1 // SPDX-License-Identifier: GPL-2.0 2 3 #define _GNU_SOURCE 4 5 #include <arpa/inet.h> 6 #include <errno.h> 7 #include <error.h> 8 #include <fcntl.h> 9 #include <poll.h> 10 #include <stdio.h> 11 #include <stdlib.h> 12 #include <unistd.h> 13 14 #include <linux/tls.h> 15 #include <linux/tcp.h> 16 #include <linux/socket.h> 17 18 #include <sys/epoll.h> 19 #include <sys/types.h> 20 #include <sys/sendfile.h> 21 #include <sys/socket.h> 22 #include <sys/stat.h> 23 24 #include "../kselftest_harness.h" 25 26 #define TLS_PAYLOAD_MAX_LEN 16384 27 #define SOL_TLS 282 28 29 static int fips_enabled; 30 31 struct tls_crypto_info_keys { 32 union { 33 struct tls12_crypto_info_aes_gcm_128 aes128; 34 struct tls12_crypto_info_chacha20_poly1305 chacha20; 35 struct tls12_crypto_info_sm4_gcm sm4gcm; 36 struct tls12_crypto_info_sm4_ccm sm4ccm; 37 struct tls12_crypto_info_aes_ccm_128 aesccm128; 38 struct tls12_crypto_info_aes_gcm_256 aesgcm256; 39 }; 40 size_t len; 41 }; 42 43 static void tls_crypto_info_init(uint16_t tls_version, uint16_t cipher_type, 44 struct tls_crypto_info_keys *tls12) 45 { 46 memset(tls12, 0, sizeof(*tls12)); 47 48 switch (cipher_type) { 49 case TLS_CIPHER_CHACHA20_POLY1305: 50 tls12->len = sizeof(struct tls12_crypto_info_chacha20_poly1305); 51 tls12->chacha20.info.version = tls_version; 52 tls12->chacha20.info.cipher_type = cipher_type; 53 break; 54 case TLS_CIPHER_AES_GCM_128: 55 tls12->len = sizeof(struct tls12_crypto_info_aes_gcm_128); 56 tls12->aes128.info.version = tls_version; 57 tls12->aes128.info.cipher_type = cipher_type; 58 break; 59 case TLS_CIPHER_SM4_GCM: 60 tls12->len = sizeof(struct tls12_crypto_info_sm4_gcm); 61 tls12->sm4gcm.info.version = tls_version; 62 tls12->sm4gcm.info.cipher_type = cipher_type; 63 break; 64 case TLS_CIPHER_SM4_CCM: 65 tls12->len = sizeof(struct tls12_crypto_info_sm4_ccm); 66 tls12->sm4ccm.info.version = tls_version; 67 tls12->sm4ccm.info.cipher_type = cipher_type; 68 break; 69 case TLS_CIPHER_AES_CCM_128: 70 tls12->len = sizeof(struct tls12_crypto_info_aes_ccm_128); 71 tls12->aesccm128.info.version = tls_version; 72 tls12->aesccm128.info.cipher_type = cipher_type; 73 break; 74 case TLS_CIPHER_AES_GCM_256: 75 tls12->len = sizeof(struct tls12_crypto_info_aes_gcm_256); 76 tls12->aesgcm256.info.version = tls_version; 77 tls12->aesgcm256.info.cipher_type = cipher_type; 78 break; 79 default: 80 break; 81 } 82 } 83 84 static void memrnd(void *s, size_t n) 85 { 86 int *dword = s; 87 char *byte; 88 89 for (; n >= 4; n -= 4) 90 *dword++ = rand(); 91 byte = (void *)dword; 92 while (n--) 93 *byte++ = rand(); 94 } 95 96 static void ulp_sock_pair(struct __test_metadata *_metadata, 97 int *fd, int *cfd, bool *notls) 98 { 99 struct sockaddr_in addr; 100 socklen_t len; 101 int sfd, ret; 102 103 *notls = false; 104 len = sizeof(addr); 105 106 addr.sin_family = AF_INET; 107 addr.sin_addr.s_addr = htonl(INADDR_ANY); 108 addr.sin_port = 0; 109 110 *fd = socket(AF_INET, SOCK_STREAM, 0); 111 sfd = socket(AF_INET, SOCK_STREAM, 0); 112 113 ret = bind(sfd, &addr, sizeof(addr)); 114 ASSERT_EQ(ret, 0); 115 ret = listen(sfd, 10); 116 ASSERT_EQ(ret, 0); 117 118 ret = getsockname(sfd, &addr, &len); 119 ASSERT_EQ(ret, 0); 120 121 ret = connect(*fd, &addr, sizeof(addr)); 122 ASSERT_EQ(ret, 0); 123 124 *cfd = accept(sfd, &addr, &len); 125 ASSERT_GE(*cfd, 0); 126 127 close(sfd); 128 129 ret = setsockopt(*fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")); 130 if (ret != 0) { 131 ASSERT_EQ(errno, ENOENT); 132 *notls = true; 133 printf("Failure setting TCP_ULP, testing without tls\n"); 134 return; 135 } 136 137 ret = setsockopt(*cfd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")); 138 ASSERT_EQ(ret, 0); 139 } 140 141 /* Produce a basic cmsg */ 142 static int tls_send_cmsg(int fd, unsigned char record_type, 143 void *data, size_t len, int flags) 144 { 145 char cbuf[CMSG_SPACE(sizeof(char))]; 146 int cmsg_len = sizeof(char); 147 struct cmsghdr *cmsg; 148 struct msghdr msg; 149 struct iovec vec; 150 151 vec.iov_base = data; 152 vec.iov_len = len; 153 memset(&msg, 0, sizeof(struct msghdr)); 154 msg.msg_iov = &vec; 155 msg.msg_iovlen = 1; 156 msg.msg_control = cbuf; 157 msg.msg_controllen = sizeof(cbuf); 158 cmsg = CMSG_FIRSTHDR(&msg); 159 cmsg->cmsg_level = SOL_TLS; 160 /* test sending non-record types. */ 161 cmsg->cmsg_type = TLS_SET_RECORD_TYPE; 162 cmsg->cmsg_len = CMSG_LEN(cmsg_len); 163 *CMSG_DATA(cmsg) = record_type; 164 msg.msg_controllen = cmsg->cmsg_len; 165 166 return sendmsg(fd, &msg, flags); 167 } 168 169 static int tls_recv_cmsg(struct __test_metadata *_metadata, 170 int fd, unsigned char record_type, 171 void *data, size_t len, int flags) 172 { 173 char cbuf[CMSG_SPACE(sizeof(char))]; 174 struct cmsghdr *cmsg; 175 unsigned char ctype; 176 struct msghdr msg; 177 struct iovec vec; 178 int n; 179 180 vec.iov_base = data; 181 vec.iov_len = len; 182 memset(&msg, 0, sizeof(struct msghdr)); 183 msg.msg_iov = &vec; 184 msg.msg_iovlen = 1; 185 msg.msg_control = cbuf; 186 msg.msg_controllen = sizeof(cbuf); 187 188 n = recvmsg(fd, &msg, flags); 189 190 cmsg = CMSG_FIRSTHDR(&msg); 191 EXPECT_NE(cmsg, NULL); 192 EXPECT_EQ(cmsg->cmsg_level, SOL_TLS); 193 EXPECT_EQ(cmsg->cmsg_type, TLS_GET_RECORD_TYPE); 194 ctype = *((unsigned char *)CMSG_DATA(cmsg)); 195 EXPECT_EQ(ctype, record_type); 196 197 return n; 198 } 199 200 FIXTURE(tls_basic) 201 { 202 int fd, cfd; 203 bool notls; 204 }; 205 206 FIXTURE_SETUP(tls_basic) 207 { 208 ulp_sock_pair(_metadata, &self->fd, &self->cfd, &self->notls); 209 } 210 211 FIXTURE_TEARDOWN(tls_basic) 212 { 213 close(self->fd); 214 close(self->cfd); 215 } 216 217 /* Send some data through with ULP but no keys */ 218 TEST_F(tls_basic, base_base) 219 { 220 char const *test_str = "test_read"; 221 int send_len = 10; 222 char buf[10]; 223 224 ASSERT_EQ(strlen(test_str) + 1, send_len); 225 226 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 227 EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1); 228 EXPECT_EQ(memcmp(buf, test_str, send_len), 0); 229 }; 230 231 FIXTURE(tls) 232 { 233 int fd, cfd; 234 bool notls; 235 }; 236 237 FIXTURE_VARIANT(tls) 238 { 239 uint16_t tls_version; 240 uint16_t cipher_type; 241 bool nopad, fips_non_compliant; 242 }; 243 244 FIXTURE_VARIANT_ADD(tls, 12_aes_gcm) 245 { 246 .tls_version = TLS_1_2_VERSION, 247 .cipher_type = TLS_CIPHER_AES_GCM_128, 248 }; 249 250 FIXTURE_VARIANT_ADD(tls, 13_aes_gcm) 251 { 252 .tls_version = TLS_1_3_VERSION, 253 .cipher_type = TLS_CIPHER_AES_GCM_128, 254 }; 255 256 FIXTURE_VARIANT_ADD(tls, 12_chacha) 257 { 258 .tls_version = TLS_1_2_VERSION, 259 .cipher_type = TLS_CIPHER_CHACHA20_POLY1305, 260 .fips_non_compliant = true, 261 }; 262 263 FIXTURE_VARIANT_ADD(tls, 13_chacha) 264 { 265 .tls_version = TLS_1_3_VERSION, 266 .cipher_type = TLS_CIPHER_CHACHA20_POLY1305, 267 .fips_non_compliant = true, 268 }; 269 270 FIXTURE_VARIANT_ADD(tls, 13_sm4_gcm) 271 { 272 .tls_version = TLS_1_3_VERSION, 273 .cipher_type = TLS_CIPHER_SM4_GCM, 274 .fips_non_compliant = true, 275 }; 276 277 FIXTURE_VARIANT_ADD(tls, 13_sm4_ccm) 278 { 279 .tls_version = TLS_1_3_VERSION, 280 .cipher_type = TLS_CIPHER_SM4_CCM, 281 .fips_non_compliant = true, 282 }; 283 284 FIXTURE_VARIANT_ADD(tls, 12_aes_ccm) 285 { 286 .tls_version = TLS_1_2_VERSION, 287 .cipher_type = TLS_CIPHER_AES_CCM_128, 288 }; 289 290 FIXTURE_VARIANT_ADD(tls, 13_aes_ccm) 291 { 292 .tls_version = TLS_1_3_VERSION, 293 .cipher_type = TLS_CIPHER_AES_CCM_128, 294 }; 295 296 FIXTURE_VARIANT_ADD(tls, 12_aes_gcm_256) 297 { 298 .tls_version = TLS_1_2_VERSION, 299 .cipher_type = TLS_CIPHER_AES_GCM_256, 300 }; 301 302 FIXTURE_VARIANT_ADD(tls, 13_aes_gcm_256) 303 { 304 .tls_version = TLS_1_3_VERSION, 305 .cipher_type = TLS_CIPHER_AES_GCM_256, 306 }; 307 308 FIXTURE_VARIANT_ADD(tls, 13_nopad) 309 { 310 .tls_version = TLS_1_3_VERSION, 311 .cipher_type = TLS_CIPHER_AES_GCM_128, 312 .nopad = true, 313 }; 314 315 FIXTURE_SETUP(tls) 316 { 317 struct tls_crypto_info_keys tls12; 318 int one = 1; 319 int ret; 320 321 if (fips_enabled && variant->fips_non_compliant) 322 SKIP(return, "Unsupported cipher in FIPS mode"); 323 324 tls_crypto_info_init(variant->tls_version, variant->cipher_type, 325 &tls12); 326 327 ulp_sock_pair(_metadata, &self->fd, &self->cfd, &self->notls); 328 329 if (self->notls) 330 return; 331 332 ret = setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, tls12.len); 333 ASSERT_EQ(ret, 0); 334 335 ret = setsockopt(self->cfd, SOL_TLS, TLS_RX, &tls12, tls12.len); 336 ASSERT_EQ(ret, 0); 337 338 if (variant->nopad) { 339 ret = setsockopt(self->cfd, SOL_TLS, TLS_RX_EXPECT_NO_PAD, 340 (void *)&one, sizeof(one)); 341 ASSERT_EQ(ret, 0); 342 } 343 } 344 345 FIXTURE_TEARDOWN(tls) 346 { 347 close(self->fd); 348 close(self->cfd); 349 } 350 351 TEST_F(tls, sendfile) 352 { 353 int filefd = open("/proc/self/exe", O_RDONLY); 354 struct stat st; 355 356 EXPECT_GE(filefd, 0); 357 fstat(filefd, &st); 358 EXPECT_GE(sendfile(self->fd, filefd, 0, st.st_size), 0); 359 } 360 361 TEST_F(tls, send_then_sendfile) 362 { 363 int filefd = open("/proc/self/exe", O_RDONLY); 364 char const *test_str = "test_send"; 365 int to_send = strlen(test_str) + 1; 366 char recv_buf[10]; 367 struct stat st; 368 char *buf; 369 370 EXPECT_GE(filefd, 0); 371 fstat(filefd, &st); 372 buf = (char *)malloc(st.st_size); 373 374 EXPECT_EQ(send(self->fd, test_str, to_send, 0), to_send); 375 EXPECT_EQ(recv(self->cfd, recv_buf, to_send, MSG_WAITALL), to_send); 376 EXPECT_EQ(memcmp(test_str, recv_buf, to_send), 0); 377 378 EXPECT_GE(sendfile(self->fd, filefd, 0, st.st_size), 0); 379 EXPECT_EQ(recv(self->cfd, buf, st.st_size, MSG_WAITALL), st.st_size); 380 } 381 382 static void chunked_sendfile(struct __test_metadata *_metadata, 383 struct _test_data_tls *self, 384 uint16_t chunk_size, 385 uint16_t extra_payload_size) 386 { 387 char buf[TLS_PAYLOAD_MAX_LEN]; 388 uint16_t test_payload_size; 389 int size = 0; 390 int ret; 391 char filename[] = "/tmp/mytemp.XXXXXX"; 392 int fd = mkstemp(filename); 393 off_t offset = 0; 394 395 unlink(filename); 396 ASSERT_GE(fd, 0); 397 EXPECT_GE(chunk_size, 1); 398 test_payload_size = chunk_size + extra_payload_size; 399 ASSERT_GE(TLS_PAYLOAD_MAX_LEN, test_payload_size); 400 memset(buf, 1, test_payload_size); 401 size = write(fd, buf, test_payload_size); 402 EXPECT_EQ(size, test_payload_size); 403 fsync(fd); 404 405 while (size > 0) { 406 ret = sendfile(self->fd, fd, &offset, chunk_size); 407 EXPECT_GE(ret, 0); 408 size -= ret; 409 } 410 411 EXPECT_EQ(recv(self->cfd, buf, test_payload_size, MSG_WAITALL), 412 test_payload_size); 413 414 close(fd); 415 } 416 417 TEST_F(tls, multi_chunk_sendfile) 418 { 419 chunked_sendfile(_metadata, self, 4096, 4096); 420 chunked_sendfile(_metadata, self, 4096, 0); 421 chunked_sendfile(_metadata, self, 4096, 1); 422 chunked_sendfile(_metadata, self, 4096, 2048); 423 chunked_sendfile(_metadata, self, 8192, 2048); 424 chunked_sendfile(_metadata, self, 4096, 8192); 425 chunked_sendfile(_metadata, self, 8192, 4096); 426 chunked_sendfile(_metadata, self, 12288, 1024); 427 chunked_sendfile(_metadata, self, 12288, 2000); 428 chunked_sendfile(_metadata, self, 15360, 100); 429 chunked_sendfile(_metadata, self, 15360, 300); 430 chunked_sendfile(_metadata, self, 1, 4096); 431 chunked_sendfile(_metadata, self, 2048, 4096); 432 chunked_sendfile(_metadata, self, 2048, 8192); 433 chunked_sendfile(_metadata, self, 4096, 8192); 434 chunked_sendfile(_metadata, self, 1024, 12288); 435 chunked_sendfile(_metadata, self, 2000, 12288); 436 chunked_sendfile(_metadata, self, 100, 15360); 437 chunked_sendfile(_metadata, self, 300, 15360); 438 } 439 440 TEST_F(tls, recv_max) 441 { 442 unsigned int send_len = TLS_PAYLOAD_MAX_LEN; 443 char recv_mem[TLS_PAYLOAD_MAX_LEN]; 444 char buf[TLS_PAYLOAD_MAX_LEN]; 445 446 memrnd(buf, sizeof(buf)); 447 448 EXPECT_GE(send(self->fd, buf, send_len, 0), 0); 449 EXPECT_NE(recv(self->cfd, recv_mem, send_len, 0), -1); 450 EXPECT_EQ(memcmp(buf, recv_mem, send_len), 0); 451 } 452 453 TEST_F(tls, recv_small) 454 { 455 char const *test_str = "test_read"; 456 int send_len = 10; 457 char buf[10]; 458 459 send_len = strlen(test_str) + 1; 460 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 461 EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1); 462 EXPECT_EQ(memcmp(buf, test_str, send_len), 0); 463 } 464 465 TEST_F(tls, msg_more) 466 { 467 char const *test_str = "test_read"; 468 int send_len = 10; 469 char buf[10 * 2]; 470 471 EXPECT_EQ(send(self->fd, test_str, send_len, MSG_MORE), send_len); 472 EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_DONTWAIT), -1); 473 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 474 EXPECT_EQ(recv(self->cfd, buf, send_len * 2, MSG_WAITALL), 475 send_len * 2); 476 EXPECT_EQ(memcmp(buf, test_str, send_len), 0); 477 } 478 479 TEST_F(tls, msg_more_unsent) 480 { 481 char const *test_str = "test_read"; 482 int send_len = 10; 483 char buf[10]; 484 485 EXPECT_EQ(send(self->fd, test_str, send_len, MSG_MORE), send_len); 486 EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_DONTWAIT), -1); 487 } 488 489 TEST_F(tls, msg_eor) 490 { 491 char const *test_str = "test_read"; 492 int send_len = 10; 493 char buf[10]; 494 495 EXPECT_EQ(send(self->fd, test_str, send_len, MSG_EOR), send_len); 496 EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_WAITALL), send_len); 497 EXPECT_EQ(memcmp(buf, test_str, send_len), 0); 498 } 499 500 TEST_F(tls, sendmsg_single) 501 { 502 struct msghdr msg; 503 504 char const *test_str = "test_sendmsg"; 505 size_t send_len = 13; 506 struct iovec vec; 507 char buf[13]; 508 509 vec.iov_base = (char *)test_str; 510 vec.iov_len = send_len; 511 memset(&msg, 0, sizeof(struct msghdr)); 512 msg.msg_iov = &vec; 513 msg.msg_iovlen = 1; 514 EXPECT_EQ(sendmsg(self->fd, &msg, 0), send_len); 515 EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_WAITALL), send_len); 516 EXPECT_EQ(memcmp(buf, test_str, send_len), 0); 517 } 518 519 #define MAX_FRAGS 64 520 #define SEND_LEN 13 521 TEST_F(tls, sendmsg_fragmented) 522 { 523 char const *test_str = "test_sendmsg"; 524 char buf[SEND_LEN * MAX_FRAGS]; 525 struct iovec vec[MAX_FRAGS]; 526 struct msghdr msg; 527 int i, frags; 528 529 for (frags = 1; frags <= MAX_FRAGS; frags++) { 530 for (i = 0; i < frags; i++) { 531 vec[i].iov_base = (char *)test_str; 532 vec[i].iov_len = SEND_LEN; 533 } 534 535 memset(&msg, 0, sizeof(struct msghdr)); 536 msg.msg_iov = vec; 537 msg.msg_iovlen = frags; 538 539 EXPECT_EQ(sendmsg(self->fd, &msg, 0), SEND_LEN * frags); 540 EXPECT_EQ(recv(self->cfd, buf, SEND_LEN * frags, MSG_WAITALL), 541 SEND_LEN * frags); 542 543 for (i = 0; i < frags; i++) 544 EXPECT_EQ(memcmp(buf + SEND_LEN * i, 545 test_str, SEND_LEN), 0); 546 } 547 } 548 #undef MAX_FRAGS 549 #undef SEND_LEN 550 551 TEST_F(tls, sendmsg_large) 552 { 553 void *mem = malloc(16384); 554 size_t send_len = 16384; 555 size_t sends = 128; 556 struct msghdr msg; 557 size_t recvs = 0; 558 size_t sent = 0; 559 560 memset(&msg, 0, sizeof(struct msghdr)); 561 while (sent++ < sends) { 562 struct iovec vec = { (void *)mem, send_len }; 563 564 msg.msg_iov = &vec; 565 msg.msg_iovlen = 1; 566 EXPECT_EQ(sendmsg(self->cfd, &msg, 0), send_len); 567 } 568 569 while (recvs++ < sends) { 570 EXPECT_NE(recv(self->fd, mem, send_len, 0), -1); 571 } 572 573 free(mem); 574 } 575 576 TEST_F(tls, sendmsg_multiple) 577 { 578 char const *test_str = "test_sendmsg_multiple"; 579 struct iovec vec[5]; 580 char *test_strs[5]; 581 struct msghdr msg; 582 int total_len = 0; 583 int len_cmp = 0; 584 int iov_len = 5; 585 char *buf; 586 int i; 587 588 memset(&msg, 0, sizeof(struct msghdr)); 589 for (i = 0; i < iov_len; i++) { 590 test_strs[i] = (char *)malloc(strlen(test_str) + 1); 591 snprintf(test_strs[i], strlen(test_str) + 1, "%s", test_str); 592 vec[i].iov_base = (void *)test_strs[i]; 593 vec[i].iov_len = strlen(test_strs[i]) + 1; 594 total_len += vec[i].iov_len; 595 } 596 msg.msg_iov = vec; 597 msg.msg_iovlen = iov_len; 598 599 EXPECT_EQ(sendmsg(self->cfd, &msg, 0), total_len); 600 buf = malloc(total_len); 601 EXPECT_NE(recv(self->fd, buf, total_len, 0), -1); 602 for (i = 0; i < iov_len; i++) { 603 EXPECT_EQ(memcmp(test_strs[i], buf + len_cmp, 604 strlen(test_strs[i])), 605 0); 606 len_cmp += strlen(buf + len_cmp) + 1; 607 } 608 for (i = 0; i < iov_len; i++) 609 free(test_strs[i]); 610 free(buf); 611 } 612 613 TEST_F(tls, sendmsg_multiple_stress) 614 { 615 char const *test_str = "abcdefghijklmno"; 616 struct iovec vec[1024]; 617 char *test_strs[1024]; 618 int iov_len = 1024; 619 int total_len = 0; 620 char buf[1 << 14]; 621 struct msghdr msg; 622 int len_cmp = 0; 623 int i; 624 625 memset(&msg, 0, sizeof(struct msghdr)); 626 for (i = 0; i < iov_len; i++) { 627 test_strs[i] = (char *)malloc(strlen(test_str) + 1); 628 snprintf(test_strs[i], strlen(test_str) + 1, "%s", test_str); 629 vec[i].iov_base = (void *)test_strs[i]; 630 vec[i].iov_len = strlen(test_strs[i]) + 1; 631 total_len += vec[i].iov_len; 632 } 633 msg.msg_iov = vec; 634 msg.msg_iovlen = iov_len; 635 636 EXPECT_EQ(sendmsg(self->fd, &msg, 0), total_len); 637 EXPECT_NE(recv(self->cfd, buf, total_len, 0), -1); 638 639 for (i = 0; i < iov_len; i++) 640 len_cmp += strlen(buf + len_cmp) + 1; 641 642 for (i = 0; i < iov_len; i++) 643 free(test_strs[i]); 644 } 645 646 TEST_F(tls, splice_from_pipe) 647 { 648 int send_len = TLS_PAYLOAD_MAX_LEN; 649 char mem_send[TLS_PAYLOAD_MAX_LEN]; 650 char mem_recv[TLS_PAYLOAD_MAX_LEN]; 651 int p[2]; 652 653 ASSERT_GE(pipe(p), 0); 654 EXPECT_GE(write(p[1], mem_send, send_len), 0); 655 EXPECT_GE(splice(p[0], NULL, self->fd, NULL, send_len, 0), 0); 656 EXPECT_EQ(recv(self->cfd, mem_recv, send_len, MSG_WAITALL), send_len); 657 EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0); 658 } 659 660 TEST_F(tls, splice_from_pipe2) 661 { 662 int send_len = 16000; 663 char mem_send[16000]; 664 char mem_recv[16000]; 665 int p2[2]; 666 int p[2]; 667 668 memrnd(mem_send, sizeof(mem_send)); 669 670 ASSERT_GE(pipe(p), 0); 671 ASSERT_GE(pipe(p2), 0); 672 EXPECT_EQ(write(p[1], mem_send, 8000), 8000); 673 EXPECT_EQ(splice(p[0], NULL, self->fd, NULL, 8000, 0), 8000); 674 EXPECT_EQ(write(p2[1], mem_send + 8000, 8000), 8000); 675 EXPECT_EQ(splice(p2[0], NULL, self->fd, NULL, 8000, 0), 8000); 676 EXPECT_EQ(recv(self->cfd, mem_recv, send_len, MSG_WAITALL), send_len); 677 EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0); 678 } 679 680 TEST_F(tls, send_and_splice) 681 { 682 int send_len = TLS_PAYLOAD_MAX_LEN; 683 char mem_send[TLS_PAYLOAD_MAX_LEN]; 684 char mem_recv[TLS_PAYLOAD_MAX_LEN]; 685 char const *test_str = "test_read"; 686 int send_len2 = 10; 687 char buf[10]; 688 int p[2]; 689 690 ASSERT_GE(pipe(p), 0); 691 EXPECT_EQ(send(self->fd, test_str, send_len2, 0), send_len2); 692 EXPECT_EQ(recv(self->cfd, buf, send_len2, MSG_WAITALL), send_len2); 693 EXPECT_EQ(memcmp(test_str, buf, send_len2), 0); 694 695 EXPECT_GE(write(p[1], mem_send, send_len), send_len); 696 EXPECT_GE(splice(p[0], NULL, self->fd, NULL, send_len, 0), send_len); 697 698 EXPECT_EQ(recv(self->cfd, mem_recv, send_len, MSG_WAITALL), send_len); 699 EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0); 700 } 701 702 TEST_F(tls, splice_to_pipe) 703 { 704 int send_len = TLS_PAYLOAD_MAX_LEN; 705 char mem_send[TLS_PAYLOAD_MAX_LEN]; 706 char mem_recv[TLS_PAYLOAD_MAX_LEN]; 707 int p[2]; 708 709 memrnd(mem_send, sizeof(mem_send)); 710 711 ASSERT_GE(pipe(p), 0); 712 EXPECT_EQ(send(self->fd, mem_send, send_len, 0), send_len); 713 EXPECT_EQ(splice(self->cfd, NULL, p[1], NULL, send_len, 0), send_len); 714 EXPECT_EQ(read(p[0], mem_recv, send_len), send_len); 715 EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0); 716 } 717 718 TEST_F(tls, splice_cmsg_to_pipe) 719 { 720 char *test_str = "test_read"; 721 char record_type = 100; 722 int send_len = 10; 723 char buf[10]; 724 int p[2]; 725 726 if (self->notls) 727 SKIP(return, "no TLS support"); 728 729 ASSERT_GE(pipe(p), 0); 730 EXPECT_EQ(tls_send_cmsg(self->fd, 100, test_str, send_len, 0), 10); 731 EXPECT_EQ(splice(self->cfd, NULL, p[1], NULL, send_len, 0), -1); 732 EXPECT_EQ(errno, EINVAL); 733 EXPECT_EQ(recv(self->cfd, buf, send_len, 0), -1); 734 EXPECT_EQ(errno, EIO); 735 EXPECT_EQ(tls_recv_cmsg(_metadata, self->cfd, record_type, 736 buf, sizeof(buf), MSG_WAITALL), 737 send_len); 738 EXPECT_EQ(memcmp(test_str, buf, send_len), 0); 739 } 740 741 TEST_F(tls, splice_dec_cmsg_to_pipe) 742 { 743 char *test_str = "test_read"; 744 char record_type = 100; 745 int send_len = 10; 746 char buf[10]; 747 int p[2]; 748 749 if (self->notls) 750 SKIP(return, "no TLS support"); 751 752 ASSERT_GE(pipe(p), 0); 753 EXPECT_EQ(tls_send_cmsg(self->fd, 100, test_str, send_len, 0), 10); 754 EXPECT_EQ(recv(self->cfd, buf, send_len, 0), -1); 755 EXPECT_EQ(errno, EIO); 756 EXPECT_EQ(splice(self->cfd, NULL, p[1], NULL, send_len, 0), -1); 757 EXPECT_EQ(errno, EINVAL); 758 EXPECT_EQ(tls_recv_cmsg(_metadata, self->cfd, record_type, 759 buf, sizeof(buf), MSG_WAITALL), 760 send_len); 761 EXPECT_EQ(memcmp(test_str, buf, send_len), 0); 762 } 763 764 TEST_F(tls, recv_and_splice) 765 { 766 int send_len = TLS_PAYLOAD_MAX_LEN; 767 char mem_send[TLS_PAYLOAD_MAX_LEN]; 768 char mem_recv[TLS_PAYLOAD_MAX_LEN]; 769 int half = send_len / 2; 770 int p[2]; 771 772 ASSERT_GE(pipe(p), 0); 773 EXPECT_EQ(send(self->fd, mem_send, send_len, 0), send_len); 774 /* Recv hald of the record, splice the other half */ 775 EXPECT_EQ(recv(self->cfd, mem_recv, half, MSG_WAITALL), half); 776 EXPECT_EQ(splice(self->cfd, NULL, p[1], NULL, half, SPLICE_F_NONBLOCK), 777 half); 778 EXPECT_EQ(read(p[0], &mem_recv[half], half), half); 779 EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0); 780 } 781 782 TEST_F(tls, peek_and_splice) 783 { 784 int send_len = TLS_PAYLOAD_MAX_LEN; 785 char mem_send[TLS_PAYLOAD_MAX_LEN]; 786 char mem_recv[TLS_PAYLOAD_MAX_LEN]; 787 int chunk = TLS_PAYLOAD_MAX_LEN / 4; 788 int n, i, p[2]; 789 790 memrnd(mem_send, sizeof(mem_send)); 791 792 ASSERT_GE(pipe(p), 0); 793 for (i = 0; i < 4; i++) 794 EXPECT_EQ(send(self->fd, &mem_send[chunk * i], chunk, 0), 795 chunk); 796 797 EXPECT_EQ(recv(self->cfd, mem_recv, chunk * 5 / 2, 798 MSG_WAITALL | MSG_PEEK), 799 chunk * 5 / 2); 800 EXPECT_EQ(memcmp(mem_send, mem_recv, chunk * 5 / 2), 0); 801 802 n = 0; 803 while (n < send_len) { 804 i = splice(self->cfd, NULL, p[1], NULL, send_len - n, 0); 805 EXPECT_GT(i, 0); 806 n += i; 807 } 808 EXPECT_EQ(n, send_len); 809 EXPECT_EQ(read(p[0], mem_recv, send_len), send_len); 810 EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0); 811 } 812 813 TEST_F(tls, recvmsg_single) 814 { 815 char const *test_str = "test_recvmsg_single"; 816 int send_len = strlen(test_str) + 1; 817 char buf[20]; 818 struct msghdr hdr; 819 struct iovec vec; 820 821 memset(&hdr, 0, sizeof(hdr)); 822 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 823 vec.iov_base = (char *)buf; 824 vec.iov_len = send_len; 825 hdr.msg_iovlen = 1; 826 hdr.msg_iov = &vec; 827 EXPECT_NE(recvmsg(self->cfd, &hdr, 0), -1); 828 EXPECT_EQ(memcmp(test_str, buf, send_len), 0); 829 } 830 831 TEST_F(tls, recvmsg_single_max) 832 { 833 int send_len = TLS_PAYLOAD_MAX_LEN; 834 char send_mem[TLS_PAYLOAD_MAX_LEN]; 835 char recv_mem[TLS_PAYLOAD_MAX_LEN]; 836 struct iovec vec; 837 struct msghdr hdr; 838 839 memrnd(send_mem, sizeof(send_mem)); 840 841 EXPECT_EQ(send(self->fd, send_mem, send_len, 0), send_len); 842 vec.iov_base = (char *)recv_mem; 843 vec.iov_len = TLS_PAYLOAD_MAX_LEN; 844 845 hdr.msg_iovlen = 1; 846 hdr.msg_iov = &vec; 847 EXPECT_NE(recvmsg(self->cfd, &hdr, 0), -1); 848 EXPECT_EQ(memcmp(send_mem, recv_mem, send_len), 0); 849 } 850 851 TEST_F(tls, recvmsg_multiple) 852 { 853 unsigned int msg_iovlen = 1024; 854 struct iovec vec[1024]; 855 char *iov_base[1024]; 856 unsigned int iov_len = 16; 857 int send_len = 1 << 14; 858 char buf[1 << 14]; 859 struct msghdr hdr; 860 int i; 861 862 memrnd(buf, sizeof(buf)); 863 864 EXPECT_EQ(send(self->fd, buf, send_len, 0), send_len); 865 for (i = 0; i < msg_iovlen; i++) { 866 iov_base[i] = (char *)malloc(iov_len); 867 vec[i].iov_base = iov_base[i]; 868 vec[i].iov_len = iov_len; 869 } 870 871 hdr.msg_iovlen = msg_iovlen; 872 hdr.msg_iov = vec; 873 EXPECT_NE(recvmsg(self->cfd, &hdr, 0), -1); 874 875 for (i = 0; i < msg_iovlen; i++) 876 free(iov_base[i]); 877 } 878 879 TEST_F(tls, single_send_multiple_recv) 880 { 881 unsigned int total_len = TLS_PAYLOAD_MAX_LEN * 2; 882 unsigned int send_len = TLS_PAYLOAD_MAX_LEN; 883 char send_mem[TLS_PAYLOAD_MAX_LEN * 2]; 884 char recv_mem[TLS_PAYLOAD_MAX_LEN * 2]; 885 886 memrnd(send_mem, sizeof(send_mem)); 887 888 EXPECT_GE(send(self->fd, send_mem, total_len, 0), 0); 889 memset(recv_mem, 0, total_len); 890 891 EXPECT_NE(recv(self->cfd, recv_mem, send_len, 0), -1); 892 EXPECT_NE(recv(self->cfd, recv_mem + send_len, send_len, 0), -1); 893 EXPECT_EQ(memcmp(send_mem, recv_mem, total_len), 0); 894 } 895 896 TEST_F(tls, multiple_send_single_recv) 897 { 898 unsigned int total_len = 2 * 10; 899 unsigned int send_len = 10; 900 char recv_mem[2 * 10]; 901 char send_mem[10]; 902 903 memrnd(send_mem, sizeof(send_mem)); 904 905 EXPECT_GE(send(self->fd, send_mem, send_len, 0), 0); 906 EXPECT_GE(send(self->fd, send_mem, send_len, 0), 0); 907 memset(recv_mem, 0, total_len); 908 EXPECT_EQ(recv(self->cfd, recv_mem, total_len, MSG_WAITALL), total_len); 909 910 EXPECT_EQ(memcmp(send_mem, recv_mem, send_len), 0); 911 EXPECT_EQ(memcmp(send_mem, recv_mem + send_len, send_len), 0); 912 } 913 914 TEST_F(tls, single_send_multiple_recv_non_align) 915 { 916 const unsigned int total_len = 15; 917 const unsigned int recv_len = 10; 918 char recv_mem[recv_len * 2]; 919 char send_mem[total_len]; 920 921 memrnd(send_mem, sizeof(send_mem)); 922 923 EXPECT_GE(send(self->fd, send_mem, total_len, 0), 0); 924 memset(recv_mem, 0, total_len); 925 926 EXPECT_EQ(recv(self->cfd, recv_mem, recv_len, 0), recv_len); 927 EXPECT_EQ(recv(self->cfd, recv_mem + recv_len, recv_len, 0), 5); 928 EXPECT_EQ(memcmp(send_mem, recv_mem, total_len), 0); 929 } 930 931 TEST_F(tls, recv_partial) 932 { 933 char const *test_str = "test_read_partial"; 934 char const *test_str_first = "test_read"; 935 char const *test_str_second = "_partial"; 936 int send_len = strlen(test_str) + 1; 937 char recv_mem[18]; 938 939 memset(recv_mem, 0, sizeof(recv_mem)); 940 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 941 EXPECT_NE(recv(self->cfd, recv_mem, strlen(test_str_first), 942 MSG_WAITALL), -1); 943 EXPECT_EQ(memcmp(test_str_first, recv_mem, strlen(test_str_first)), 0); 944 memset(recv_mem, 0, sizeof(recv_mem)); 945 EXPECT_NE(recv(self->cfd, recv_mem, strlen(test_str_second), 946 MSG_WAITALL), -1); 947 EXPECT_EQ(memcmp(test_str_second, recv_mem, strlen(test_str_second)), 948 0); 949 } 950 951 TEST_F(tls, recv_nonblock) 952 { 953 char buf[4096]; 954 bool err; 955 956 EXPECT_EQ(recv(self->cfd, buf, sizeof(buf), MSG_DONTWAIT), -1); 957 err = (errno == EAGAIN || errno == EWOULDBLOCK); 958 EXPECT_EQ(err, true); 959 } 960 961 TEST_F(tls, recv_peek) 962 { 963 char const *test_str = "test_read_peek"; 964 int send_len = strlen(test_str) + 1; 965 char buf[15]; 966 967 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 968 EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_PEEK), send_len); 969 EXPECT_EQ(memcmp(test_str, buf, send_len), 0); 970 memset(buf, 0, sizeof(buf)); 971 EXPECT_EQ(recv(self->cfd, buf, send_len, 0), send_len); 972 EXPECT_EQ(memcmp(test_str, buf, send_len), 0); 973 } 974 975 TEST_F(tls, recv_peek_multiple) 976 { 977 char const *test_str = "test_read_peek"; 978 int send_len = strlen(test_str) + 1; 979 unsigned int num_peeks = 100; 980 char buf[15]; 981 int i; 982 983 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 984 for (i = 0; i < num_peeks; i++) { 985 EXPECT_NE(recv(self->cfd, buf, send_len, MSG_PEEK), -1); 986 EXPECT_EQ(memcmp(test_str, buf, send_len), 0); 987 memset(buf, 0, sizeof(buf)); 988 } 989 EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1); 990 EXPECT_EQ(memcmp(test_str, buf, send_len), 0); 991 } 992 993 TEST_F(tls, recv_peek_multiple_records) 994 { 995 char const *test_str = "test_read_peek_mult_recs"; 996 char const *test_str_first = "test_read_peek"; 997 char const *test_str_second = "_mult_recs"; 998 int len; 999 char buf[64]; 1000 1001 len = strlen(test_str_first); 1002 EXPECT_EQ(send(self->fd, test_str_first, len, 0), len); 1003 1004 len = strlen(test_str_second) + 1; 1005 EXPECT_EQ(send(self->fd, test_str_second, len, 0), len); 1006 1007 len = strlen(test_str_first); 1008 memset(buf, 0, len); 1009 EXPECT_EQ(recv(self->cfd, buf, len, MSG_PEEK | MSG_WAITALL), len); 1010 1011 /* MSG_PEEK can only peek into the current record. */ 1012 len = strlen(test_str_first); 1013 EXPECT_EQ(memcmp(test_str_first, buf, len), 0); 1014 1015 len = strlen(test_str) + 1; 1016 memset(buf, 0, len); 1017 EXPECT_EQ(recv(self->cfd, buf, len, MSG_WAITALL), len); 1018 1019 /* Non-MSG_PEEK will advance strparser (and therefore record) 1020 * however. 1021 */ 1022 len = strlen(test_str) + 1; 1023 EXPECT_EQ(memcmp(test_str, buf, len), 0); 1024 1025 /* MSG_MORE will hold current record open, so later MSG_PEEK 1026 * will see everything. 1027 */ 1028 len = strlen(test_str_first); 1029 EXPECT_EQ(send(self->fd, test_str_first, len, MSG_MORE), len); 1030 1031 len = strlen(test_str_second) + 1; 1032 EXPECT_EQ(send(self->fd, test_str_second, len, 0), len); 1033 1034 len = strlen(test_str) + 1; 1035 memset(buf, 0, len); 1036 EXPECT_EQ(recv(self->cfd, buf, len, MSG_PEEK | MSG_WAITALL), len); 1037 1038 len = strlen(test_str) + 1; 1039 EXPECT_EQ(memcmp(test_str, buf, len), 0); 1040 } 1041 1042 TEST_F(tls, recv_peek_large_buf_mult_recs) 1043 { 1044 char const *test_str = "test_read_peek_mult_recs"; 1045 char const *test_str_first = "test_read_peek"; 1046 char const *test_str_second = "_mult_recs"; 1047 int len; 1048 char buf[64]; 1049 1050 len = strlen(test_str_first); 1051 EXPECT_EQ(send(self->fd, test_str_first, len, 0), len); 1052 1053 len = strlen(test_str_second) + 1; 1054 EXPECT_EQ(send(self->fd, test_str_second, len, 0), len); 1055 1056 len = strlen(test_str) + 1; 1057 memset(buf, 0, len); 1058 EXPECT_NE((len = recv(self->cfd, buf, len, 1059 MSG_PEEK | MSG_WAITALL)), -1); 1060 len = strlen(test_str) + 1; 1061 EXPECT_EQ(memcmp(test_str, buf, len), 0); 1062 } 1063 1064 TEST_F(tls, recv_lowat) 1065 { 1066 char send_mem[10] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 }; 1067 char recv_mem[20]; 1068 int lowat = 8; 1069 1070 EXPECT_EQ(send(self->fd, send_mem, 10, 0), 10); 1071 EXPECT_EQ(send(self->fd, send_mem, 5, 0), 5); 1072 1073 memset(recv_mem, 0, 20); 1074 EXPECT_EQ(setsockopt(self->cfd, SOL_SOCKET, SO_RCVLOWAT, 1075 &lowat, sizeof(lowat)), 0); 1076 EXPECT_EQ(recv(self->cfd, recv_mem, 1, MSG_WAITALL), 1); 1077 EXPECT_EQ(recv(self->cfd, recv_mem + 1, 6, MSG_WAITALL), 6); 1078 EXPECT_EQ(recv(self->cfd, recv_mem + 7, 10, 0), 8); 1079 1080 EXPECT_EQ(memcmp(send_mem, recv_mem, 10), 0); 1081 EXPECT_EQ(memcmp(send_mem, recv_mem + 10, 5), 0); 1082 } 1083 1084 TEST_F(tls, bidir) 1085 { 1086 char const *test_str = "test_read"; 1087 int send_len = 10; 1088 char buf[10]; 1089 int ret; 1090 1091 if (!self->notls) { 1092 struct tls_crypto_info_keys tls12; 1093 1094 tls_crypto_info_init(variant->tls_version, variant->cipher_type, 1095 &tls12); 1096 1097 ret = setsockopt(self->fd, SOL_TLS, TLS_RX, &tls12, 1098 tls12.len); 1099 ASSERT_EQ(ret, 0); 1100 1101 ret = setsockopt(self->cfd, SOL_TLS, TLS_TX, &tls12, 1102 tls12.len); 1103 ASSERT_EQ(ret, 0); 1104 } 1105 1106 ASSERT_EQ(strlen(test_str) + 1, send_len); 1107 1108 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 1109 EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1); 1110 EXPECT_EQ(memcmp(buf, test_str, send_len), 0); 1111 1112 memset(buf, 0, sizeof(buf)); 1113 1114 EXPECT_EQ(send(self->cfd, test_str, send_len, 0), send_len); 1115 EXPECT_NE(recv(self->fd, buf, send_len, 0), -1); 1116 EXPECT_EQ(memcmp(buf, test_str, send_len), 0); 1117 }; 1118 1119 TEST_F(tls, pollin) 1120 { 1121 char const *test_str = "test_poll"; 1122 struct pollfd fd = { 0, 0, 0 }; 1123 char buf[10]; 1124 int send_len = 10; 1125 1126 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 1127 fd.fd = self->cfd; 1128 fd.events = POLLIN; 1129 1130 EXPECT_EQ(poll(&fd, 1, 20), 1); 1131 EXPECT_EQ(fd.revents & POLLIN, 1); 1132 EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_WAITALL), send_len); 1133 /* Test timing out */ 1134 EXPECT_EQ(poll(&fd, 1, 20), 0); 1135 } 1136 1137 TEST_F(tls, poll_wait) 1138 { 1139 char const *test_str = "test_poll_wait"; 1140 int send_len = strlen(test_str) + 1; 1141 struct pollfd fd = { 0, 0, 0 }; 1142 char recv_mem[15]; 1143 1144 fd.fd = self->cfd; 1145 fd.events = POLLIN; 1146 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 1147 /* Set timeout to inf. secs */ 1148 EXPECT_EQ(poll(&fd, 1, -1), 1); 1149 EXPECT_EQ(fd.revents & POLLIN, 1); 1150 EXPECT_EQ(recv(self->cfd, recv_mem, send_len, MSG_WAITALL), send_len); 1151 } 1152 1153 TEST_F(tls, poll_wait_split) 1154 { 1155 struct pollfd fd = { 0, 0, 0 }; 1156 char send_mem[20] = {}; 1157 char recv_mem[15]; 1158 1159 fd.fd = self->cfd; 1160 fd.events = POLLIN; 1161 /* Send 20 bytes */ 1162 EXPECT_EQ(send(self->fd, send_mem, sizeof(send_mem), 0), 1163 sizeof(send_mem)); 1164 /* Poll with inf. timeout */ 1165 EXPECT_EQ(poll(&fd, 1, -1), 1); 1166 EXPECT_EQ(fd.revents & POLLIN, 1); 1167 EXPECT_EQ(recv(self->cfd, recv_mem, sizeof(recv_mem), MSG_WAITALL), 1168 sizeof(recv_mem)); 1169 1170 /* Now the remaining 5 bytes of record data are in TLS ULP */ 1171 fd.fd = self->cfd; 1172 fd.events = POLLIN; 1173 EXPECT_EQ(poll(&fd, 1, -1), 1); 1174 EXPECT_EQ(fd.revents & POLLIN, 1); 1175 EXPECT_EQ(recv(self->cfd, recv_mem, sizeof(recv_mem), 0), 1176 sizeof(send_mem) - sizeof(recv_mem)); 1177 } 1178 1179 TEST_F(tls, blocking) 1180 { 1181 size_t data = 100000; 1182 int res = fork(); 1183 1184 EXPECT_NE(res, -1); 1185 1186 if (res) { 1187 /* parent */ 1188 size_t left = data; 1189 char buf[16384]; 1190 int status; 1191 int pid2; 1192 1193 while (left) { 1194 int res = send(self->fd, buf, 1195 left > 16384 ? 16384 : left, 0); 1196 1197 EXPECT_GE(res, 0); 1198 left -= res; 1199 } 1200 1201 pid2 = wait(&status); 1202 EXPECT_EQ(status, 0); 1203 EXPECT_EQ(res, pid2); 1204 } else { 1205 /* child */ 1206 size_t left = data; 1207 char buf[16384]; 1208 1209 while (left) { 1210 int res = recv(self->cfd, buf, 1211 left > 16384 ? 16384 : left, 0); 1212 1213 EXPECT_GE(res, 0); 1214 left -= res; 1215 } 1216 } 1217 } 1218 1219 TEST_F(tls, nonblocking) 1220 { 1221 size_t data = 100000; 1222 int sendbuf = 100; 1223 int flags; 1224 int res; 1225 1226 flags = fcntl(self->fd, F_GETFL, 0); 1227 fcntl(self->fd, F_SETFL, flags | O_NONBLOCK); 1228 fcntl(self->cfd, F_SETFL, flags | O_NONBLOCK); 1229 1230 /* Ensure nonblocking behavior by imposing a small send 1231 * buffer. 1232 */ 1233 EXPECT_EQ(setsockopt(self->fd, SOL_SOCKET, SO_SNDBUF, 1234 &sendbuf, sizeof(sendbuf)), 0); 1235 1236 res = fork(); 1237 EXPECT_NE(res, -1); 1238 1239 if (res) { 1240 /* parent */ 1241 bool eagain = false; 1242 size_t left = data; 1243 char buf[16384]; 1244 int status; 1245 int pid2; 1246 1247 while (left) { 1248 int res = send(self->fd, buf, 1249 left > 16384 ? 16384 : left, 0); 1250 1251 if (res == -1 && errno == EAGAIN) { 1252 eagain = true; 1253 usleep(10000); 1254 continue; 1255 } 1256 EXPECT_GE(res, 0); 1257 left -= res; 1258 } 1259 1260 EXPECT_TRUE(eagain); 1261 pid2 = wait(&status); 1262 1263 EXPECT_EQ(status, 0); 1264 EXPECT_EQ(res, pid2); 1265 } else { 1266 /* child */ 1267 bool eagain = false; 1268 size_t left = data; 1269 char buf[16384]; 1270 1271 while (left) { 1272 int res = recv(self->cfd, buf, 1273 left > 16384 ? 16384 : left, 0); 1274 1275 if (res == -1 && errno == EAGAIN) { 1276 eagain = true; 1277 usleep(10000); 1278 continue; 1279 } 1280 EXPECT_GE(res, 0); 1281 left -= res; 1282 } 1283 EXPECT_TRUE(eagain); 1284 } 1285 } 1286 1287 static void 1288 test_mutliproc(struct __test_metadata *_metadata, struct _test_data_tls *self, 1289 bool sendpg, unsigned int n_readers, unsigned int n_writers) 1290 { 1291 const unsigned int n_children = n_readers + n_writers; 1292 const size_t data = 6 * 1000 * 1000; 1293 const size_t file_sz = data / 100; 1294 size_t read_bias, write_bias; 1295 int i, fd, child_id; 1296 char buf[file_sz]; 1297 pid_t pid; 1298 1299 /* Only allow multiples for simplicity */ 1300 ASSERT_EQ(!(n_readers % n_writers) || !(n_writers % n_readers), true); 1301 read_bias = n_writers / n_readers ?: 1; 1302 write_bias = n_readers / n_writers ?: 1; 1303 1304 /* prep a file to send */ 1305 fd = open("/tmp/", O_TMPFILE | O_RDWR, 0600); 1306 ASSERT_GE(fd, 0); 1307 1308 memset(buf, 0xac, file_sz); 1309 ASSERT_EQ(write(fd, buf, file_sz), file_sz); 1310 1311 /* spawn children */ 1312 for (child_id = 0; child_id < n_children; child_id++) { 1313 pid = fork(); 1314 ASSERT_NE(pid, -1); 1315 if (!pid) 1316 break; 1317 } 1318 1319 /* parent waits for all children */ 1320 if (pid) { 1321 for (i = 0; i < n_children; i++) { 1322 int status; 1323 1324 wait(&status); 1325 EXPECT_EQ(status, 0); 1326 } 1327 1328 return; 1329 } 1330 1331 /* Split threads for reading and writing */ 1332 if (child_id < n_readers) { 1333 size_t left = data * read_bias; 1334 char rb[8001]; 1335 1336 while (left) { 1337 int res; 1338 1339 res = recv(self->cfd, rb, 1340 left > sizeof(rb) ? sizeof(rb) : left, 0); 1341 1342 EXPECT_GE(res, 0); 1343 left -= res; 1344 } 1345 } else { 1346 size_t left = data * write_bias; 1347 1348 while (left) { 1349 int res; 1350 1351 ASSERT_EQ(lseek(fd, 0, SEEK_SET), 0); 1352 if (sendpg) 1353 res = sendfile(self->fd, fd, NULL, 1354 left > file_sz ? file_sz : left); 1355 else 1356 res = send(self->fd, buf, 1357 left > file_sz ? file_sz : left, 0); 1358 1359 EXPECT_GE(res, 0); 1360 left -= res; 1361 } 1362 } 1363 } 1364 1365 TEST_F(tls, mutliproc_even) 1366 { 1367 test_mutliproc(_metadata, self, false, 6, 6); 1368 } 1369 1370 TEST_F(tls, mutliproc_readers) 1371 { 1372 test_mutliproc(_metadata, self, false, 4, 12); 1373 } 1374 1375 TEST_F(tls, mutliproc_writers) 1376 { 1377 test_mutliproc(_metadata, self, false, 10, 2); 1378 } 1379 1380 TEST_F(tls, mutliproc_sendpage_even) 1381 { 1382 test_mutliproc(_metadata, self, true, 6, 6); 1383 } 1384 1385 TEST_F(tls, mutliproc_sendpage_readers) 1386 { 1387 test_mutliproc(_metadata, self, true, 4, 12); 1388 } 1389 1390 TEST_F(tls, mutliproc_sendpage_writers) 1391 { 1392 test_mutliproc(_metadata, self, true, 10, 2); 1393 } 1394 1395 TEST_F(tls, control_msg) 1396 { 1397 char *test_str = "test_read"; 1398 char record_type = 100; 1399 int send_len = 10; 1400 char buf[10]; 1401 1402 if (self->notls) 1403 SKIP(return, "no TLS support"); 1404 1405 EXPECT_EQ(tls_send_cmsg(self->fd, record_type, test_str, send_len, 0), 1406 send_len); 1407 /* Should fail because we didn't provide a control message */ 1408 EXPECT_EQ(recv(self->cfd, buf, send_len, 0), -1); 1409 1410 EXPECT_EQ(tls_recv_cmsg(_metadata, self->cfd, record_type, 1411 buf, sizeof(buf), MSG_WAITALL | MSG_PEEK), 1412 send_len); 1413 EXPECT_EQ(memcmp(buf, test_str, send_len), 0); 1414 1415 /* Recv the message again without MSG_PEEK */ 1416 memset(buf, 0, sizeof(buf)); 1417 1418 EXPECT_EQ(tls_recv_cmsg(_metadata, self->cfd, record_type, 1419 buf, sizeof(buf), MSG_WAITALL), 1420 send_len); 1421 EXPECT_EQ(memcmp(buf, test_str, send_len), 0); 1422 } 1423 1424 TEST_F(tls, shutdown) 1425 { 1426 char const *test_str = "test_read"; 1427 int send_len = 10; 1428 char buf[10]; 1429 1430 ASSERT_EQ(strlen(test_str) + 1, send_len); 1431 1432 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); 1433 EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1); 1434 EXPECT_EQ(memcmp(buf, test_str, send_len), 0); 1435 1436 shutdown(self->fd, SHUT_RDWR); 1437 shutdown(self->cfd, SHUT_RDWR); 1438 } 1439 1440 TEST_F(tls, shutdown_unsent) 1441 { 1442 char const *test_str = "test_read"; 1443 int send_len = 10; 1444 1445 EXPECT_EQ(send(self->fd, test_str, send_len, MSG_MORE), send_len); 1446 1447 shutdown(self->fd, SHUT_RDWR); 1448 shutdown(self->cfd, SHUT_RDWR); 1449 } 1450 1451 TEST_F(tls, shutdown_reuse) 1452 { 1453 struct sockaddr_in addr; 1454 int ret; 1455 1456 shutdown(self->fd, SHUT_RDWR); 1457 shutdown(self->cfd, SHUT_RDWR); 1458 close(self->cfd); 1459 1460 addr.sin_family = AF_INET; 1461 addr.sin_addr.s_addr = htonl(INADDR_ANY); 1462 addr.sin_port = 0; 1463 1464 ret = bind(self->fd, &addr, sizeof(addr)); 1465 EXPECT_EQ(ret, 0); 1466 ret = listen(self->fd, 10); 1467 EXPECT_EQ(ret, -1); 1468 EXPECT_EQ(errno, EINVAL); 1469 1470 ret = connect(self->fd, &addr, sizeof(addr)); 1471 EXPECT_EQ(ret, -1); 1472 EXPECT_EQ(errno, EISCONN); 1473 } 1474 1475 FIXTURE(tls_err) 1476 { 1477 int fd, cfd; 1478 int fd2, cfd2; 1479 bool notls; 1480 }; 1481 1482 FIXTURE_VARIANT(tls_err) 1483 { 1484 uint16_t tls_version; 1485 }; 1486 1487 FIXTURE_VARIANT_ADD(tls_err, 12_aes_gcm) 1488 { 1489 .tls_version = TLS_1_2_VERSION, 1490 }; 1491 1492 FIXTURE_VARIANT_ADD(tls_err, 13_aes_gcm) 1493 { 1494 .tls_version = TLS_1_3_VERSION, 1495 }; 1496 1497 FIXTURE_SETUP(tls_err) 1498 { 1499 struct tls_crypto_info_keys tls12; 1500 int ret; 1501 1502 tls_crypto_info_init(variant->tls_version, TLS_CIPHER_AES_GCM_128, 1503 &tls12); 1504 1505 ulp_sock_pair(_metadata, &self->fd, &self->cfd, &self->notls); 1506 ulp_sock_pair(_metadata, &self->fd2, &self->cfd2, &self->notls); 1507 if (self->notls) 1508 return; 1509 1510 ret = setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, tls12.len); 1511 ASSERT_EQ(ret, 0); 1512 1513 ret = setsockopt(self->cfd2, SOL_TLS, TLS_RX, &tls12, tls12.len); 1514 ASSERT_EQ(ret, 0); 1515 } 1516 1517 FIXTURE_TEARDOWN(tls_err) 1518 { 1519 close(self->fd); 1520 close(self->cfd); 1521 close(self->fd2); 1522 close(self->cfd2); 1523 } 1524 1525 TEST_F(tls_err, bad_rec) 1526 { 1527 char buf[64]; 1528 1529 if (self->notls) 1530 SKIP(return, "no TLS support"); 1531 1532 memset(buf, 0x55, sizeof(buf)); 1533 EXPECT_EQ(send(self->fd2, buf, sizeof(buf), 0), sizeof(buf)); 1534 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1); 1535 EXPECT_EQ(errno, EMSGSIZE); 1536 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), MSG_DONTWAIT), -1); 1537 EXPECT_EQ(errno, EAGAIN); 1538 } 1539 1540 TEST_F(tls_err, bad_auth) 1541 { 1542 char buf[128]; 1543 int n; 1544 1545 if (self->notls) 1546 SKIP(return, "no TLS support"); 1547 1548 memrnd(buf, sizeof(buf) / 2); 1549 EXPECT_EQ(send(self->fd, buf, sizeof(buf) / 2, 0), sizeof(buf) / 2); 1550 n = recv(self->cfd, buf, sizeof(buf), 0); 1551 EXPECT_GT(n, sizeof(buf) / 2); 1552 1553 buf[n - 1]++; 1554 1555 EXPECT_EQ(send(self->fd2, buf, n, 0), n); 1556 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1); 1557 EXPECT_EQ(errno, EBADMSG); 1558 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1); 1559 EXPECT_EQ(errno, EBADMSG); 1560 } 1561 1562 TEST_F(tls_err, bad_in_large_read) 1563 { 1564 char txt[3][64]; 1565 char cip[3][128]; 1566 char buf[3 * 128]; 1567 int i, n; 1568 1569 if (self->notls) 1570 SKIP(return, "no TLS support"); 1571 1572 /* Put 3 records in the sockets */ 1573 for (i = 0; i < 3; i++) { 1574 memrnd(txt[i], sizeof(txt[i])); 1575 EXPECT_EQ(send(self->fd, txt[i], sizeof(txt[i]), 0), 1576 sizeof(txt[i])); 1577 n = recv(self->cfd, cip[i], sizeof(cip[i]), 0); 1578 EXPECT_GT(n, sizeof(txt[i])); 1579 /* Break the third message */ 1580 if (i == 2) 1581 cip[2][n - 1]++; 1582 EXPECT_EQ(send(self->fd2, cip[i], n, 0), n); 1583 } 1584 1585 /* We should be able to receive the first two messages */ 1586 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), sizeof(txt[0]) * 2); 1587 EXPECT_EQ(memcmp(buf, txt[0], sizeof(txt[0])), 0); 1588 EXPECT_EQ(memcmp(buf + sizeof(txt[0]), txt[1], sizeof(txt[1])), 0); 1589 /* Third mesasge is bad */ 1590 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1); 1591 EXPECT_EQ(errno, EBADMSG); 1592 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1); 1593 EXPECT_EQ(errno, EBADMSG); 1594 } 1595 1596 TEST_F(tls_err, bad_cmsg) 1597 { 1598 char *test_str = "test_read"; 1599 int send_len = 10; 1600 char cip[128]; 1601 char buf[128]; 1602 char txt[64]; 1603 int n; 1604 1605 if (self->notls) 1606 SKIP(return, "no TLS support"); 1607 1608 /* Queue up one data record */ 1609 memrnd(txt, sizeof(txt)); 1610 EXPECT_EQ(send(self->fd, txt, sizeof(txt), 0), sizeof(txt)); 1611 n = recv(self->cfd, cip, sizeof(cip), 0); 1612 EXPECT_GT(n, sizeof(txt)); 1613 EXPECT_EQ(send(self->fd2, cip, n, 0), n); 1614 1615 EXPECT_EQ(tls_send_cmsg(self->fd, 100, test_str, send_len, 0), 10); 1616 n = recv(self->cfd, cip, sizeof(cip), 0); 1617 cip[n - 1]++; /* Break it */ 1618 EXPECT_GT(n, send_len); 1619 EXPECT_EQ(send(self->fd2, cip, n, 0), n); 1620 1621 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), sizeof(txt)); 1622 EXPECT_EQ(memcmp(buf, txt, sizeof(txt)), 0); 1623 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1); 1624 EXPECT_EQ(errno, EBADMSG); 1625 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1); 1626 EXPECT_EQ(errno, EBADMSG); 1627 } 1628 1629 TEST_F(tls_err, timeo) 1630 { 1631 struct timeval tv = { .tv_usec = 10000, }; 1632 char buf[128]; 1633 int ret; 1634 1635 if (self->notls) 1636 SKIP(return, "no TLS support"); 1637 1638 ret = setsockopt(self->cfd2, SOL_SOCKET, SO_RCVTIMEO, &tv, sizeof(tv)); 1639 ASSERT_EQ(ret, 0); 1640 1641 ret = fork(); 1642 ASSERT_GE(ret, 0); 1643 1644 if (ret) { 1645 usleep(1000); /* Give child a head start */ 1646 1647 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1); 1648 EXPECT_EQ(errno, EAGAIN); 1649 1650 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1); 1651 EXPECT_EQ(errno, EAGAIN); 1652 1653 wait(&ret); 1654 } else { 1655 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1); 1656 EXPECT_EQ(errno, EAGAIN); 1657 exit(0); 1658 } 1659 } 1660 1661 TEST_F(tls_err, poll_partial_rec) 1662 { 1663 struct pollfd pfd = { }; 1664 ssize_t rec_len; 1665 char rec[256]; 1666 char buf[128]; 1667 1668 if (self->notls) 1669 SKIP(return, "no TLS support"); 1670 1671 pfd.fd = self->cfd2; 1672 pfd.events = POLLIN; 1673 EXPECT_EQ(poll(&pfd, 1, 1), 0); 1674 1675 memrnd(buf, sizeof(buf)); 1676 EXPECT_EQ(send(self->fd, buf, sizeof(buf), 0), sizeof(buf)); 1677 rec_len = recv(self->cfd, rec, sizeof(rec), 0); 1678 EXPECT_GT(rec_len, sizeof(buf)); 1679 1680 /* Write 100B, not the full record ... */ 1681 EXPECT_EQ(send(self->fd2, rec, 100, 0), 100); 1682 /* ... no full record should mean no POLLIN */ 1683 pfd.fd = self->cfd2; 1684 pfd.events = POLLIN; 1685 EXPECT_EQ(poll(&pfd, 1, 1), 0); 1686 /* Now write the rest, and it should all pop out of the other end. */ 1687 EXPECT_EQ(send(self->fd2, rec + 100, rec_len - 100, 0), rec_len - 100); 1688 pfd.fd = self->cfd2; 1689 pfd.events = POLLIN; 1690 EXPECT_EQ(poll(&pfd, 1, 1), 1); 1691 EXPECT_EQ(recv(self->cfd2, rec, sizeof(rec), 0), sizeof(buf)); 1692 EXPECT_EQ(memcmp(buf, rec, sizeof(buf)), 0); 1693 } 1694 1695 TEST_F(tls_err, epoll_partial_rec) 1696 { 1697 struct epoll_event ev, events[10]; 1698 ssize_t rec_len; 1699 char rec[256]; 1700 char buf[128]; 1701 int epollfd; 1702 1703 if (self->notls) 1704 SKIP(return, "no TLS support"); 1705 1706 epollfd = epoll_create1(0); 1707 ASSERT_GE(epollfd, 0); 1708 1709 memset(&ev, 0, sizeof(ev)); 1710 ev.events = EPOLLIN; 1711 ev.data.fd = self->cfd2; 1712 ASSERT_GE(epoll_ctl(epollfd, EPOLL_CTL_ADD, self->cfd2, &ev), 0); 1713 1714 EXPECT_EQ(epoll_wait(epollfd, events, 10, 0), 0); 1715 1716 memrnd(buf, sizeof(buf)); 1717 EXPECT_EQ(send(self->fd, buf, sizeof(buf), 0), sizeof(buf)); 1718 rec_len = recv(self->cfd, rec, sizeof(rec), 0); 1719 EXPECT_GT(rec_len, sizeof(buf)); 1720 1721 /* Write 100B, not the full record ... */ 1722 EXPECT_EQ(send(self->fd2, rec, 100, 0), 100); 1723 /* ... no full record should mean no POLLIN */ 1724 EXPECT_EQ(epoll_wait(epollfd, events, 10, 0), 0); 1725 /* Now write the rest, and it should all pop out of the other end. */ 1726 EXPECT_EQ(send(self->fd2, rec + 100, rec_len - 100, 0), rec_len - 100); 1727 EXPECT_EQ(epoll_wait(epollfd, events, 10, 0), 1); 1728 EXPECT_EQ(recv(self->cfd2, rec, sizeof(rec), 0), sizeof(buf)); 1729 EXPECT_EQ(memcmp(buf, rec, sizeof(buf)), 0); 1730 1731 close(epollfd); 1732 } 1733 1734 TEST_F(tls_err, poll_partial_rec_async) 1735 { 1736 struct pollfd pfd = { }; 1737 ssize_t rec_len; 1738 char rec[256]; 1739 char buf[128]; 1740 char token; 1741 int p[2]; 1742 int ret; 1743 1744 if (self->notls) 1745 SKIP(return, "no TLS support"); 1746 1747 ASSERT_GE(pipe(p), 0); 1748 1749 memrnd(buf, sizeof(buf)); 1750 EXPECT_EQ(send(self->fd, buf, sizeof(buf), 0), sizeof(buf)); 1751 rec_len = recv(self->cfd, rec, sizeof(rec), 0); 1752 EXPECT_GT(rec_len, sizeof(buf)); 1753 1754 ret = fork(); 1755 ASSERT_GE(ret, 0); 1756 1757 if (ret) { 1758 int status, pid2; 1759 1760 close(p[1]); 1761 usleep(1000); /* Give child a head start */ 1762 1763 EXPECT_EQ(send(self->fd2, rec, 100, 0), 100); 1764 1765 EXPECT_EQ(read(p[0], &token, 1), 1); /* Barrier #1 */ 1766 1767 EXPECT_EQ(send(self->fd2, rec + 100, rec_len - 100, 0), 1768 rec_len - 100); 1769 1770 pid2 = wait(&status); 1771 EXPECT_EQ(pid2, ret); 1772 EXPECT_EQ(status, 0); 1773 } else { 1774 close(p[0]); 1775 1776 /* Child should sleep in poll(), never get a wake */ 1777 pfd.fd = self->cfd2; 1778 pfd.events = POLLIN; 1779 EXPECT_EQ(poll(&pfd, 1, 5), 0); 1780 1781 EXPECT_EQ(write(p[1], &token, 1), 1); /* Barrier #1 */ 1782 1783 pfd.fd = self->cfd2; 1784 pfd.events = POLLIN; 1785 EXPECT_EQ(poll(&pfd, 1, 5), 1); 1786 1787 exit(!_metadata->passed); 1788 } 1789 } 1790 1791 TEST(non_established) { 1792 struct tls12_crypto_info_aes_gcm_256 tls12; 1793 struct sockaddr_in addr; 1794 int sfd, ret, fd; 1795 socklen_t len; 1796 1797 len = sizeof(addr); 1798 1799 memset(&tls12, 0, sizeof(tls12)); 1800 tls12.info.version = TLS_1_2_VERSION; 1801 tls12.info.cipher_type = TLS_CIPHER_AES_GCM_256; 1802 1803 addr.sin_family = AF_INET; 1804 addr.sin_addr.s_addr = htonl(INADDR_ANY); 1805 addr.sin_port = 0; 1806 1807 fd = socket(AF_INET, SOCK_STREAM, 0); 1808 sfd = socket(AF_INET, SOCK_STREAM, 0); 1809 1810 ret = bind(sfd, &addr, sizeof(addr)); 1811 ASSERT_EQ(ret, 0); 1812 ret = listen(sfd, 10); 1813 ASSERT_EQ(ret, 0); 1814 1815 ret = setsockopt(fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")); 1816 EXPECT_EQ(ret, -1); 1817 /* TLS ULP not supported */ 1818 if (errno == ENOENT) 1819 return; 1820 EXPECT_EQ(errno, ENOTCONN); 1821 1822 ret = setsockopt(sfd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")); 1823 EXPECT_EQ(ret, -1); 1824 EXPECT_EQ(errno, ENOTCONN); 1825 1826 ret = getsockname(sfd, &addr, &len); 1827 ASSERT_EQ(ret, 0); 1828 1829 ret = connect(fd, &addr, sizeof(addr)); 1830 ASSERT_EQ(ret, 0); 1831 1832 ret = setsockopt(fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")); 1833 ASSERT_EQ(ret, 0); 1834 1835 ret = setsockopt(fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")); 1836 EXPECT_EQ(ret, -1); 1837 EXPECT_EQ(errno, EEXIST); 1838 1839 close(fd); 1840 close(sfd); 1841 } 1842 1843 TEST(keysizes) { 1844 struct tls12_crypto_info_aes_gcm_256 tls12; 1845 int ret, fd, cfd; 1846 bool notls; 1847 1848 memset(&tls12, 0, sizeof(tls12)); 1849 tls12.info.version = TLS_1_2_VERSION; 1850 tls12.info.cipher_type = TLS_CIPHER_AES_GCM_256; 1851 1852 ulp_sock_pair(_metadata, &fd, &cfd, ¬ls); 1853 1854 if (!notls) { 1855 ret = setsockopt(fd, SOL_TLS, TLS_TX, &tls12, 1856 sizeof(tls12)); 1857 EXPECT_EQ(ret, 0); 1858 1859 ret = setsockopt(cfd, SOL_TLS, TLS_RX, &tls12, 1860 sizeof(tls12)); 1861 EXPECT_EQ(ret, 0); 1862 } 1863 1864 close(fd); 1865 close(cfd); 1866 } 1867 1868 TEST(no_pad) { 1869 struct tls12_crypto_info_aes_gcm_256 tls12; 1870 int ret, fd, cfd, val; 1871 socklen_t len; 1872 bool notls; 1873 1874 memset(&tls12, 0, sizeof(tls12)); 1875 tls12.info.version = TLS_1_3_VERSION; 1876 tls12.info.cipher_type = TLS_CIPHER_AES_GCM_256; 1877 1878 ulp_sock_pair(_metadata, &fd, &cfd, ¬ls); 1879 1880 if (notls) 1881 exit(KSFT_SKIP); 1882 1883 ret = setsockopt(fd, SOL_TLS, TLS_TX, &tls12, sizeof(tls12)); 1884 EXPECT_EQ(ret, 0); 1885 1886 ret = setsockopt(cfd, SOL_TLS, TLS_RX, &tls12, sizeof(tls12)); 1887 EXPECT_EQ(ret, 0); 1888 1889 val = 1; 1890 ret = setsockopt(cfd, SOL_TLS, TLS_RX_EXPECT_NO_PAD, 1891 (void *)&val, sizeof(val)); 1892 EXPECT_EQ(ret, 0); 1893 1894 len = sizeof(val); 1895 val = 2; 1896 ret = getsockopt(cfd, SOL_TLS, TLS_RX_EXPECT_NO_PAD, 1897 (void *)&val, &len); 1898 EXPECT_EQ(ret, 0); 1899 EXPECT_EQ(val, 1); 1900 EXPECT_EQ(len, 4); 1901 1902 val = 0; 1903 ret = setsockopt(cfd, SOL_TLS, TLS_RX_EXPECT_NO_PAD, 1904 (void *)&val, sizeof(val)); 1905 EXPECT_EQ(ret, 0); 1906 1907 len = sizeof(val); 1908 val = 2; 1909 ret = getsockopt(cfd, SOL_TLS, TLS_RX_EXPECT_NO_PAD, 1910 (void *)&val, &len); 1911 EXPECT_EQ(ret, 0); 1912 EXPECT_EQ(val, 0); 1913 EXPECT_EQ(len, 4); 1914 1915 close(fd); 1916 close(cfd); 1917 } 1918 1919 TEST(tls_v6ops) { 1920 struct tls_crypto_info_keys tls12; 1921 struct sockaddr_in6 addr, addr2; 1922 int sfd, ret, fd; 1923 socklen_t len, len2; 1924 1925 tls_crypto_info_init(TLS_1_2_VERSION, TLS_CIPHER_AES_GCM_128, &tls12); 1926 1927 addr.sin6_family = AF_INET6; 1928 addr.sin6_addr = in6addr_any; 1929 addr.sin6_port = 0; 1930 1931 fd = socket(AF_INET6, SOCK_STREAM, 0); 1932 sfd = socket(AF_INET6, SOCK_STREAM, 0); 1933 1934 ret = bind(sfd, &addr, sizeof(addr)); 1935 ASSERT_EQ(ret, 0); 1936 ret = listen(sfd, 10); 1937 ASSERT_EQ(ret, 0); 1938 1939 len = sizeof(addr); 1940 ret = getsockname(sfd, &addr, &len); 1941 ASSERT_EQ(ret, 0); 1942 1943 ret = connect(fd, &addr, sizeof(addr)); 1944 ASSERT_EQ(ret, 0); 1945 1946 len = sizeof(addr); 1947 ret = getsockname(fd, &addr, &len); 1948 ASSERT_EQ(ret, 0); 1949 1950 ret = setsockopt(fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")); 1951 if (ret) { 1952 ASSERT_EQ(errno, ENOENT); 1953 SKIP(return, "no TLS support"); 1954 } 1955 ASSERT_EQ(ret, 0); 1956 1957 ret = setsockopt(fd, SOL_TLS, TLS_TX, &tls12, tls12.len); 1958 ASSERT_EQ(ret, 0); 1959 1960 ret = setsockopt(fd, SOL_TLS, TLS_RX, &tls12, tls12.len); 1961 ASSERT_EQ(ret, 0); 1962 1963 len2 = sizeof(addr2); 1964 ret = getsockname(fd, &addr2, &len2); 1965 ASSERT_EQ(ret, 0); 1966 1967 EXPECT_EQ(len2, len); 1968 EXPECT_EQ(memcmp(&addr, &addr2, len), 0); 1969 1970 close(fd); 1971 close(sfd); 1972 } 1973 1974 TEST(prequeue) { 1975 struct tls_crypto_info_keys tls12; 1976 char buf[20000], buf2[20000]; 1977 struct sockaddr_in addr; 1978 int sfd, cfd, ret, fd; 1979 socklen_t len; 1980 1981 len = sizeof(addr); 1982 memrnd(buf, sizeof(buf)); 1983 1984 tls_crypto_info_init(TLS_1_2_VERSION, TLS_CIPHER_AES_GCM_256, &tls12); 1985 1986 addr.sin_family = AF_INET; 1987 addr.sin_addr.s_addr = htonl(INADDR_ANY); 1988 addr.sin_port = 0; 1989 1990 fd = socket(AF_INET, SOCK_STREAM, 0); 1991 sfd = socket(AF_INET, SOCK_STREAM, 0); 1992 1993 ASSERT_EQ(bind(sfd, &addr, sizeof(addr)), 0); 1994 ASSERT_EQ(listen(sfd, 10), 0); 1995 ASSERT_EQ(getsockname(sfd, &addr, &len), 0); 1996 ASSERT_EQ(connect(fd, &addr, sizeof(addr)), 0); 1997 ASSERT_GE(cfd = accept(sfd, &addr, &len), 0); 1998 close(sfd); 1999 2000 ret = setsockopt(fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")); 2001 if (ret) { 2002 ASSERT_EQ(errno, ENOENT); 2003 SKIP(return, "no TLS support"); 2004 } 2005 2006 ASSERT_EQ(setsockopt(fd, SOL_TLS, TLS_TX, &tls12, tls12.len), 0); 2007 EXPECT_EQ(send(fd, buf, sizeof(buf), MSG_DONTWAIT), sizeof(buf)); 2008 2009 ASSERT_EQ(setsockopt(cfd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")), 0); 2010 ASSERT_EQ(setsockopt(cfd, SOL_TLS, TLS_RX, &tls12, tls12.len), 0); 2011 EXPECT_EQ(recv(cfd, buf2, sizeof(buf2), MSG_WAITALL), sizeof(buf2)); 2012 2013 EXPECT_EQ(memcmp(buf, buf2, sizeof(buf)), 0); 2014 2015 close(fd); 2016 close(cfd); 2017 } 2018 2019 static void __attribute__((constructor)) fips_check(void) { 2020 int res; 2021 FILE *f; 2022 2023 f = fopen("/proc/sys/crypto/fips_enabled", "r"); 2024 if (f) { 2025 res = fscanf(f, "%d", &fips_enabled); 2026 if (res != 1) 2027 ksft_print_msg("ERROR: Couldn't read /proc/sys/crypto/fips_enabled\n"); 2028 fclose(f); 2029 } 2030 } 2031 2032 TEST_HARNESS_MAIN 2033