xref: /openbmc/linux/tools/testing/selftests/net/tls.c (revision f412eef0)
1 // SPDX-License-Identifier: GPL-2.0
2 
3 #define _GNU_SOURCE
4 
5 #include <arpa/inet.h>
6 #include <errno.h>
7 #include <error.h>
8 #include <fcntl.h>
9 #include <poll.h>
10 #include <stdio.h>
11 #include <stdlib.h>
12 #include <unistd.h>
13 
14 #include <linux/tls.h>
15 #include <linux/tcp.h>
16 #include <linux/socket.h>
17 
18 #include <sys/types.h>
19 #include <sys/sendfile.h>
20 #include <sys/socket.h>
21 #include <sys/stat.h>
22 
23 #include "../kselftest_harness.h"
24 
25 #define TLS_PAYLOAD_MAX_LEN 16384
26 #define SOL_TLS 282
27 
28 struct tls_crypto_info_keys {
29 	union {
30 		struct tls12_crypto_info_aes_gcm_128 aes128;
31 		struct tls12_crypto_info_chacha20_poly1305 chacha20;
32 		struct tls12_crypto_info_sm4_gcm sm4gcm;
33 		struct tls12_crypto_info_sm4_ccm sm4ccm;
34 		struct tls12_crypto_info_aes_ccm_128 aesccm128;
35 		struct tls12_crypto_info_aes_gcm_256 aesgcm256;
36 	};
37 	size_t len;
38 };
39 
40 static void tls_crypto_info_init(uint16_t tls_version, uint16_t cipher_type,
41 				 struct tls_crypto_info_keys *tls12)
42 {
43 	memset(tls12, 0, sizeof(*tls12));
44 
45 	switch (cipher_type) {
46 	case TLS_CIPHER_CHACHA20_POLY1305:
47 		tls12->len = sizeof(struct tls12_crypto_info_chacha20_poly1305);
48 		tls12->chacha20.info.version = tls_version;
49 		tls12->chacha20.info.cipher_type = cipher_type;
50 		break;
51 	case TLS_CIPHER_AES_GCM_128:
52 		tls12->len = sizeof(struct tls12_crypto_info_aes_gcm_128);
53 		tls12->aes128.info.version = tls_version;
54 		tls12->aes128.info.cipher_type = cipher_type;
55 		break;
56 	case TLS_CIPHER_SM4_GCM:
57 		tls12->len = sizeof(struct tls12_crypto_info_sm4_gcm);
58 		tls12->sm4gcm.info.version = tls_version;
59 		tls12->sm4gcm.info.cipher_type = cipher_type;
60 		break;
61 	case TLS_CIPHER_SM4_CCM:
62 		tls12->len = sizeof(struct tls12_crypto_info_sm4_ccm);
63 		tls12->sm4ccm.info.version = tls_version;
64 		tls12->sm4ccm.info.cipher_type = cipher_type;
65 		break;
66 	case TLS_CIPHER_AES_CCM_128:
67 		tls12->len = sizeof(struct tls12_crypto_info_aes_ccm_128);
68 		tls12->aesccm128.info.version = tls_version;
69 		tls12->aesccm128.info.cipher_type = cipher_type;
70 		break;
71 	case TLS_CIPHER_AES_GCM_256:
72 		tls12->len = sizeof(struct tls12_crypto_info_aes_gcm_256);
73 		tls12->aesgcm256.info.version = tls_version;
74 		tls12->aesgcm256.info.cipher_type = cipher_type;
75 		break;
76 	default:
77 		break;
78 	}
79 }
80 
81 static void memrnd(void *s, size_t n)
82 {
83 	int *dword = s;
84 	char *byte;
85 
86 	for (; n >= 4; n -= 4)
87 		*dword++ = rand();
88 	byte = (void *)dword;
89 	while (n--)
90 		*byte++ = rand();
91 }
92 
93 static void ulp_sock_pair(struct __test_metadata *_metadata,
94 			  int *fd, int *cfd, bool *notls)
95 {
96 	struct sockaddr_in addr;
97 	socklen_t len;
98 	int sfd, ret;
99 
100 	*notls = false;
101 	len = sizeof(addr);
102 
103 	addr.sin_family = AF_INET;
104 	addr.sin_addr.s_addr = htonl(INADDR_ANY);
105 	addr.sin_port = 0;
106 
107 	*fd = socket(AF_INET, SOCK_STREAM, 0);
108 	sfd = socket(AF_INET, SOCK_STREAM, 0);
109 
110 	ret = bind(sfd, &addr, sizeof(addr));
111 	ASSERT_EQ(ret, 0);
112 	ret = listen(sfd, 10);
113 	ASSERT_EQ(ret, 0);
114 
115 	ret = getsockname(sfd, &addr, &len);
116 	ASSERT_EQ(ret, 0);
117 
118 	ret = connect(*fd, &addr, sizeof(addr));
119 	ASSERT_EQ(ret, 0);
120 
121 	*cfd = accept(sfd, &addr, &len);
122 	ASSERT_GE(*cfd, 0);
123 
124 	close(sfd);
125 
126 	ret = setsockopt(*fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls"));
127 	if (ret != 0) {
128 		ASSERT_EQ(errno, ENOENT);
129 		*notls = true;
130 		printf("Failure setting TCP_ULP, testing without tls\n");
131 		return;
132 	}
133 
134 	ret = setsockopt(*cfd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls"));
135 	ASSERT_EQ(ret, 0);
136 }
137 
138 /* Produce a basic cmsg */
139 static int tls_send_cmsg(int fd, unsigned char record_type,
140 			 void *data, size_t len, int flags)
141 {
142 	char cbuf[CMSG_SPACE(sizeof(char))];
143 	int cmsg_len = sizeof(char);
144 	struct cmsghdr *cmsg;
145 	struct msghdr msg;
146 	struct iovec vec;
147 
148 	vec.iov_base = data;
149 	vec.iov_len = len;
150 	memset(&msg, 0, sizeof(struct msghdr));
151 	msg.msg_iov = &vec;
152 	msg.msg_iovlen = 1;
153 	msg.msg_control = cbuf;
154 	msg.msg_controllen = sizeof(cbuf);
155 	cmsg = CMSG_FIRSTHDR(&msg);
156 	cmsg->cmsg_level = SOL_TLS;
157 	/* test sending non-record types. */
158 	cmsg->cmsg_type = TLS_SET_RECORD_TYPE;
159 	cmsg->cmsg_len = CMSG_LEN(cmsg_len);
160 	*CMSG_DATA(cmsg) = record_type;
161 	msg.msg_controllen = cmsg->cmsg_len;
162 
163 	return sendmsg(fd, &msg, flags);
164 }
165 
166 static int tls_recv_cmsg(struct __test_metadata *_metadata,
167 			 int fd, unsigned char record_type,
168 			 void *data, size_t len, int flags)
169 {
170 	char cbuf[CMSG_SPACE(sizeof(char))];
171 	struct cmsghdr *cmsg;
172 	unsigned char ctype;
173 	struct msghdr msg;
174 	struct iovec vec;
175 	int n;
176 
177 	vec.iov_base = data;
178 	vec.iov_len = len;
179 	memset(&msg, 0, sizeof(struct msghdr));
180 	msg.msg_iov = &vec;
181 	msg.msg_iovlen = 1;
182 	msg.msg_control = cbuf;
183 	msg.msg_controllen = sizeof(cbuf);
184 
185 	n = recvmsg(fd, &msg, flags);
186 
187 	cmsg = CMSG_FIRSTHDR(&msg);
188 	EXPECT_NE(cmsg, NULL);
189 	EXPECT_EQ(cmsg->cmsg_level, SOL_TLS);
190 	EXPECT_EQ(cmsg->cmsg_type, TLS_GET_RECORD_TYPE);
191 	ctype = *((unsigned char *)CMSG_DATA(cmsg));
192 	EXPECT_EQ(ctype, record_type);
193 
194 	return n;
195 }
196 
197 FIXTURE(tls_basic)
198 {
199 	int fd, cfd;
200 	bool notls;
201 };
202 
203 FIXTURE_SETUP(tls_basic)
204 {
205 	ulp_sock_pair(_metadata, &self->fd, &self->cfd, &self->notls);
206 }
207 
208 FIXTURE_TEARDOWN(tls_basic)
209 {
210 	close(self->fd);
211 	close(self->cfd);
212 }
213 
214 /* Send some data through with ULP but no keys */
215 TEST_F(tls_basic, base_base)
216 {
217 	char const *test_str = "test_read";
218 	int send_len = 10;
219 	char buf[10];
220 
221 	ASSERT_EQ(strlen(test_str) + 1, send_len);
222 
223 	EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
224 	EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1);
225 	EXPECT_EQ(memcmp(buf, test_str, send_len), 0);
226 };
227 
228 FIXTURE(tls)
229 {
230 	int fd, cfd;
231 	bool notls;
232 };
233 
234 FIXTURE_VARIANT(tls)
235 {
236 	uint16_t tls_version;
237 	uint16_t cipher_type;
238 	bool nopad;
239 };
240 
241 FIXTURE_VARIANT_ADD(tls, 12_aes_gcm)
242 {
243 	.tls_version = TLS_1_2_VERSION,
244 	.cipher_type = TLS_CIPHER_AES_GCM_128,
245 };
246 
247 FIXTURE_VARIANT_ADD(tls, 13_aes_gcm)
248 {
249 	.tls_version = TLS_1_3_VERSION,
250 	.cipher_type = TLS_CIPHER_AES_GCM_128,
251 };
252 
253 FIXTURE_VARIANT_ADD(tls, 12_chacha)
254 {
255 	.tls_version = TLS_1_2_VERSION,
256 	.cipher_type = TLS_CIPHER_CHACHA20_POLY1305,
257 };
258 
259 FIXTURE_VARIANT_ADD(tls, 13_chacha)
260 {
261 	.tls_version = TLS_1_3_VERSION,
262 	.cipher_type = TLS_CIPHER_CHACHA20_POLY1305,
263 };
264 
265 FIXTURE_VARIANT_ADD(tls, 13_sm4_gcm)
266 {
267 	.tls_version = TLS_1_3_VERSION,
268 	.cipher_type = TLS_CIPHER_SM4_GCM,
269 };
270 
271 FIXTURE_VARIANT_ADD(tls, 13_sm4_ccm)
272 {
273 	.tls_version = TLS_1_3_VERSION,
274 	.cipher_type = TLS_CIPHER_SM4_CCM,
275 };
276 
277 FIXTURE_VARIANT_ADD(tls, 12_aes_ccm)
278 {
279 	.tls_version = TLS_1_2_VERSION,
280 	.cipher_type = TLS_CIPHER_AES_CCM_128,
281 };
282 
283 FIXTURE_VARIANT_ADD(tls, 13_aes_ccm)
284 {
285 	.tls_version = TLS_1_3_VERSION,
286 	.cipher_type = TLS_CIPHER_AES_CCM_128,
287 };
288 
289 FIXTURE_VARIANT_ADD(tls, 12_aes_gcm_256)
290 {
291 	.tls_version = TLS_1_2_VERSION,
292 	.cipher_type = TLS_CIPHER_AES_GCM_256,
293 };
294 
295 FIXTURE_VARIANT_ADD(tls, 13_aes_gcm_256)
296 {
297 	.tls_version = TLS_1_3_VERSION,
298 	.cipher_type = TLS_CIPHER_AES_GCM_256,
299 };
300 
301 FIXTURE_VARIANT_ADD(tls, 13_nopad)
302 {
303 	.tls_version = TLS_1_3_VERSION,
304 	.cipher_type = TLS_CIPHER_AES_GCM_128,
305 	.nopad = true,
306 };
307 
308 FIXTURE_SETUP(tls)
309 {
310 	struct tls_crypto_info_keys tls12;
311 	int one = 1;
312 	int ret;
313 
314 	tls_crypto_info_init(variant->tls_version, variant->cipher_type,
315 			     &tls12);
316 
317 	ulp_sock_pair(_metadata, &self->fd, &self->cfd, &self->notls);
318 
319 	if (self->notls)
320 		return;
321 
322 	ret = setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, tls12.len);
323 	ASSERT_EQ(ret, 0);
324 
325 	ret = setsockopt(self->cfd, SOL_TLS, TLS_RX, &tls12, tls12.len);
326 	ASSERT_EQ(ret, 0);
327 
328 	if (variant->nopad) {
329 		ret = setsockopt(self->cfd, SOL_TLS, TLS_RX_EXPECT_NO_PAD,
330 				 (void *)&one, sizeof(one));
331 		ASSERT_EQ(ret, 0);
332 	}
333 }
334 
335 FIXTURE_TEARDOWN(tls)
336 {
337 	close(self->fd);
338 	close(self->cfd);
339 }
340 
341 TEST_F(tls, sendfile)
342 {
343 	int filefd = open("/proc/self/exe", O_RDONLY);
344 	struct stat st;
345 
346 	EXPECT_GE(filefd, 0);
347 	fstat(filefd, &st);
348 	EXPECT_GE(sendfile(self->fd, filefd, 0, st.st_size), 0);
349 }
350 
351 TEST_F(tls, send_then_sendfile)
352 {
353 	int filefd = open("/proc/self/exe", O_RDONLY);
354 	char const *test_str = "test_send";
355 	int to_send = strlen(test_str) + 1;
356 	char recv_buf[10];
357 	struct stat st;
358 	char *buf;
359 
360 	EXPECT_GE(filefd, 0);
361 	fstat(filefd, &st);
362 	buf = (char *)malloc(st.st_size);
363 
364 	EXPECT_EQ(send(self->fd, test_str, to_send, 0), to_send);
365 	EXPECT_EQ(recv(self->cfd, recv_buf, to_send, MSG_WAITALL), to_send);
366 	EXPECT_EQ(memcmp(test_str, recv_buf, to_send), 0);
367 
368 	EXPECT_GE(sendfile(self->fd, filefd, 0, st.st_size), 0);
369 	EXPECT_EQ(recv(self->cfd, buf, st.st_size, MSG_WAITALL), st.st_size);
370 }
371 
372 static void chunked_sendfile(struct __test_metadata *_metadata,
373 			     struct _test_data_tls *self,
374 			     uint16_t chunk_size,
375 			     uint16_t extra_payload_size)
376 {
377 	char buf[TLS_PAYLOAD_MAX_LEN];
378 	uint16_t test_payload_size;
379 	int size = 0;
380 	int ret;
381 	char filename[] = "/tmp/mytemp.XXXXXX";
382 	int fd = mkstemp(filename);
383 	off_t offset = 0;
384 
385 	unlink(filename);
386 	ASSERT_GE(fd, 0);
387 	EXPECT_GE(chunk_size, 1);
388 	test_payload_size = chunk_size + extra_payload_size;
389 	ASSERT_GE(TLS_PAYLOAD_MAX_LEN, test_payload_size);
390 	memset(buf, 1, test_payload_size);
391 	size = write(fd, buf, test_payload_size);
392 	EXPECT_EQ(size, test_payload_size);
393 	fsync(fd);
394 
395 	while (size > 0) {
396 		ret = sendfile(self->fd, fd, &offset, chunk_size);
397 		EXPECT_GE(ret, 0);
398 		size -= ret;
399 	}
400 
401 	EXPECT_EQ(recv(self->cfd, buf, test_payload_size, MSG_WAITALL),
402 		  test_payload_size);
403 
404 	close(fd);
405 }
406 
407 TEST_F(tls, multi_chunk_sendfile)
408 {
409 	chunked_sendfile(_metadata, self, 4096, 4096);
410 	chunked_sendfile(_metadata, self, 4096, 0);
411 	chunked_sendfile(_metadata, self, 4096, 1);
412 	chunked_sendfile(_metadata, self, 4096, 2048);
413 	chunked_sendfile(_metadata, self, 8192, 2048);
414 	chunked_sendfile(_metadata, self, 4096, 8192);
415 	chunked_sendfile(_metadata, self, 8192, 4096);
416 	chunked_sendfile(_metadata, self, 12288, 1024);
417 	chunked_sendfile(_metadata, self, 12288, 2000);
418 	chunked_sendfile(_metadata, self, 15360, 100);
419 	chunked_sendfile(_metadata, self, 15360, 300);
420 	chunked_sendfile(_metadata, self, 1, 4096);
421 	chunked_sendfile(_metadata, self, 2048, 4096);
422 	chunked_sendfile(_metadata, self, 2048, 8192);
423 	chunked_sendfile(_metadata, self, 4096, 8192);
424 	chunked_sendfile(_metadata, self, 1024, 12288);
425 	chunked_sendfile(_metadata, self, 2000, 12288);
426 	chunked_sendfile(_metadata, self, 100, 15360);
427 	chunked_sendfile(_metadata, self, 300, 15360);
428 }
429 
430 TEST_F(tls, recv_max)
431 {
432 	unsigned int send_len = TLS_PAYLOAD_MAX_LEN;
433 	char recv_mem[TLS_PAYLOAD_MAX_LEN];
434 	char buf[TLS_PAYLOAD_MAX_LEN];
435 
436 	memrnd(buf, sizeof(buf));
437 
438 	EXPECT_GE(send(self->fd, buf, send_len, 0), 0);
439 	EXPECT_NE(recv(self->cfd, recv_mem, send_len, 0), -1);
440 	EXPECT_EQ(memcmp(buf, recv_mem, send_len), 0);
441 }
442 
443 TEST_F(tls, recv_small)
444 {
445 	char const *test_str = "test_read";
446 	int send_len = 10;
447 	char buf[10];
448 
449 	send_len = strlen(test_str) + 1;
450 	EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
451 	EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1);
452 	EXPECT_EQ(memcmp(buf, test_str, send_len), 0);
453 }
454 
455 TEST_F(tls, msg_more)
456 {
457 	char const *test_str = "test_read";
458 	int send_len = 10;
459 	char buf[10 * 2];
460 
461 	EXPECT_EQ(send(self->fd, test_str, send_len, MSG_MORE), send_len);
462 	EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_DONTWAIT), -1);
463 	EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
464 	EXPECT_EQ(recv(self->cfd, buf, send_len * 2, MSG_WAITALL),
465 		  send_len * 2);
466 	EXPECT_EQ(memcmp(buf, test_str, send_len), 0);
467 }
468 
469 TEST_F(tls, msg_more_unsent)
470 {
471 	char const *test_str = "test_read";
472 	int send_len = 10;
473 	char buf[10];
474 
475 	EXPECT_EQ(send(self->fd, test_str, send_len, MSG_MORE), send_len);
476 	EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_DONTWAIT), -1);
477 }
478 
479 TEST_F(tls, sendmsg_single)
480 {
481 	struct msghdr msg;
482 
483 	char const *test_str = "test_sendmsg";
484 	size_t send_len = 13;
485 	struct iovec vec;
486 	char buf[13];
487 
488 	vec.iov_base = (char *)test_str;
489 	vec.iov_len = send_len;
490 	memset(&msg, 0, sizeof(struct msghdr));
491 	msg.msg_iov = &vec;
492 	msg.msg_iovlen = 1;
493 	EXPECT_EQ(sendmsg(self->fd, &msg, 0), send_len);
494 	EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_WAITALL), send_len);
495 	EXPECT_EQ(memcmp(buf, test_str, send_len), 0);
496 }
497 
498 #define MAX_FRAGS	64
499 #define SEND_LEN	13
500 TEST_F(tls, sendmsg_fragmented)
501 {
502 	char const *test_str = "test_sendmsg";
503 	char buf[SEND_LEN * MAX_FRAGS];
504 	struct iovec vec[MAX_FRAGS];
505 	struct msghdr msg;
506 	int i, frags;
507 
508 	for (frags = 1; frags <= MAX_FRAGS; frags++) {
509 		for (i = 0; i < frags; i++) {
510 			vec[i].iov_base = (char *)test_str;
511 			vec[i].iov_len = SEND_LEN;
512 		}
513 
514 		memset(&msg, 0, sizeof(struct msghdr));
515 		msg.msg_iov = vec;
516 		msg.msg_iovlen = frags;
517 
518 		EXPECT_EQ(sendmsg(self->fd, &msg, 0), SEND_LEN * frags);
519 		EXPECT_EQ(recv(self->cfd, buf, SEND_LEN * frags, MSG_WAITALL),
520 			  SEND_LEN * frags);
521 
522 		for (i = 0; i < frags; i++)
523 			EXPECT_EQ(memcmp(buf + SEND_LEN * i,
524 					 test_str, SEND_LEN), 0);
525 	}
526 }
527 #undef MAX_FRAGS
528 #undef SEND_LEN
529 
530 TEST_F(tls, sendmsg_large)
531 {
532 	void *mem = malloc(16384);
533 	size_t send_len = 16384;
534 	size_t sends = 128;
535 	struct msghdr msg;
536 	size_t recvs = 0;
537 	size_t sent = 0;
538 
539 	memset(&msg, 0, sizeof(struct msghdr));
540 	while (sent++ < sends) {
541 		struct iovec vec = { (void *)mem, send_len };
542 
543 		msg.msg_iov = &vec;
544 		msg.msg_iovlen = 1;
545 		EXPECT_EQ(sendmsg(self->cfd, &msg, 0), send_len);
546 	}
547 
548 	while (recvs++ < sends) {
549 		EXPECT_NE(recv(self->fd, mem, send_len, 0), -1);
550 	}
551 
552 	free(mem);
553 }
554 
555 TEST_F(tls, sendmsg_multiple)
556 {
557 	char const *test_str = "test_sendmsg_multiple";
558 	struct iovec vec[5];
559 	char *test_strs[5];
560 	struct msghdr msg;
561 	int total_len = 0;
562 	int len_cmp = 0;
563 	int iov_len = 5;
564 	char *buf;
565 	int i;
566 
567 	memset(&msg, 0, sizeof(struct msghdr));
568 	for (i = 0; i < iov_len; i++) {
569 		test_strs[i] = (char *)malloc(strlen(test_str) + 1);
570 		snprintf(test_strs[i], strlen(test_str) + 1, "%s", test_str);
571 		vec[i].iov_base = (void *)test_strs[i];
572 		vec[i].iov_len = strlen(test_strs[i]) + 1;
573 		total_len += vec[i].iov_len;
574 	}
575 	msg.msg_iov = vec;
576 	msg.msg_iovlen = iov_len;
577 
578 	EXPECT_EQ(sendmsg(self->cfd, &msg, 0), total_len);
579 	buf = malloc(total_len);
580 	EXPECT_NE(recv(self->fd, buf, total_len, 0), -1);
581 	for (i = 0; i < iov_len; i++) {
582 		EXPECT_EQ(memcmp(test_strs[i], buf + len_cmp,
583 				 strlen(test_strs[i])),
584 			  0);
585 		len_cmp += strlen(buf + len_cmp) + 1;
586 	}
587 	for (i = 0; i < iov_len; i++)
588 		free(test_strs[i]);
589 	free(buf);
590 }
591 
592 TEST_F(tls, sendmsg_multiple_stress)
593 {
594 	char const *test_str = "abcdefghijklmno";
595 	struct iovec vec[1024];
596 	char *test_strs[1024];
597 	int iov_len = 1024;
598 	int total_len = 0;
599 	char buf[1 << 14];
600 	struct msghdr msg;
601 	int len_cmp = 0;
602 	int i;
603 
604 	memset(&msg, 0, sizeof(struct msghdr));
605 	for (i = 0; i < iov_len; i++) {
606 		test_strs[i] = (char *)malloc(strlen(test_str) + 1);
607 		snprintf(test_strs[i], strlen(test_str) + 1, "%s", test_str);
608 		vec[i].iov_base = (void *)test_strs[i];
609 		vec[i].iov_len = strlen(test_strs[i]) + 1;
610 		total_len += vec[i].iov_len;
611 	}
612 	msg.msg_iov = vec;
613 	msg.msg_iovlen = iov_len;
614 
615 	EXPECT_EQ(sendmsg(self->fd, &msg, 0), total_len);
616 	EXPECT_NE(recv(self->cfd, buf, total_len, 0), -1);
617 
618 	for (i = 0; i < iov_len; i++)
619 		len_cmp += strlen(buf + len_cmp) + 1;
620 
621 	for (i = 0; i < iov_len; i++)
622 		free(test_strs[i]);
623 }
624 
625 TEST_F(tls, splice_from_pipe)
626 {
627 	int send_len = TLS_PAYLOAD_MAX_LEN;
628 	char mem_send[TLS_PAYLOAD_MAX_LEN];
629 	char mem_recv[TLS_PAYLOAD_MAX_LEN];
630 	int p[2];
631 
632 	ASSERT_GE(pipe(p), 0);
633 	EXPECT_GE(write(p[1], mem_send, send_len), 0);
634 	EXPECT_GE(splice(p[0], NULL, self->fd, NULL, send_len, 0), 0);
635 	EXPECT_EQ(recv(self->cfd, mem_recv, send_len, MSG_WAITALL), send_len);
636 	EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0);
637 }
638 
639 TEST_F(tls, splice_from_pipe2)
640 {
641 	int send_len = 16000;
642 	char mem_send[16000];
643 	char mem_recv[16000];
644 	int p2[2];
645 	int p[2];
646 
647 	memrnd(mem_send, sizeof(mem_send));
648 
649 	ASSERT_GE(pipe(p), 0);
650 	ASSERT_GE(pipe(p2), 0);
651 	EXPECT_EQ(write(p[1], mem_send, 8000), 8000);
652 	EXPECT_EQ(splice(p[0], NULL, self->fd, NULL, 8000, 0), 8000);
653 	EXPECT_EQ(write(p2[1], mem_send + 8000, 8000), 8000);
654 	EXPECT_EQ(splice(p2[0], NULL, self->fd, NULL, 8000, 0), 8000);
655 	EXPECT_EQ(recv(self->cfd, mem_recv, send_len, MSG_WAITALL), send_len);
656 	EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0);
657 }
658 
659 TEST_F(tls, send_and_splice)
660 {
661 	int send_len = TLS_PAYLOAD_MAX_LEN;
662 	char mem_send[TLS_PAYLOAD_MAX_LEN];
663 	char mem_recv[TLS_PAYLOAD_MAX_LEN];
664 	char const *test_str = "test_read";
665 	int send_len2 = 10;
666 	char buf[10];
667 	int p[2];
668 
669 	ASSERT_GE(pipe(p), 0);
670 	EXPECT_EQ(send(self->fd, test_str, send_len2, 0), send_len2);
671 	EXPECT_EQ(recv(self->cfd, buf, send_len2, MSG_WAITALL), send_len2);
672 	EXPECT_EQ(memcmp(test_str, buf, send_len2), 0);
673 
674 	EXPECT_GE(write(p[1], mem_send, send_len), send_len);
675 	EXPECT_GE(splice(p[0], NULL, self->fd, NULL, send_len, 0), send_len);
676 
677 	EXPECT_EQ(recv(self->cfd, mem_recv, send_len, MSG_WAITALL), send_len);
678 	EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0);
679 }
680 
681 TEST_F(tls, splice_to_pipe)
682 {
683 	int send_len = TLS_PAYLOAD_MAX_LEN;
684 	char mem_send[TLS_PAYLOAD_MAX_LEN];
685 	char mem_recv[TLS_PAYLOAD_MAX_LEN];
686 	int p[2];
687 
688 	memrnd(mem_send, sizeof(mem_send));
689 
690 	ASSERT_GE(pipe(p), 0);
691 	EXPECT_EQ(send(self->fd, mem_send, send_len, 0), send_len);
692 	EXPECT_EQ(splice(self->cfd, NULL, p[1], NULL, send_len, 0), send_len);
693 	EXPECT_EQ(read(p[0], mem_recv, send_len), send_len);
694 	EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0);
695 }
696 
697 TEST_F(tls, splice_cmsg_to_pipe)
698 {
699 	char *test_str = "test_read";
700 	char record_type = 100;
701 	int send_len = 10;
702 	char buf[10];
703 	int p[2];
704 
705 	if (self->notls)
706 		SKIP(return, "no TLS support");
707 
708 	ASSERT_GE(pipe(p), 0);
709 	EXPECT_EQ(tls_send_cmsg(self->fd, 100, test_str, send_len, 0), 10);
710 	EXPECT_EQ(splice(self->cfd, NULL, p[1], NULL, send_len, 0), -1);
711 	EXPECT_EQ(errno, EINVAL);
712 	EXPECT_EQ(recv(self->cfd, buf, send_len, 0), -1);
713 	EXPECT_EQ(errno, EIO);
714 	EXPECT_EQ(tls_recv_cmsg(_metadata, self->cfd, record_type,
715 				buf, sizeof(buf), MSG_WAITALL),
716 		  send_len);
717 	EXPECT_EQ(memcmp(test_str, buf, send_len), 0);
718 }
719 
720 TEST_F(tls, splice_dec_cmsg_to_pipe)
721 {
722 	char *test_str = "test_read";
723 	char record_type = 100;
724 	int send_len = 10;
725 	char buf[10];
726 	int p[2];
727 
728 	if (self->notls)
729 		SKIP(return, "no TLS support");
730 
731 	ASSERT_GE(pipe(p), 0);
732 	EXPECT_EQ(tls_send_cmsg(self->fd, 100, test_str, send_len, 0), 10);
733 	EXPECT_EQ(recv(self->cfd, buf, send_len, 0), -1);
734 	EXPECT_EQ(errno, EIO);
735 	EXPECT_EQ(splice(self->cfd, NULL, p[1], NULL, send_len, 0), -1);
736 	EXPECT_EQ(errno, EINVAL);
737 	EXPECT_EQ(tls_recv_cmsg(_metadata, self->cfd, record_type,
738 				buf, sizeof(buf), MSG_WAITALL),
739 		  send_len);
740 	EXPECT_EQ(memcmp(test_str, buf, send_len), 0);
741 }
742 
743 TEST_F(tls, recv_and_splice)
744 {
745 	int send_len = TLS_PAYLOAD_MAX_LEN;
746 	char mem_send[TLS_PAYLOAD_MAX_LEN];
747 	char mem_recv[TLS_PAYLOAD_MAX_LEN];
748 	int half = send_len / 2;
749 	int p[2];
750 
751 	ASSERT_GE(pipe(p), 0);
752 	EXPECT_EQ(send(self->fd, mem_send, send_len, 0), send_len);
753 	/* Recv hald of the record, splice the other half */
754 	EXPECT_EQ(recv(self->cfd, mem_recv, half, MSG_WAITALL), half);
755 	EXPECT_EQ(splice(self->cfd, NULL, p[1], NULL, half, SPLICE_F_NONBLOCK),
756 		  half);
757 	EXPECT_EQ(read(p[0], &mem_recv[half], half), half);
758 	EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0);
759 }
760 
761 TEST_F(tls, peek_and_splice)
762 {
763 	int send_len = TLS_PAYLOAD_MAX_LEN;
764 	char mem_send[TLS_PAYLOAD_MAX_LEN];
765 	char mem_recv[TLS_PAYLOAD_MAX_LEN];
766 	int chunk = TLS_PAYLOAD_MAX_LEN / 4;
767 	int n, i, p[2];
768 
769 	memrnd(mem_send, sizeof(mem_send));
770 
771 	ASSERT_GE(pipe(p), 0);
772 	for (i = 0; i < 4; i++)
773 		EXPECT_EQ(send(self->fd, &mem_send[chunk * i], chunk, 0),
774 			  chunk);
775 
776 	EXPECT_EQ(recv(self->cfd, mem_recv, chunk * 5 / 2,
777 		       MSG_WAITALL | MSG_PEEK),
778 		  chunk * 5 / 2);
779 	EXPECT_EQ(memcmp(mem_send, mem_recv, chunk * 5 / 2), 0);
780 
781 	n = 0;
782 	while (n < send_len) {
783 		i = splice(self->cfd, NULL, p[1], NULL, send_len - n, 0);
784 		EXPECT_GT(i, 0);
785 		n += i;
786 	}
787 	EXPECT_EQ(n, send_len);
788 	EXPECT_EQ(read(p[0], mem_recv, send_len), send_len);
789 	EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0);
790 }
791 
792 TEST_F(tls, recvmsg_single)
793 {
794 	char const *test_str = "test_recvmsg_single";
795 	int send_len = strlen(test_str) + 1;
796 	char buf[20];
797 	struct msghdr hdr;
798 	struct iovec vec;
799 
800 	memset(&hdr, 0, sizeof(hdr));
801 	EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
802 	vec.iov_base = (char *)buf;
803 	vec.iov_len = send_len;
804 	hdr.msg_iovlen = 1;
805 	hdr.msg_iov = &vec;
806 	EXPECT_NE(recvmsg(self->cfd, &hdr, 0), -1);
807 	EXPECT_EQ(memcmp(test_str, buf, send_len), 0);
808 }
809 
810 TEST_F(tls, recvmsg_single_max)
811 {
812 	int send_len = TLS_PAYLOAD_MAX_LEN;
813 	char send_mem[TLS_PAYLOAD_MAX_LEN];
814 	char recv_mem[TLS_PAYLOAD_MAX_LEN];
815 	struct iovec vec;
816 	struct msghdr hdr;
817 
818 	memrnd(send_mem, sizeof(send_mem));
819 
820 	EXPECT_EQ(send(self->fd, send_mem, send_len, 0), send_len);
821 	vec.iov_base = (char *)recv_mem;
822 	vec.iov_len = TLS_PAYLOAD_MAX_LEN;
823 
824 	hdr.msg_iovlen = 1;
825 	hdr.msg_iov = &vec;
826 	EXPECT_NE(recvmsg(self->cfd, &hdr, 0), -1);
827 	EXPECT_EQ(memcmp(send_mem, recv_mem, send_len), 0);
828 }
829 
830 TEST_F(tls, recvmsg_multiple)
831 {
832 	unsigned int msg_iovlen = 1024;
833 	struct iovec vec[1024];
834 	char *iov_base[1024];
835 	unsigned int iov_len = 16;
836 	int send_len = 1 << 14;
837 	char buf[1 << 14];
838 	struct msghdr hdr;
839 	int i;
840 
841 	memrnd(buf, sizeof(buf));
842 
843 	EXPECT_EQ(send(self->fd, buf, send_len, 0), send_len);
844 	for (i = 0; i < msg_iovlen; i++) {
845 		iov_base[i] = (char *)malloc(iov_len);
846 		vec[i].iov_base = iov_base[i];
847 		vec[i].iov_len = iov_len;
848 	}
849 
850 	hdr.msg_iovlen = msg_iovlen;
851 	hdr.msg_iov = vec;
852 	EXPECT_NE(recvmsg(self->cfd, &hdr, 0), -1);
853 
854 	for (i = 0; i < msg_iovlen; i++)
855 		free(iov_base[i]);
856 }
857 
858 TEST_F(tls, single_send_multiple_recv)
859 {
860 	unsigned int total_len = TLS_PAYLOAD_MAX_LEN * 2;
861 	unsigned int send_len = TLS_PAYLOAD_MAX_LEN;
862 	char send_mem[TLS_PAYLOAD_MAX_LEN * 2];
863 	char recv_mem[TLS_PAYLOAD_MAX_LEN * 2];
864 
865 	memrnd(send_mem, sizeof(send_mem));
866 
867 	EXPECT_GE(send(self->fd, send_mem, total_len, 0), 0);
868 	memset(recv_mem, 0, total_len);
869 
870 	EXPECT_NE(recv(self->cfd, recv_mem, send_len, 0), -1);
871 	EXPECT_NE(recv(self->cfd, recv_mem + send_len, send_len, 0), -1);
872 	EXPECT_EQ(memcmp(send_mem, recv_mem, total_len), 0);
873 }
874 
875 TEST_F(tls, multiple_send_single_recv)
876 {
877 	unsigned int total_len = 2 * 10;
878 	unsigned int send_len = 10;
879 	char recv_mem[2 * 10];
880 	char send_mem[10];
881 
882 	memrnd(send_mem, sizeof(send_mem));
883 
884 	EXPECT_GE(send(self->fd, send_mem, send_len, 0), 0);
885 	EXPECT_GE(send(self->fd, send_mem, send_len, 0), 0);
886 	memset(recv_mem, 0, total_len);
887 	EXPECT_EQ(recv(self->cfd, recv_mem, total_len, MSG_WAITALL), total_len);
888 
889 	EXPECT_EQ(memcmp(send_mem, recv_mem, send_len), 0);
890 	EXPECT_EQ(memcmp(send_mem, recv_mem + send_len, send_len), 0);
891 }
892 
893 TEST_F(tls, single_send_multiple_recv_non_align)
894 {
895 	const unsigned int total_len = 15;
896 	const unsigned int recv_len = 10;
897 	char recv_mem[recv_len * 2];
898 	char send_mem[total_len];
899 
900 	memrnd(send_mem, sizeof(send_mem));
901 
902 	EXPECT_GE(send(self->fd, send_mem, total_len, 0), 0);
903 	memset(recv_mem, 0, total_len);
904 
905 	EXPECT_EQ(recv(self->cfd, recv_mem, recv_len, 0), recv_len);
906 	EXPECT_EQ(recv(self->cfd, recv_mem + recv_len, recv_len, 0), 5);
907 	EXPECT_EQ(memcmp(send_mem, recv_mem, total_len), 0);
908 }
909 
910 TEST_F(tls, recv_partial)
911 {
912 	char const *test_str = "test_read_partial";
913 	char const *test_str_first = "test_read";
914 	char const *test_str_second = "_partial";
915 	int send_len = strlen(test_str) + 1;
916 	char recv_mem[18];
917 
918 	memset(recv_mem, 0, sizeof(recv_mem));
919 	EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
920 	EXPECT_NE(recv(self->cfd, recv_mem, strlen(test_str_first),
921 		       MSG_WAITALL), -1);
922 	EXPECT_EQ(memcmp(test_str_first, recv_mem, strlen(test_str_first)), 0);
923 	memset(recv_mem, 0, sizeof(recv_mem));
924 	EXPECT_NE(recv(self->cfd, recv_mem, strlen(test_str_second),
925 		       MSG_WAITALL), -1);
926 	EXPECT_EQ(memcmp(test_str_second, recv_mem, strlen(test_str_second)),
927 		  0);
928 }
929 
930 TEST_F(tls, recv_nonblock)
931 {
932 	char buf[4096];
933 	bool err;
934 
935 	EXPECT_EQ(recv(self->cfd, buf, sizeof(buf), MSG_DONTWAIT), -1);
936 	err = (errno == EAGAIN || errno == EWOULDBLOCK);
937 	EXPECT_EQ(err, true);
938 }
939 
940 TEST_F(tls, recv_peek)
941 {
942 	char const *test_str = "test_read_peek";
943 	int send_len = strlen(test_str) + 1;
944 	char buf[15];
945 
946 	EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
947 	EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_PEEK), send_len);
948 	EXPECT_EQ(memcmp(test_str, buf, send_len), 0);
949 	memset(buf, 0, sizeof(buf));
950 	EXPECT_EQ(recv(self->cfd, buf, send_len, 0), send_len);
951 	EXPECT_EQ(memcmp(test_str, buf, send_len), 0);
952 }
953 
954 TEST_F(tls, recv_peek_multiple)
955 {
956 	char const *test_str = "test_read_peek";
957 	int send_len = strlen(test_str) + 1;
958 	unsigned int num_peeks = 100;
959 	char buf[15];
960 	int i;
961 
962 	EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
963 	for (i = 0; i < num_peeks; i++) {
964 		EXPECT_NE(recv(self->cfd, buf, send_len, MSG_PEEK), -1);
965 		EXPECT_EQ(memcmp(test_str, buf, send_len), 0);
966 		memset(buf, 0, sizeof(buf));
967 	}
968 	EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1);
969 	EXPECT_EQ(memcmp(test_str, buf, send_len), 0);
970 }
971 
972 TEST_F(tls, recv_peek_multiple_records)
973 {
974 	char const *test_str = "test_read_peek_mult_recs";
975 	char const *test_str_first = "test_read_peek";
976 	char const *test_str_second = "_mult_recs";
977 	int len;
978 	char buf[64];
979 
980 	len = strlen(test_str_first);
981 	EXPECT_EQ(send(self->fd, test_str_first, len, 0), len);
982 
983 	len = strlen(test_str_second) + 1;
984 	EXPECT_EQ(send(self->fd, test_str_second, len, 0), len);
985 
986 	len = strlen(test_str_first);
987 	memset(buf, 0, len);
988 	EXPECT_EQ(recv(self->cfd, buf, len, MSG_PEEK | MSG_WAITALL), len);
989 
990 	/* MSG_PEEK can only peek into the current record. */
991 	len = strlen(test_str_first);
992 	EXPECT_EQ(memcmp(test_str_first, buf, len), 0);
993 
994 	len = strlen(test_str) + 1;
995 	memset(buf, 0, len);
996 	EXPECT_EQ(recv(self->cfd, buf, len, MSG_WAITALL), len);
997 
998 	/* Non-MSG_PEEK will advance strparser (and therefore record)
999 	 * however.
1000 	 */
1001 	len = strlen(test_str) + 1;
1002 	EXPECT_EQ(memcmp(test_str, buf, len), 0);
1003 
1004 	/* MSG_MORE will hold current record open, so later MSG_PEEK
1005 	 * will see everything.
1006 	 */
1007 	len = strlen(test_str_first);
1008 	EXPECT_EQ(send(self->fd, test_str_first, len, MSG_MORE), len);
1009 
1010 	len = strlen(test_str_second) + 1;
1011 	EXPECT_EQ(send(self->fd, test_str_second, len, 0), len);
1012 
1013 	len = strlen(test_str) + 1;
1014 	memset(buf, 0, len);
1015 	EXPECT_EQ(recv(self->cfd, buf, len, MSG_PEEK | MSG_WAITALL), len);
1016 
1017 	len = strlen(test_str) + 1;
1018 	EXPECT_EQ(memcmp(test_str, buf, len), 0);
1019 }
1020 
1021 TEST_F(tls, recv_peek_large_buf_mult_recs)
1022 {
1023 	char const *test_str = "test_read_peek_mult_recs";
1024 	char const *test_str_first = "test_read_peek";
1025 	char const *test_str_second = "_mult_recs";
1026 	int len;
1027 	char buf[64];
1028 
1029 	len = strlen(test_str_first);
1030 	EXPECT_EQ(send(self->fd, test_str_first, len, 0), len);
1031 
1032 	len = strlen(test_str_second) + 1;
1033 	EXPECT_EQ(send(self->fd, test_str_second, len, 0), len);
1034 
1035 	len = strlen(test_str) + 1;
1036 	memset(buf, 0, len);
1037 	EXPECT_NE((len = recv(self->cfd, buf, len,
1038 			      MSG_PEEK | MSG_WAITALL)), -1);
1039 	len = strlen(test_str) + 1;
1040 	EXPECT_EQ(memcmp(test_str, buf, len), 0);
1041 }
1042 
1043 TEST_F(tls, recv_lowat)
1044 {
1045 	char send_mem[10] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 };
1046 	char recv_mem[20];
1047 	int lowat = 8;
1048 
1049 	EXPECT_EQ(send(self->fd, send_mem, 10, 0), 10);
1050 	EXPECT_EQ(send(self->fd, send_mem, 5, 0), 5);
1051 
1052 	memset(recv_mem, 0, 20);
1053 	EXPECT_EQ(setsockopt(self->cfd, SOL_SOCKET, SO_RCVLOWAT,
1054 			     &lowat, sizeof(lowat)), 0);
1055 	EXPECT_EQ(recv(self->cfd, recv_mem, 1, MSG_WAITALL), 1);
1056 	EXPECT_EQ(recv(self->cfd, recv_mem + 1, 6, MSG_WAITALL), 6);
1057 	EXPECT_EQ(recv(self->cfd, recv_mem + 7, 10, 0), 8);
1058 
1059 	EXPECT_EQ(memcmp(send_mem, recv_mem, 10), 0);
1060 	EXPECT_EQ(memcmp(send_mem, recv_mem + 10, 5), 0);
1061 }
1062 
1063 TEST_F(tls, bidir)
1064 {
1065 	char const *test_str = "test_read";
1066 	int send_len = 10;
1067 	char buf[10];
1068 	int ret;
1069 
1070 	if (!self->notls) {
1071 		struct tls_crypto_info_keys tls12;
1072 
1073 		tls_crypto_info_init(variant->tls_version, variant->cipher_type,
1074 				     &tls12);
1075 
1076 		ret = setsockopt(self->fd, SOL_TLS, TLS_RX, &tls12,
1077 				 tls12.len);
1078 		ASSERT_EQ(ret, 0);
1079 
1080 		ret = setsockopt(self->cfd, SOL_TLS, TLS_TX, &tls12,
1081 				 tls12.len);
1082 		ASSERT_EQ(ret, 0);
1083 	}
1084 
1085 	ASSERT_EQ(strlen(test_str) + 1, send_len);
1086 
1087 	EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
1088 	EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1);
1089 	EXPECT_EQ(memcmp(buf, test_str, send_len), 0);
1090 
1091 	memset(buf, 0, sizeof(buf));
1092 
1093 	EXPECT_EQ(send(self->cfd, test_str, send_len, 0), send_len);
1094 	EXPECT_NE(recv(self->fd, buf, send_len, 0), -1);
1095 	EXPECT_EQ(memcmp(buf, test_str, send_len), 0);
1096 };
1097 
1098 TEST_F(tls, pollin)
1099 {
1100 	char const *test_str = "test_poll";
1101 	struct pollfd fd = { 0, 0, 0 };
1102 	char buf[10];
1103 	int send_len = 10;
1104 
1105 	EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
1106 	fd.fd = self->cfd;
1107 	fd.events = POLLIN;
1108 
1109 	EXPECT_EQ(poll(&fd, 1, 20), 1);
1110 	EXPECT_EQ(fd.revents & POLLIN, 1);
1111 	EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_WAITALL), send_len);
1112 	/* Test timing out */
1113 	EXPECT_EQ(poll(&fd, 1, 20), 0);
1114 }
1115 
1116 TEST_F(tls, poll_wait)
1117 {
1118 	char const *test_str = "test_poll_wait";
1119 	int send_len = strlen(test_str) + 1;
1120 	struct pollfd fd = { 0, 0, 0 };
1121 	char recv_mem[15];
1122 
1123 	fd.fd = self->cfd;
1124 	fd.events = POLLIN;
1125 	EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
1126 	/* Set timeout to inf. secs */
1127 	EXPECT_EQ(poll(&fd, 1, -1), 1);
1128 	EXPECT_EQ(fd.revents & POLLIN, 1);
1129 	EXPECT_EQ(recv(self->cfd, recv_mem, send_len, MSG_WAITALL), send_len);
1130 }
1131 
1132 TEST_F(tls, poll_wait_split)
1133 {
1134 	struct pollfd fd = { 0, 0, 0 };
1135 	char send_mem[20] = {};
1136 	char recv_mem[15];
1137 
1138 	fd.fd = self->cfd;
1139 	fd.events = POLLIN;
1140 	/* Send 20 bytes */
1141 	EXPECT_EQ(send(self->fd, send_mem, sizeof(send_mem), 0),
1142 		  sizeof(send_mem));
1143 	/* Poll with inf. timeout */
1144 	EXPECT_EQ(poll(&fd, 1, -1), 1);
1145 	EXPECT_EQ(fd.revents & POLLIN, 1);
1146 	EXPECT_EQ(recv(self->cfd, recv_mem, sizeof(recv_mem), MSG_WAITALL),
1147 		  sizeof(recv_mem));
1148 
1149 	/* Now the remaining 5 bytes of record data are in TLS ULP */
1150 	fd.fd = self->cfd;
1151 	fd.events = POLLIN;
1152 	EXPECT_EQ(poll(&fd, 1, -1), 1);
1153 	EXPECT_EQ(fd.revents & POLLIN, 1);
1154 	EXPECT_EQ(recv(self->cfd, recv_mem, sizeof(recv_mem), 0),
1155 		  sizeof(send_mem) - sizeof(recv_mem));
1156 }
1157 
1158 TEST_F(tls, blocking)
1159 {
1160 	size_t data = 100000;
1161 	int res = fork();
1162 
1163 	EXPECT_NE(res, -1);
1164 
1165 	if (res) {
1166 		/* parent */
1167 		size_t left = data;
1168 		char buf[16384];
1169 		int status;
1170 		int pid2;
1171 
1172 		while (left) {
1173 			int res = send(self->fd, buf,
1174 				       left > 16384 ? 16384 : left, 0);
1175 
1176 			EXPECT_GE(res, 0);
1177 			left -= res;
1178 		}
1179 
1180 		pid2 = wait(&status);
1181 		EXPECT_EQ(status, 0);
1182 		EXPECT_EQ(res, pid2);
1183 	} else {
1184 		/* child */
1185 		size_t left = data;
1186 		char buf[16384];
1187 
1188 		while (left) {
1189 			int res = recv(self->cfd, buf,
1190 				       left > 16384 ? 16384 : left, 0);
1191 
1192 			EXPECT_GE(res, 0);
1193 			left -= res;
1194 		}
1195 	}
1196 }
1197 
1198 TEST_F(tls, nonblocking)
1199 {
1200 	size_t data = 100000;
1201 	int sendbuf = 100;
1202 	int flags;
1203 	int res;
1204 
1205 	flags = fcntl(self->fd, F_GETFL, 0);
1206 	fcntl(self->fd, F_SETFL, flags | O_NONBLOCK);
1207 	fcntl(self->cfd, F_SETFL, flags | O_NONBLOCK);
1208 
1209 	/* Ensure nonblocking behavior by imposing a small send
1210 	 * buffer.
1211 	 */
1212 	EXPECT_EQ(setsockopt(self->fd, SOL_SOCKET, SO_SNDBUF,
1213 			     &sendbuf, sizeof(sendbuf)), 0);
1214 
1215 	res = fork();
1216 	EXPECT_NE(res, -1);
1217 
1218 	if (res) {
1219 		/* parent */
1220 		bool eagain = false;
1221 		size_t left = data;
1222 		char buf[16384];
1223 		int status;
1224 		int pid2;
1225 
1226 		while (left) {
1227 			int res = send(self->fd, buf,
1228 				       left > 16384 ? 16384 : left, 0);
1229 
1230 			if (res == -1 && errno == EAGAIN) {
1231 				eagain = true;
1232 				usleep(10000);
1233 				continue;
1234 			}
1235 			EXPECT_GE(res, 0);
1236 			left -= res;
1237 		}
1238 
1239 		EXPECT_TRUE(eagain);
1240 		pid2 = wait(&status);
1241 
1242 		EXPECT_EQ(status, 0);
1243 		EXPECT_EQ(res, pid2);
1244 	} else {
1245 		/* child */
1246 		bool eagain = false;
1247 		size_t left = data;
1248 		char buf[16384];
1249 
1250 		while (left) {
1251 			int res = recv(self->cfd, buf,
1252 				       left > 16384 ? 16384 : left, 0);
1253 
1254 			if (res == -1 && errno == EAGAIN) {
1255 				eagain = true;
1256 				usleep(10000);
1257 				continue;
1258 			}
1259 			EXPECT_GE(res, 0);
1260 			left -= res;
1261 		}
1262 		EXPECT_TRUE(eagain);
1263 	}
1264 }
1265 
1266 static void
1267 test_mutliproc(struct __test_metadata *_metadata, struct _test_data_tls *self,
1268 	       bool sendpg, unsigned int n_readers, unsigned int n_writers)
1269 {
1270 	const unsigned int n_children = n_readers + n_writers;
1271 	const size_t data = 6 * 1000 * 1000;
1272 	const size_t file_sz = data / 100;
1273 	size_t read_bias, write_bias;
1274 	int i, fd, child_id;
1275 	char buf[file_sz];
1276 	pid_t pid;
1277 
1278 	/* Only allow multiples for simplicity */
1279 	ASSERT_EQ(!(n_readers % n_writers) || !(n_writers % n_readers), true);
1280 	read_bias = n_writers / n_readers ?: 1;
1281 	write_bias = n_readers / n_writers ?: 1;
1282 
1283 	/* prep a file to send */
1284 	fd = open("/tmp/", O_TMPFILE | O_RDWR, 0600);
1285 	ASSERT_GE(fd, 0);
1286 
1287 	memset(buf, 0xac, file_sz);
1288 	ASSERT_EQ(write(fd, buf, file_sz), file_sz);
1289 
1290 	/* spawn children */
1291 	for (child_id = 0; child_id < n_children; child_id++) {
1292 		pid = fork();
1293 		ASSERT_NE(pid, -1);
1294 		if (!pid)
1295 			break;
1296 	}
1297 
1298 	/* parent waits for all children */
1299 	if (pid) {
1300 		for (i = 0; i < n_children; i++) {
1301 			int status;
1302 
1303 			wait(&status);
1304 			EXPECT_EQ(status, 0);
1305 		}
1306 
1307 		return;
1308 	}
1309 
1310 	/* Split threads for reading and writing */
1311 	if (child_id < n_readers) {
1312 		size_t left = data * read_bias;
1313 		char rb[8001];
1314 
1315 		while (left) {
1316 			int res;
1317 
1318 			res = recv(self->cfd, rb,
1319 				   left > sizeof(rb) ? sizeof(rb) : left, 0);
1320 
1321 			EXPECT_GE(res, 0);
1322 			left -= res;
1323 		}
1324 	} else {
1325 		size_t left = data * write_bias;
1326 
1327 		while (left) {
1328 			int res;
1329 
1330 			ASSERT_EQ(lseek(fd, 0, SEEK_SET), 0);
1331 			if (sendpg)
1332 				res = sendfile(self->fd, fd, NULL,
1333 					       left > file_sz ? file_sz : left);
1334 			else
1335 				res = send(self->fd, buf,
1336 					   left > file_sz ? file_sz : left, 0);
1337 
1338 			EXPECT_GE(res, 0);
1339 			left -= res;
1340 		}
1341 	}
1342 }
1343 
1344 TEST_F(tls, mutliproc_even)
1345 {
1346 	test_mutliproc(_metadata, self, false, 6, 6);
1347 }
1348 
1349 TEST_F(tls, mutliproc_readers)
1350 {
1351 	test_mutliproc(_metadata, self, false, 4, 12);
1352 }
1353 
1354 TEST_F(tls, mutliproc_writers)
1355 {
1356 	test_mutliproc(_metadata, self, false, 10, 2);
1357 }
1358 
1359 TEST_F(tls, mutliproc_sendpage_even)
1360 {
1361 	test_mutliproc(_metadata, self, true, 6, 6);
1362 }
1363 
1364 TEST_F(tls, mutliproc_sendpage_readers)
1365 {
1366 	test_mutliproc(_metadata, self, true, 4, 12);
1367 }
1368 
1369 TEST_F(tls, mutliproc_sendpage_writers)
1370 {
1371 	test_mutliproc(_metadata, self, true, 10, 2);
1372 }
1373 
1374 TEST_F(tls, control_msg)
1375 {
1376 	char *test_str = "test_read";
1377 	char record_type = 100;
1378 	int send_len = 10;
1379 	char buf[10];
1380 
1381 	if (self->notls)
1382 		SKIP(return, "no TLS support");
1383 
1384 	EXPECT_EQ(tls_send_cmsg(self->fd, record_type, test_str, send_len, 0),
1385 		  send_len);
1386 	/* Should fail because we didn't provide a control message */
1387 	EXPECT_EQ(recv(self->cfd, buf, send_len, 0), -1);
1388 
1389 	EXPECT_EQ(tls_recv_cmsg(_metadata, self->cfd, record_type,
1390 				buf, sizeof(buf), MSG_WAITALL | MSG_PEEK),
1391 		  send_len);
1392 	EXPECT_EQ(memcmp(buf, test_str, send_len), 0);
1393 
1394 	/* Recv the message again without MSG_PEEK */
1395 	memset(buf, 0, sizeof(buf));
1396 
1397 	EXPECT_EQ(tls_recv_cmsg(_metadata, self->cfd, record_type,
1398 				buf, sizeof(buf), MSG_WAITALL),
1399 		  send_len);
1400 	EXPECT_EQ(memcmp(buf, test_str, send_len), 0);
1401 }
1402 
1403 TEST_F(tls, shutdown)
1404 {
1405 	char const *test_str = "test_read";
1406 	int send_len = 10;
1407 	char buf[10];
1408 
1409 	ASSERT_EQ(strlen(test_str) + 1, send_len);
1410 
1411 	EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
1412 	EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1);
1413 	EXPECT_EQ(memcmp(buf, test_str, send_len), 0);
1414 
1415 	shutdown(self->fd, SHUT_RDWR);
1416 	shutdown(self->cfd, SHUT_RDWR);
1417 }
1418 
1419 TEST_F(tls, shutdown_unsent)
1420 {
1421 	char const *test_str = "test_read";
1422 	int send_len = 10;
1423 
1424 	EXPECT_EQ(send(self->fd, test_str, send_len, MSG_MORE), send_len);
1425 
1426 	shutdown(self->fd, SHUT_RDWR);
1427 	shutdown(self->cfd, SHUT_RDWR);
1428 }
1429 
1430 TEST_F(tls, shutdown_reuse)
1431 {
1432 	struct sockaddr_in addr;
1433 	int ret;
1434 
1435 	shutdown(self->fd, SHUT_RDWR);
1436 	shutdown(self->cfd, SHUT_RDWR);
1437 	close(self->cfd);
1438 
1439 	addr.sin_family = AF_INET;
1440 	addr.sin_addr.s_addr = htonl(INADDR_ANY);
1441 	addr.sin_port = 0;
1442 
1443 	ret = bind(self->fd, &addr, sizeof(addr));
1444 	EXPECT_EQ(ret, 0);
1445 	ret = listen(self->fd, 10);
1446 	EXPECT_EQ(ret, -1);
1447 	EXPECT_EQ(errno, EINVAL);
1448 
1449 	ret = connect(self->fd, &addr, sizeof(addr));
1450 	EXPECT_EQ(ret, -1);
1451 	EXPECT_EQ(errno, EISCONN);
1452 }
1453 
1454 FIXTURE(tls_err)
1455 {
1456 	int fd, cfd;
1457 	int fd2, cfd2;
1458 	bool notls;
1459 };
1460 
1461 FIXTURE_VARIANT(tls_err)
1462 {
1463 	uint16_t tls_version;
1464 };
1465 
1466 FIXTURE_VARIANT_ADD(tls_err, 12_aes_gcm)
1467 {
1468 	.tls_version = TLS_1_2_VERSION,
1469 };
1470 
1471 FIXTURE_VARIANT_ADD(tls_err, 13_aes_gcm)
1472 {
1473 	.tls_version = TLS_1_3_VERSION,
1474 };
1475 
1476 FIXTURE_SETUP(tls_err)
1477 {
1478 	struct tls_crypto_info_keys tls12;
1479 	int ret;
1480 
1481 	tls_crypto_info_init(variant->tls_version, TLS_CIPHER_AES_GCM_128,
1482 			     &tls12);
1483 
1484 	ulp_sock_pair(_metadata, &self->fd, &self->cfd, &self->notls);
1485 	ulp_sock_pair(_metadata, &self->fd2, &self->cfd2, &self->notls);
1486 	if (self->notls)
1487 		return;
1488 
1489 	ret = setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, tls12.len);
1490 	ASSERT_EQ(ret, 0);
1491 
1492 	ret = setsockopt(self->cfd2, SOL_TLS, TLS_RX, &tls12, tls12.len);
1493 	ASSERT_EQ(ret, 0);
1494 }
1495 
1496 FIXTURE_TEARDOWN(tls_err)
1497 {
1498 	close(self->fd);
1499 	close(self->cfd);
1500 	close(self->fd2);
1501 	close(self->cfd2);
1502 }
1503 
1504 TEST_F(tls_err, bad_rec)
1505 {
1506 	char buf[64];
1507 
1508 	if (self->notls)
1509 		SKIP(return, "no TLS support");
1510 
1511 	memset(buf, 0x55, sizeof(buf));
1512 	EXPECT_EQ(send(self->fd2, buf, sizeof(buf), 0), sizeof(buf));
1513 	EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1);
1514 	EXPECT_EQ(errno, EMSGSIZE);
1515 	EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), MSG_DONTWAIT), -1);
1516 	EXPECT_EQ(errno, EAGAIN);
1517 }
1518 
1519 TEST_F(tls_err, bad_auth)
1520 {
1521 	char buf[128];
1522 	int n;
1523 
1524 	if (self->notls)
1525 		SKIP(return, "no TLS support");
1526 
1527 	memrnd(buf, sizeof(buf) / 2);
1528 	EXPECT_EQ(send(self->fd, buf, sizeof(buf) / 2, 0), sizeof(buf) / 2);
1529 	n = recv(self->cfd, buf, sizeof(buf), 0);
1530 	EXPECT_GT(n, sizeof(buf) / 2);
1531 
1532 	buf[n - 1]++;
1533 
1534 	EXPECT_EQ(send(self->fd2, buf, n, 0), n);
1535 	EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1);
1536 	EXPECT_EQ(errno, EBADMSG);
1537 	EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1);
1538 	EXPECT_EQ(errno, EBADMSG);
1539 }
1540 
1541 TEST_F(tls_err, bad_in_large_read)
1542 {
1543 	char txt[3][64];
1544 	char cip[3][128];
1545 	char buf[3 * 128];
1546 	int i, n;
1547 
1548 	if (self->notls)
1549 		SKIP(return, "no TLS support");
1550 
1551 	/* Put 3 records in the sockets */
1552 	for (i = 0; i < 3; i++) {
1553 		memrnd(txt[i], sizeof(txt[i]));
1554 		EXPECT_EQ(send(self->fd, txt[i], sizeof(txt[i]), 0),
1555 			  sizeof(txt[i]));
1556 		n = recv(self->cfd, cip[i], sizeof(cip[i]), 0);
1557 		EXPECT_GT(n, sizeof(txt[i]));
1558 		/* Break the third message */
1559 		if (i == 2)
1560 			cip[2][n - 1]++;
1561 		EXPECT_EQ(send(self->fd2, cip[i], n, 0), n);
1562 	}
1563 
1564 	/* We should be able to receive the first two messages */
1565 	EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), sizeof(txt[0]) * 2);
1566 	EXPECT_EQ(memcmp(buf, txt[0], sizeof(txt[0])), 0);
1567 	EXPECT_EQ(memcmp(buf + sizeof(txt[0]), txt[1], sizeof(txt[1])), 0);
1568 	/* Third mesasge is bad */
1569 	EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1);
1570 	EXPECT_EQ(errno, EBADMSG);
1571 	EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1);
1572 	EXPECT_EQ(errno, EBADMSG);
1573 }
1574 
1575 TEST_F(tls_err, bad_cmsg)
1576 {
1577 	char *test_str = "test_read";
1578 	int send_len = 10;
1579 	char cip[128];
1580 	char buf[128];
1581 	char txt[64];
1582 	int n;
1583 
1584 	if (self->notls)
1585 		SKIP(return, "no TLS support");
1586 
1587 	/* Queue up one data record */
1588 	memrnd(txt, sizeof(txt));
1589 	EXPECT_EQ(send(self->fd, txt, sizeof(txt), 0), sizeof(txt));
1590 	n = recv(self->cfd, cip, sizeof(cip), 0);
1591 	EXPECT_GT(n, sizeof(txt));
1592 	EXPECT_EQ(send(self->fd2, cip, n, 0), n);
1593 
1594 	EXPECT_EQ(tls_send_cmsg(self->fd, 100, test_str, send_len, 0), 10);
1595 	n = recv(self->cfd, cip, sizeof(cip), 0);
1596 	cip[n - 1]++; /* Break it */
1597 	EXPECT_GT(n, send_len);
1598 	EXPECT_EQ(send(self->fd2, cip, n, 0), n);
1599 
1600 	EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), sizeof(txt));
1601 	EXPECT_EQ(memcmp(buf, txt, sizeof(txt)), 0);
1602 	EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1);
1603 	EXPECT_EQ(errno, EBADMSG);
1604 	EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1);
1605 	EXPECT_EQ(errno, EBADMSG);
1606 }
1607 
1608 TEST_F(tls_err, timeo)
1609 {
1610 	struct timeval tv = { .tv_usec = 10000, };
1611 	char buf[128];
1612 	int ret;
1613 
1614 	if (self->notls)
1615 		SKIP(return, "no TLS support");
1616 
1617 	ret = setsockopt(self->cfd2, SOL_SOCKET, SO_RCVTIMEO, &tv, sizeof(tv));
1618 	ASSERT_EQ(ret, 0);
1619 
1620 	ret = fork();
1621 	ASSERT_GE(ret, 0);
1622 
1623 	if (ret) {
1624 		usleep(1000); /* Give child a head start */
1625 
1626 		EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1);
1627 		EXPECT_EQ(errno, EAGAIN);
1628 
1629 		EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1);
1630 		EXPECT_EQ(errno, EAGAIN);
1631 
1632 		wait(&ret);
1633 	} else {
1634 		EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1);
1635 		EXPECT_EQ(errno, EAGAIN);
1636 		exit(0);
1637 	}
1638 }
1639 
1640 TEST(non_established) {
1641 	struct tls12_crypto_info_aes_gcm_256 tls12;
1642 	struct sockaddr_in addr;
1643 	int sfd, ret, fd;
1644 	socklen_t len;
1645 
1646 	len = sizeof(addr);
1647 
1648 	memset(&tls12, 0, sizeof(tls12));
1649 	tls12.info.version = TLS_1_2_VERSION;
1650 	tls12.info.cipher_type = TLS_CIPHER_AES_GCM_256;
1651 
1652 	addr.sin_family = AF_INET;
1653 	addr.sin_addr.s_addr = htonl(INADDR_ANY);
1654 	addr.sin_port = 0;
1655 
1656 	fd = socket(AF_INET, SOCK_STREAM, 0);
1657 	sfd = socket(AF_INET, SOCK_STREAM, 0);
1658 
1659 	ret = bind(sfd, &addr, sizeof(addr));
1660 	ASSERT_EQ(ret, 0);
1661 	ret = listen(sfd, 10);
1662 	ASSERT_EQ(ret, 0);
1663 
1664 	ret = setsockopt(fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls"));
1665 	EXPECT_EQ(ret, -1);
1666 	/* TLS ULP not supported */
1667 	if (errno == ENOENT)
1668 		return;
1669 	EXPECT_EQ(errno, ENOTCONN);
1670 
1671 	ret = setsockopt(sfd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls"));
1672 	EXPECT_EQ(ret, -1);
1673 	EXPECT_EQ(errno, ENOTCONN);
1674 
1675 	ret = getsockname(sfd, &addr, &len);
1676 	ASSERT_EQ(ret, 0);
1677 
1678 	ret = connect(fd, &addr, sizeof(addr));
1679 	ASSERT_EQ(ret, 0);
1680 
1681 	ret = setsockopt(fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls"));
1682 	ASSERT_EQ(ret, 0);
1683 
1684 	ret = setsockopt(fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls"));
1685 	EXPECT_EQ(ret, -1);
1686 	EXPECT_EQ(errno, EEXIST);
1687 
1688 	close(fd);
1689 	close(sfd);
1690 }
1691 
1692 TEST(keysizes) {
1693 	struct tls12_crypto_info_aes_gcm_256 tls12;
1694 	int ret, fd, cfd;
1695 	bool notls;
1696 
1697 	memset(&tls12, 0, sizeof(tls12));
1698 	tls12.info.version = TLS_1_2_VERSION;
1699 	tls12.info.cipher_type = TLS_CIPHER_AES_GCM_256;
1700 
1701 	ulp_sock_pair(_metadata, &fd, &cfd, &notls);
1702 
1703 	if (!notls) {
1704 		ret = setsockopt(fd, SOL_TLS, TLS_TX, &tls12,
1705 				 sizeof(tls12));
1706 		EXPECT_EQ(ret, 0);
1707 
1708 		ret = setsockopt(cfd, SOL_TLS, TLS_RX, &tls12,
1709 				 sizeof(tls12));
1710 		EXPECT_EQ(ret, 0);
1711 	}
1712 
1713 	close(fd);
1714 	close(cfd);
1715 }
1716 
1717 TEST(no_pad) {
1718 	struct tls12_crypto_info_aes_gcm_256 tls12;
1719 	int ret, fd, cfd, val;
1720 	socklen_t len;
1721 	bool notls;
1722 
1723 	memset(&tls12, 0, sizeof(tls12));
1724 	tls12.info.version = TLS_1_3_VERSION;
1725 	tls12.info.cipher_type = TLS_CIPHER_AES_GCM_256;
1726 
1727 	ulp_sock_pair(_metadata, &fd, &cfd, &notls);
1728 
1729 	if (notls)
1730 		exit(KSFT_SKIP);
1731 
1732 	ret = setsockopt(fd, SOL_TLS, TLS_TX, &tls12, sizeof(tls12));
1733 	EXPECT_EQ(ret, 0);
1734 
1735 	ret = setsockopt(cfd, SOL_TLS, TLS_RX, &tls12, sizeof(tls12));
1736 	EXPECT_EQ(ret, 0);
1737 
1738 	val = 1;
1739 	ret = setsockopt(cfd, SOL_TLS, TLS_RX_EXPECT_NO_PAD,
1740 			 (void *)&val, sizeof(val));
1741 	EXPECT_EQ(ret, 0);
1742 
1743 	len = sizeof(val);
1744 	val = 2;
1745 	ret = getsockopt(cfd, SOL_TLS, TLS_RX_EXPECT_NO_PAD,
1746 			 (void *)&val, &len);
1747 	EXPECT_EQ(ret, 0);
1748 	EXPECT_EQ(val, 1);
1749 	EXPECT_EQ(len, 4);
1750 
1751 	val = 0;
1752 	ret = setsockopt(cfd, SOL_TLS, TLS_RX_EXPECT_NO_PAD,
1753 			 (void *)&val, sizeof(val));
1754 	EXPECT_EQ(ret, 0);
1755 
1756 	len = sizeof(val);
1757 	val = 2;
1758 	ret = getsockopt(cfd, SOL_TLS, TLS_RX_EXPECT_NO_PAD,
1759 			 (void *)&val, &len);
1760 	EXPECT_EQ(ret, 0);
1761 	EXPECT_EQ(val, 0);
1762 	EXPECT_EQ(len, 4);
1763 
1764 	close(fd);
1765 	close(cfd);
1766 }
1767 
1768 TEST(tls_v6ops) {
1769 	struct tls_crypto_info_keys tls12;
1770 	struct sockaddr_in6 addr, addr2;
1771 	int sfd, ret, fd;
1772 	socklen_t len, len2;
1773 
1774 	tls_crypto_info_init(TLS_1_2_VERSION, TLS_CIPHER_AES_GCM_128, &tls12);
1775 
1776 	addr.sin6_family = AF_INET6;
1777 	addr.sin6_addr = in6addr_any;
1778 	addr.sin6_port = 0;
1779 
1780 	fd = socket(AF_INET6, SOCK_STREAM, 0);
1781 	sfd = socket(AF_INET6, SOCK_STREAM, 0);
1782 
1783 	ret = bind(sfd, &addr, sizeof(addr));
1784 	ASSERT_EQ(ret, 0);
1785 	ret = listen(sfd, 10);
1786 	ASSERT_EQ(ret, 0);
1787 
1788 	len = sizeof(addr);
1789 	ret = getsockname(sfd, &addr, &len);
1790 	ASSERT_EQ(ret, 0);
1791 
1792 	ret = connect(fd, &addr, sizeof(addr));
1793 	ASSERT_EQ(ret, 0);
1794 
1795 	len = sizeof(addr);
1796 	ret = getsockname(fd, &addr, &len);
1797 	ASSERT_EQ(ret, 0);
1798 
1799 	ret = setsockopt(fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls"));
1800 	if (ret) {
1801 		ASSERT_EQ(errno, ENOENT);
1802 		SKIP(return, "no TLS support");
1803 	}
1804 	ASSERT_EQ(ret, 0);
1805 
1806 	ret = setsockopt(fd, SOL_TLS, TLS_TX, &tls12, tls12.len);
1807 	ASSERT_EQ(ret, 0);
1808 
1809 	ret = setsockopt(fd, SOL_TLS, TLS_RX, &tls12, tls12.len);
1810 	ASSERT_EQ(ret, 0);
1811 
1812 	len2 = sizeof(addr2);
1813 	ret = getsockname(fd, &addr2, &len2);
1814 	ASSERT_EQ(ret, 0);
1815 
1816 	EXPECT_EQ(len2, len);
1817 	EXPECT_EQ(memcmp(&addr, &addr2, len), 0);
1818 
1819 	close(fd);
1820 	close(sfd);
1821 }
1822 
1823 TEST_HARNESS_MAIN
1824