_F(tls_err, bad_rec) 1515 { 1516 char buf[64]; 1517 1518 if (self->notls) 1519 SKIP(return, "no TLS support"); 1520 1521 memset(buf, 0x55, sizeof(buf)); 1522 EXPECT_EQ(send(self->fd2, buf, sizeof(buf), 0), sizeof(buf)); 1523 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1); 1524 EXPECT_EQ(errno, EMSGSIZE); 1525 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), MSG_DONTWAIT), -1); 1526 EXPECT_EQ(errno, EAGAIN); 1527 } 1528 1529 TEST_F(tls_err, bad_auth) 1530 { 1531 char buf[128]; 1532 int n; 1533 1534 if (self->notls) 1535 SKIP(return, "no TLS support"); 1536 1537 memrnd(buf, sizeof(buf) / 2); 1538 EXPECT_EQ(send(self->fd, buf, sizeof(buf) / 2, 0), sizeof(buf) / 2); 1539 n = recv(self->cfd, buf, sizeof(buf), 0); 1540 EXPECT_GT(n, sizeof(buf) / 2); 1541 1542 buf[n - 1]++; 1543 1544 EXPECT_EQ(send(self->fd2, buf, n, 0), n); 1545 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1); 1546 EXPECT_EQ(errno, EBADMSG); 1547 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1); 1548 EXPECT_EQ(errno, EBADMSG); 1549 } 1550 1551 TEST_F(tls_err, bad_in_large_read) 1552 { 1553 char txt[3][64]; 1554 char cip[3][128]; 1555 char buf[3 * 128]; 1556 int i, n; 1557 1558 if (self->notls) 1559 SKIP(return, "no TLS support"); 1560 1561 /* Put 3 records in the sockets */ 1562 for (i = 0; i < 3; i++) { 1563 memrnd(txt[i], sizeof(txt[i])); 1564 EXPECT_EQ(send(self->fd, txt[i], sizeof(txt[i]), 0), 1565 sizeof(txt[i])); 1566 n = recv(self->cfd, cip[i], sizeof(cip[i]), 0); 1567 EXPECT_GT(n, sizeof(txt[i])); 1568 /* Break the third message */ 1569 if (i == 2) 1570 cip[2][n - 1]++; 1571 EXPECT_EQ(send(self->fd2, cip[i], n, 0), n); 1572 } 1573 1574 /* We should be able to receive the first two messages */ 1575 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), sizeof(txt[0]) * 2); 1576 EXPECT_EQ(memcmp(buf, txt[0], sizeof(txt[0])), 0); 1577 EXPECT_EQ(memcmp(buf + sizeof(txt[0]), txt[1], sizeof(txt[1])), 0); 1578 /* Third mesasge is bad */ 1579 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1); 1580 EXPECT_EQ(errno, EBADMSG); 1581 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1); 1582 EXPECT_EQ(errno, EBADMSG); 1583 } 1584 1585 TEST_F(tls_err, bad_cmsg) 1586 { 1587 char *test_str = "test_read"; 1588 int send_len = 10; 1589 char cip[128]; 1590 char buf[128]; 1591 char txt[64]; 1592 int n; 1593 1594 if (self->notls) 1595 SKIP(return, "no TLS support"); 1596 1597 /* Queue up one data record */ 1598 memrnd(txt, sizeof(txt)); 1599 EXPECT_EQ(send(self->fd, txt, sizeof(txt), 0), sizeof(txt)); 1600 n = recv(self->cfd, cip, sizeof(cip), 0); 1601 EXPECT_GT(n, sizeof(txt)); 1602 EXPECT_EQ(send(self->fd2, cip, n, 0), n); 1603 1604 EXPECT_EQ(tls_send_cmsg(self->fd, 100, test_str, send_len, 0), 10); 1605 n = recv(self->cfd, cip, sizeof(cip), 0); 1606 cip[n - 1]++; /* Break it */ 1607 EXPECT_GT(n, send_len); 1608 EXPECT_EQ(send(self->fd2, cip, n, 0), n); 1609 1610 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), sizeof(txt)); 1611 EXPECT_EQ(memcmp(buf, txt, sizeof(txt)), 0); 1612 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1); 1613 EXPECT_EQ(errno, EBADMSG); 1614 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1); 1615 EXPECT_EQ(errno, EBADMSG); 1616 } 1617 1618 TEST_F(tls_err, timeo) 1619 { 1620 struct timeval tv = { .tv_usec = 10000, }; 1621 char buf[128]; 1622 int ret; 1623 1624 if (self->notls) 1625 SKIP(return, "no TLS support"); 1626 1627 ret = setsockopt(self->cfd2, SOL_SOCKET, SO_RCVTIMEO, &tv, sizeof(tv)); 1628 ASSERT_EQ(ret, 0); 1629 1630 ret = fork(); 1631 ASSERT_GE(ret, 0); 1632 1633 if (ret) { 1634 usleep(1000); /* Give child a head start */ 1635 1636 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1); 1637 EXPECT_EQ(errno, EAGAIN); 1638 1639 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1); 1640 EXPECT_EQ(errno, EAGAIN); 1641 1642 wait(&ret); 1643 } else { 1644 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1); 1645 EXPECT_EQ(errno, EAGAIN); 1646 exit(0); 1647 } 1648 } 1649 1650 TEST_F(tls_err, poll_partial_rec) 1651 { 1652 struct pollfd pfd = { }; 1653 ssize_t rec_len; 1654 char rec[256]; 1655 char buf[128]; 1656 1657 if (self->notls) 1658 SKIP(return, "no TLS support"); 1659 1660 pfd.fd = self->cfd2; 1661 pfd.events = POLLIN; 1662 EXPECT_EQ(poll(&pfd, 1, 1), 0); 1663 1664 memrnd(buf, sizeof(buf)); 1665 EXPECT_EQ(send(self->fd, buf, sizeof(buf), 0), sizeof(buf)); 1666 rec_len = recv(self->cfd, rec, sizeof(rec), 0); 1667 EXPECT_GT(rec_len, sizeof(buf)); 1668 1669 /* Write 100B, not the full record ... */ 1670 EXPECT_EQ(send(self->fd2, rec, 100, 0), 100); 1671 /* ... no full record should mean no POLLIN */ 1672 pfd.fd = self->cfd2; 1673 pfd.events = POLLIN; 1674 EXPECT_EQ(poll(&pfd, 1, 1), 0); 1675 /* Now write the rest, and it should all pop out of the other end. */ 1676 EXPECT_EQ(send(self->fd2, rec + 100, rec_len - 100, 0), rec_len - 100); 1677 pfd.fd = self->cfd2; 1678 pfd.events = POLLIN; 1679 EXPECT_EQ(poll(&pfd, 1, 1), 1); 1680 EXPECT_EQ(recv(self->cfd2, rec, sizeof(rec), 0), sizeof(buf)); 1681 EXPECT_EQ(memcmp(buf, rec, sizeof(buf)), 0); 1682 } 1683 1684 TEST_F(tls_err, epoll_partial_rec) 1685 { 1686 struct epoll_event ev, events[10]; 1687 ssize_t rec_len; 1688 char rec[256]; 1689 char buf[128]; 1690 int epollfd; 1691 1692 if (self->notls) 1693 SKIP(return, "no TLS support"); 1694 1695 epollfd = epoll_create1(0); 1696 ASSERT_GE(epollfd, 0); 1697 1698 memset(&ev, 0, sizeof(ev)); 1699 ev.events = EPOLLIN; 1700 ev.data.fd = self->cfd2; 1701 ASSERT_GE(epoll_ctl(epollfd, EPOLL_CTL_ADD, self->cfd2, &ev), 0); 1702 1703 EXPECT_EQ(epoll_wait(epollfd, events, 10, 0), 0); 1704 1705 memrnd(buf, sizeof(buf)); 1706 EXPECT_EQ(send(self->fd, buf, sizeof(buf), 0), sizeof(buf)); 1707 rec_len = recv(self->cfd, rec, sizeof(rec), 0); 1708 EXPECT_GT(rec_len, sizeof(buf)); 1709 1710 /* Write 100B, not the full record ... */ 1711 EXPECT_EQ(send(self->fd2, rec, 100, 0), 100); 1712 /* ... no full record should mean no POLLIN */ 1713 EXPECT_EQ(epoll_wait(epollfd, events, 10, 0), 0); 1714 /* Now write the rest, and it should all pop out of the other end. */ 1715 EXPECT_EQ(send(self->fd2, rec + 100, rec_len - 100, 0), rec_len - 100); 1716 EXPECT_EQ(epoll_wait(epollfd, events, 10, 0), 1); 1717 EXPECT_EQ(recv(self->cfd2, rec, sizeof(rec), 0), sizeof(buf)); 1718 EXPECT_EQ(memcmp(buf, rec, sizeof(buf)), 0); 1719 1720 close(epollfd); 1721 } 1722 1723 TEST_F(tls_err, poll_partial_rec_async) 1724 { 1725 struct pollfd pfd = { }; 1726 ssize_t rec_len; 1727 char rec[256]; 1728 char buf[128]; 1729 char token; 1730 int p[2]; 1731 int ret; 1732 1733 if (self->notls) 1734 SKIP(return, "no TLS support"); 1735 1736 ASSERT_GE(pipe(p), 0); 1737 1738 memrnd(buf, sizeof(buf)); 1739 EXPECT_EQ(send(self->fd, buf, sizeof(buf), 0), sizeof(buf)); 1740 rec_len = recv(self->cfd, rec, sizeof(rec), 0); 1741 EXPECT_GT(rec_len, sizeof(buf)); 1742 1743 ret = fork(); 1744 ASSERT_GE(ret, 0); 1745 1746 if (ret) { 1747 int status, pid2; 1748 1749 close(p[1]); 1750 usleep(1000); /* Give child a head start */ 1751 1752 EXPECT_EQ(send(self->fd2, rec, 100, 0), 100); 1753 1754 EXPECT_EQ(read(p[0], &token, 1), 1); /* Barrier #1 */ 1755 1756 EXPECT_EQ(send(self->fd2, rec + 100, rec_len - 100, 0), 1757 rec_len - 100); 1758 1759 pid2 = wait(&status); 1760 EXPECT_EQ(pid2, ret); 1761 EXPECT_EQ(status, 0); 1762 } else { 1763 close(p[0]); 1764 1765 /* Child should sleep in poll(), never get a wake */ 1766 pfd.fd = self->cfd2; 1767 pfd.events = POLLIN; 1768 EXPECT_EQ(poll(&pfd, 1, 5), 0); 1769 1770 EXPECT_EQ(write(p[1], &token, 1), 1); /* Barrier #1 */ 1771 1772 pfd.fd = self->cfd2; 1773 pfd.events = POLLIN; 1774 EXPECT_EQ(poll(&pfd, 1, 5), 1); 1775 1776 exit(!_metadata->passed); 1777 } 1778 } 1779 1780 TEST(non_established) { 1781 struct tls12_crypto_info_aes_gcm_256 tls12; 1782 struct sockaddr_in addr; 1783 int sfd, ret, fd; 1784 socklen_t len; 1785 1786 len = sizeof(addr); 1787 1788 memset(&tls12, 0, sizeof(tls12)); 1789 tls12.info.version = TLS_1_2_VERSION; 1790 tls12.info.cipher_type = TLS_CIPHER_AES_GCM_256; 1791 1792 addr.sin_family = AF_INET; 1793 addr.sin_addr.s_addr = htonl(INADDR_ANY); 1794 addr.sin_port = 0; 1795 1796 fd = socket(AF_INET, SOCK_STREAM, 0); 1797 sfd = socket(AF_INET, SOCK_STREAM, 0); 1798 1799 ret = bind(sfd, &addr, sizeof(addr)); 1800 ASSERT_EQ(ret, 0); 1801 ret = listen(sfd, 10); 1802 ASSERT_EQ(ret, 0); 1803 1804 ret = setsockopt(fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")); 1805 EXPECT_EQ(ret, -1); 1806 /* TLS ULP not supported */ 1807 if (errno == ENOENT) 1808 return; 1809 EXPECT_EQ(errno, ENOTCONN); 1810 1811 ret = setsockopt(sfd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")); 1812 EXPECT_EQ(ret, -1); 1813 EXPECT_EQ(errno, ENOTCONN); 1814 1815 ret = getsockname(sfd, &addr, &len); 1816 ASSERT_EQ(ret, 0); 1817 1818 ret = connect(fd, &addr, sizeof(addr)); 1819 ASSERT_EQ(ret, 0); 1820 1821 ret = setsockopt(fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")); 1822 ASSERT_EQ(ret, 0); 1823 1824 ret = setsockopt(fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")); 1825 EXPECT_EQ(ret, -1); 1826 EXPECT_EQ(errno, EEXIST); 1827 1828 close(fd); 1829 close(sfd); 1830 } 1831 1832 TEST(keysizes) { 1833 struct tls12_crypto_info_aes_gcm_256 tls12; 1834 int ret, fd, cfd; 1835 bool notls; 1836 1837 memset(&tls12, 0, sizeof(tls12)); 1838 tls12.info.version = TLS_1_2_VERSION; 1839 tls12.info.cipher_type = TLS_CIPHER_AES_GCM_256; 1840 1841 ulp_sock_pair(_metadata, &fd, &cfd, ¬ls); 1842 1843 if (!notls) { 1844 ret = setsockopt(fd, SOL_TLS, TLS_TX, &tls12, 1845 sizeof(tls12)); 1846 EXPECT_EQ(ret, 0); 1847 1848 ret = setsockopt(cfd, SOL_TLS, TLS_RX, &tls12, 1849 sizeof(tls12)); 1850 EXPECT_EQ(ret, 0); 1851 } 1852 1853 close(fd); 1854 close(cfd); 1855 } 1856 1857 TEST(no_pad) { 1858 struct tls12_crypto_info_aes_gcm_256 tls12; 1859 int ret, fd, cfd, val; 1860 socklen_t len; 1861 bool notls; 1862 1863 memset(&tls12, 0, sizeof(tls12)); 1864 tls12.info.version = TLS_1_3_VERSION; 1865 tls12.info.cipher_type = TLS_CIPHER_AES_GCM_256; 1866 1867 ulp_sock_pair(_metadata, &fd, &cfd, ¬ls); 1868 1869 if (notls) 1870 exit(KSFT_SKIP); 1871 1872 ret = setsockopt(fd, SOL_TLS, TLS_TX, &tls12, sizeof(tls12)); 1873 EXPECT_EQ(ret, 0); 1874 1875 ret = setsockopt(cfd, SOL_TLS, TLS_RX, &tls12, sizeof(tls12)); 1876 EXPECT_EQ(ret, 0); 1877 1878 val = 1; 1879 ret = setsockopt(cfd, SOL_TLS, TLS_RX_EXPECT_NO_PAD, 1880 (void *)&val, sizeof(val)); 1881 EXPECT_EQ(ret, 0); 1882 1883 len = sizeof(val); 1884 val = 2; 1885 ret = getsockopt(cfd, SOL_TLS, TLS_RX_EXPECT_NO_PAD, 1886 (void *)&val, &len); 1887 EXPECT_EQ(ret, 0); 1888 EXPECT_EQ(val, 1); 1889 EXPECT_EQ(len, 4); 1890 1891 val = 0; 1892 ret = setsockopt(cfd, SOL_TLS, TLS_RX_EXPECT_NO_PAD, 1893 (void *)&val, sizeof(val)); 1894 EXPECT_EQ(ret, 0); 1895 1896 len = sizeof(val); 1897 val = 2; 1898 ret = getsockopt(cfd, SOL_TLS, TLS_RX_EXPECT_NO_PAD, 1899 (void *)&val, &len); 1900 EXPECT_EQ(ret, 0); 1901 EXPECT_EQ(val, 0); 1902 EXPECT_EQ(len, 4); 1903 1904 close(fd); 1905 close(cfd); 1906 } 1907 1908 TEST(tls_v6ops) { 1909 struct tls_crypto_info_keys tls12; 1910 struct sockaddr_in6 addr, addr2; 1911 int sfd, ret, fd; 1912 socklen_t len, len2; 1913 1914 tls_crypto_info_init(TLS_1_2_VERSION, TLS_CIPHER_AES_GCM_128, &tls12); 1915 1916 addr.sin6_family = AF_INET6; 1917 addr.sin6_addr = in6addr_any; 1918 addr.sin6_port = 0; 1919 1920 fd = socket(AF_INET6, SOCK_STREAM, 0); 1921 sfd = socket(AF_INET6, SOCK_STREAM, 0); 1922 1923 ret = bind(sfd, &addr, sizeof(addr)); 1924 ASSERT_EQ(ret, 0); 1925 ret = listen(sfd, 10); 1926 ASSERT_EQ(ret, 0); 1927 1928 len = sizeof(addr); 1929 ret = getsockname(sfd, &addr, &len); 1930 ASSERT_EQ(ret, 0); 1931 1932 ret = connect(fd, &addr, sizeof(addr)); 1933 ASSERT_EQ(ret, 0); 1934 1935 len = sizeof(addr); 1936 ret = getsockname(fd, &addr, &len); 1937 ASSERT_EQ(ret, 0); 1938 1939 ret = setsockopt(fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")); 1940 if (ret) { 1941 ASSERT_EQ(errno, ENOENT); 1942 SKIP(return, "no TLS support"); 1943 } 1944 ASSERT_EQ(ret, 0); 1945 1946 ret = setsockopt(fd, SOL_TLS, TLS_TX, &tls12, tls12.len); 1947 ASSERT_EQ(ret, 0); 1948 1949 ret = setsockopt(fd, SOL_TLS, TLS_RX, &tls12, tls12.len); 1950 ASSERT_EQ(ret, 0); 1951 1952 len2 = sizeof(addr2); 1953 ret = getsockname(fd, &addr2, &len2); 1954 ASSERT_EQ(ret, 0); 1955 1956 EXPECT_EQ(len2, len); 1957 EXPECT_EQ(memcmp(&addr, &addr2, len), 0); 1958 1959 close(fd); 1960 close(sfd); 1961 } 1962 1963 TEST(prequeue) { 1964 struct tls_crypto_info_keys tls12; 1965 char buf[20000], buf2[20000]; 1966 struct sockaddr_in addr; 1967 int sfd, cfd, ret, fd; 1968 socklen_t len; 1969 1970 len = sizeof(addr); 1971 memrnd(buf, sizeof(buf)); 1972 1973 tls_crypto_info_init(TLS_1_2_VERSION, TLS_CIPHER_AES_GCM_256, &tls12); 1974 1975 addr.sin_family = AF_INET; 1976 addr.sin_addr.s_addr = htonl(INADDR_ANY); 1977 addr.sin_port = 0; 1978 1979 fd = socket(AF_INET, SOCK_STREAM, 0); 1980 sfd = socket(AF_INET, SOCK_STREAM, 0); 1981 1982 ASSERT_EQ(bind(sfd, &addr, sizeof(addr)), 0); 1983 ASSERT_EQ(listen(sfd, 10), 0); 1984 ASSERT_EQ(getsockname(sfd, &addr, &len), 0); 1985 ASSERT_EQ(connect(fd, &addr, sizeof(addr)), 0); 1986 ASSERT_GE(cfd = accept(sfd, &addr, &len), 0); 1987 close(sfd); 1988 1989 ret = setsockopt(fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")); 1990 if (ret) { 1991 ASSERT_EQ(errno, ENOENT); 1992 SKIP(return, "no TLS support"); 1993 } 1994 1995 ASSERT_EQ(setsockopt(fd, SOL_TLS, TLS_TX, &tls12, tls12.len), 0); 1996 EXPECT_EQ(send(fd, buf, sizeof(buf), MSG_DONTWAIT), sizeof(buf)); 1997 1998 ASSERT_EQ(setsockopt(cfd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")), 0); 1999 ASSERT_EQ(setsockopt(cfd, SOL_TLS, TLS_RX, &tls12, tls12.len), 0); 2000 EXPECT_EQ(recv(cfd, buf2, sizeof(buf2), MSG_WAITALL), sizeof(buf2)); 2001 2002 EXPECT_EQ(memcmp(buf, buf2, sizeof(buf)), 0); 2003 2004 close(fd); 2005 close(cfd); 2006 } 2007 2008 static void __attribute__((constructor)) fips_check(void) { 2009 int res; 2010 FILE *f; 2011 2012 f = fopen("/proc/sys/crypto/fips_enabled", "r"); 2013 if (f) { 2014 res = fscanf(f, "%d", &fips_enabled); 2015 if (res != 1) 2016 ksft_print_msg("ERROR: Couldn't read /proc/sys/crypto/fips_enabled\n"); 2017 fclose(f); 2018 } 2019 } 2020 2021 TEST_HARNESS_MAIN 2022