xref: /openbmc/linux/tools/testing/selftests/net/tls.c (revision f97cee494dc92395a668445bcd24d34c89f4ff8c)
1 // SPDX-License-Identifier: GPL-2.0
2 
3 #define _GNU_SOURCE
4 
5 #include <arpa/inet.h>
6 #include <errno.h>
7 #include <error.h>
8 #include <fcntl.h>
9 #include <poll.h>
10 #include <stdio.h>
11 #include <stdlib.h>
12 #include <unistd.h>
13 
14 #include <linux/tls.h>
15 #include <linux/tcp.h>
16 #include <linux/socket.h>
17 
18 #include <sys/types.h>
19 #include <sys/sendfile.h>
20 #include <sys/socket.h>
21 #include <sys/stat.h>
22 
23 #include "../kselftest_harness.h"
24 
25 #define TLS_PAYLOAD_MAX_LEN 16384
26 #define SOL_TLS 282
27 
28 FIXTURE(tls_basic)
29 {
30 	int fd, cfd;
31 	bool notls;
32 };
33 
34 FIXTURE_SETUP(tls_basic)
35 {
36 	struct sockaddr_in addr;
37 	socklen_t len;
38 	int sfd, ret;
39 
40 	self->notls = false;
41 	len = sizeof(addr);
42 
43 	addr.sin_family = AF_INET;
44 	addr.sin_addr.s_addr = htonl(INADDR_ANY);
45 	addr.sin_port = 0;
46 
47 	self->fd = socket(AF_INET, SOCK_STREAM, 0);
48 	sfd = socket(AF_INET, SOCK_STREAM, 0);
49 
50 	ret = bind(sfd, &addr, sizeof(addr));
51 	ASSERT_EQ(ret, 0);
52 	ret = listen(sfd, 10);
53 	ASSERT_EQ(ret, 0);
54 
55 	ret = getsockname(sfd, &addr, &len);
56 	ASSERT_EQ(ret, 0);
57 
58 	ret = connect(self->fd, &addr, sizeof(addr));
59 	ASSERT_EQ(ret, 0);
60 
61 	self->cfd = accept(sfd, &addr, &len);
62 	ASSERT_GE(self->cfd, 0);
63 
64 	close(sfd);
65 
66 	ret = setsockopt(self->fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls"));
67 	if (ret != 0) {
68 		ASSERT_EQ(errno, ENOENT);
69 		self->notls = true;
70 		printf("Failure setting TCP_ULP, testing without tls\n");
71 		return;
72 	}
73 
74 	ret = setsockopt(self->cfd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls"));
75 	ASSERT_EQ(ret, 0);
76 }
77 
78 FIXTURE_TEARDOWN(tls_basic)
79 {
80 	close(self->fd);
81 	close(self->cfd);
82 }
83 
84 /* Send some data through with ULP but no keys */
85 TEST_F(tls_basic, base_base)
86 {
87 	char const *test_str = "test_read";
88 	int send_len = 10;
89 	char buf[10];
90 
91 	ASSERT_EQ(strlen(test_str) + 1, send_len);
92 
93 	EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
94 	EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1);
95 	EXPECT_EQ(memcmp(buf, test_str, send_len), 0);
96 };
97 
98 FIXTURE(tls)
99 {
100 	int fd, cfd;
101 	bool notls;
102 };
103 
104 FIXTURE_VARIANT(tls)
105 {
106 	unsigned int tls_version;
107 };
108 
109 FIXTURE_VARIANT_ADD(tls, 12)
110 {
111 	.tls_version = TLS_1_2_VERSION,
112 };
113 
114 FIXTURE_VARIANT_ADD(tls, 13)
115 {
116 	.tls_version = TLS_1_3_VERSION,
117 };
118 
119 FIXTURE_SETUP(tls)
120 {
121 	struct tls12_crypto_info_aes_gcm_128 tls12;
122 	struct sockaddr_in addr;
123 	socklen_t len;
124 	int sfd, ret;
125 
126 	self->notls = false;
127 	len = sizeof(addr);
128 
129 	memset(&tls12, 0, sizeof(tls12));
130 	tls12.info.version = variant->tls_version;
131 	tls12.info.cipher_type = TLS_CIPHER_AES_GCM_128;
132 
133 	addr.sin_family = AF_INET;
134 	addr.sin_addr.s_addr = htonl(INADDR_ANY);
135 	addr.sin_port = 0;
136 
137 	self->fd = socket(AF_INET, SOCK_STREAM, 0);
138 	sfd = socket(AF_INET, SOCK_STREAM, 0);
139 
140 	ret = bind(sfd, &addr, sizeof(addr));
141 	ASSERT_EQ(ret, 0);
142 	ret = listen(sfd, 10);
143 	ASSERT_EQ(ret, 0);
144 
145 	ret = getsockname(sfd, &addr, &len);
146 	ASSERT_EQ(ret, 0);
147 
148 	ret = connect(self->fd, &addr, sizeof(addr));
149 	ASSERT_EQ(ret, 0);
150 
151 	ret = setsockopt(self->fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls"));
152 	if (ret != 0) {
153 		self->notls = true;
154 		printf("Failure setting TCP_ULP, testing without tls\n");
155 	}
156 
157 	if (!self->notls) {
158 		ret = setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12,
159 				 sizeof(tls12));
160 		ASSERT_EQ(ret, 0);
161 	}
162 
163 	self->cfd = accept(sfd, &addr, &len);
164 	ASSERT_GE(self->cfd, 0);
165 
166 	if (!self->notls) {
167 		ret = setsockopt(self->cfd, IPPROTO_TCP, TCP_ULP, "tls",
168 				 sizeof("tls"));
169 		ASSERT_EQ(ret, 0);
170 
171 		ret = setsockopt(self->cfd, SOL_TLS, TLS_RX, &tls12,
172 				 sizeof(tls12));
173 		ASSERT_EQ(ret, 0);
174 	}
175 
176 	close(sfd);
177 }
178 
179 FIXTURE_TEARDOWN(tls)
180 {
181 	close(self->fd);
182 	close(self->cfd);
183 }
184 
185 TEST_F(tls, sendfile)
186 {
187 	int filefd = open("/proc/self/exe", O_RDONLY);
188 	struct stat st;
189 
190 	EXPECT_GE(filefd, 0);
191 	fstat(filefd, &st);
192 	EXPECT_GE(sendfile(self->fd, filefd, 0, st.st_size), 0);
193 }
194 
195 TEST_F(tls, send_then_sendfile)
196 {
197 	int filefd = open("/proc/self/exe", O_RDONLY);
198 	char const *test_str = "test_send";
199 	int to_send = strlen(test_str) + 1;
200 	char recv_buf[10];
201 	struct stat st;
202 	char *buf;
203 
204 	EXPECT_GE(filefd, 0);
205 	fstat(filefd, &st);
206 	buf = (char *)malloc(st.st_size);
207 
208 	EXPECT_EQ(send(self->fd, test_str, to_send, 0), to_send);
209 	EXPECT_EQ(recv(self->cfd, recv_buf, to_send, MSG_WAITALL), to_send);
210 	EXPECT_EQ(memcmp(test_str, recv_buf, to_send), 0);
211 
212 	EXPECT_GE(sendfile(self->fd, filefd, 0, st.st_size), 0);
213 	EXPECT_EQ(recv(self->cfd, buf, st.st_size, MSG_WAITALL), st.st_size);
214 }
215 
216 static void chunked_sendfile(struct __test_metadata *_metadata,
217 			     struct _test_data_tls *self,
218 			     uint16_t chunk_size,
219 			     uint16_t extra_payload_size)
220 {
221 	char buf[TLS_PAYLOAD_MAX_LEN];
222 	uint16_t test_payload_size;
223 	int size = 0;
224 	int ret;
225 	char filename[] = "/tmp/mytemp.XXXXXX";
226 	int fd = mkstemp(filename);
227 	off_t offset = 0;
228 
229 	unlink(filename);
230 	ASSERT_GE(fd, 0);
231 	EXPECT_GE(chunk_size, 1);
232 	test_payload_size = chunk_size + extra_payload_size;
233 	ASSERT_GE(TLS_PAYLOAD_MAX_LEN, test_payload_size);
234 	memset(buf, 1, test_payload_size);
235 	size = write(fd, buf, test_payload_size);
236 	EXPECT_EQ(size, test_payload_size);
237 	fsync(fd);
238 
239 	while (size > 0) {
240 		ret = sendfile(self->fd, fd, &offset, chunk_size);
241 		EXPECT_GE(ret, 0);
242 		size -= ret;
243 	}
244 
245 	EXPECT_EQ(recv(self->cfd, buf, test_payload_size, MSG_WAITALL),
246 		  test_payload_size);
247 
248 	close(fd);
249 }
250 
251 TEST_F(tls, multi_chunk_sendfile)
252 {
253 	chunked_sendfile(_metadata, self, 4096, 4096);
254 	chunked_sendfile(_metadata, self, 4096, 0);
255 	chunked_sendfile(_metadata, self, 4096, 1);
256 	chunked_sendfile(_metadata, self, 4096, 2048);
257 	chunked_sendfile(_metadata, self, 8192, 2048);
258 	chunked_sendfile(_metadata, self, 4096, 8192);
259 	chunked_sendfile(_metadata, self, 8192, 4096);
260 	chunked_sendfile(_metadata, self, 12288, 1024);
261 	chunked_sendfile(_metadata, self, 12288, 2000);
262 	chunked_sendfile(_metadata, self, 15360, 100);
263 	chunked_sendfile(_metadata, self, 15360, 300);
264 	chunked_sendfile(_metadata, self, 1, 4096);
265 	chunked_sendfile(_metadata, self, 2048, 4096);
266 	chunked_sendfile(_metadata, self, 2048, 8192);
267 	chunked_sendfile(_metadata, self, 4096, 8192);
268 	chunked_sendfile(_metadata, self, 1024, 12288);
269 	chunked_sendfile(_metadata, self, 2000, 12288);
270 	chunked_sendfile(_metadata, self, 100, 15360);
271 	chunked_sendfile(_metadata, self, 300, 15360);
272 }
273 
274 TEST_F(tls, recv_max)
275 {
276 	unsigned int send_len = TLS_PAYLOAD_MAX_LEN;
277 	char recv_mem[TLS_PAYLOAD_MAX_LEN];
278 	char buf[TLS_PAYLOAD_MAX_LEN];
279 
280 	EXPECT_GE(send(self->fd, buf, send_len, 0), 0);
281 	EXPECT_NE(recv(self->cfd, recv_mem, send_len, 0), -1);
282 	EXPECT_EQ(memcmp(buf, recv_mem, send_len), 0);
283 }
284 
285 TEST_F(tls, recv_small)
286 {
287 	char const *test_str = "test_read";
288 	int send_len = 10;
289 	char buf[10];
290 
291 	send_len = strlen(test_str) + 1;
292 	EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
293 	EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1);
294 	EXPECT_EQ(memcmp(buf, test_str, send_len), 0);
295 }
296 
297 TEST_F(tls, msg_more)
298 {
299 	char const *test_str = "test_read";
300 	int send_len = 10;
301 	char buf[10 * 2];
302 
303 	EXPECT_EQ(send(self->fd, test_str, send_len, MSG_MORE), send_len);
304 	EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_DONTWAIT), -1);
305 	EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
306 	EXPECT_EQ(recv(self->cfd, buf, send_len * 2, MSG_WAITALL),
307 		  send_len * 2);
308 	EXPECT_EQ(memcmp(buf, test_str, send_len), 0);
309 }
310 
311 TEST_F(tls, msg_more_unsent)
312 {
313 	char const *test_str = "test_read";
314 	int send_len = 10;
315 	char buf[10];
316 
317 	EXPECT_EQ(send(self->fd, test_str, send_len, MSG_MORE), send_len);
318 	EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_DONTWAIT), -1);
319 }
320 
321 TEST_F(tls, sendmsg_single)
322 {
323 	struct msghdr msg;
324 
325 	char const *test_str = "test_sendmsg";
326 	size_t send_len = 13;
327 	struct iovec vec;
328 	char buf[13];
329 
330 	vec.iov_base = (char *)test_str;
331 	vec.iov_len = send_len;
332 	memset(&msg, 0, sizeof(struct msghdr));
333 	msg.msg_iov = &vec;
334 	msg.msg_iovlen = 1;
335 	EXPECT_EQ(sendmsg(self->fd, &msg, 0), send_len);
336 	EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_WAITALL), send_len);
337 	EXPECT_EQ(memcmp(buf, test_str, send_len), 0);
338 }
339 
340 #define MAX_FRAGS	64
341 #define SEND_LEN	13
342 TEST_F(tls, sendmsg_fragmented)
343 {
344 	char const *test_str = "test_sendmsg";
345 	char buf[SEND_LEN * MAX_FRAGS];
346 	struct iovec vec[MAX_FRAGS];
347 	struct msghdr msg;
348 	int i, frags;
349 
350 	for (frags = 1; frags <= MAX_FRAGS; frags++) {
351 		for (i = 0; i < frags; i++) {
352 			vec[i].iov_base = (char *)test_str;
353 			vec[i].iov_len = SEND_LEN;
354 		}
355 
356 		memset(&msg, 0, sizeof(struct msghdr));
357 		msg.msg_iov = vec;
358 		msg.msg_iovlen = frags;
359 
360 		EXPECT_EQ(sendmsg(self->fd, &msg, 0), SEND_LEN * frags);
361 		EXPECT_EQ(recv(self->cfd, buf, SEND_LEN * frags, MSG_WAITALL),
362 			  SEND_LEN * frags);
363 
364 		for (i = 0; i < frags; i++)
365 			EXPECT_EQ(memcmp(buf + SEND_LEN * i,
366 					 test_str, SEND_LEN), 0);
367 	}
368 }
369 #undef MAX_FRAGS
370 #undef SEND_LEN
371 
372 TEST_F(tls, sendmsg_large)
373 {
374 	void *mem = malloc(16384);
375 	size_t send_len = 16384;
376 	size_t sends = 128;
377 	struct msghdr msg;
378 	size_t recvs = 0;
379 	size_t sent = 0;
380 
381 	memset(&msg, 0, sizeof(struct msghdr));
382 	while (sent++ < sends) {
383 		struct iovec vec = { (void *)mem, send_len };
384 
385 		msg.msg_iov = &vec;
386 		msg.msg_iovlen = 1;
387 		EXPECT_EQ(sendmsg(self->cfd, &msg, 0), send_len);
388 	}
389 
390 	while (recvs++ < sends)
391 		EXPECT_NE(recv(self->fd, mem, send_len, 0), -1);
392 
393 	free(mem);
394 }
395 
396 TEST_F(tls, sendmsg_multiple)
397 {
398 	char const *test_str = "test_sendmsg_multiple";
399 	struct iovec vec[5];
400 	char *test_strs[5];
401 	struct msghdr msg;
402 	int total_len = 0;
403 	int len_cmp = 0;
404 	int iov_len = 5;
405 	char *buf;
406 	int i;
407 
408 	memset(&msg, 0, sizeof(struct msghdr));
409 	for (i = 0; i < iov_len; i++) {
410 		test_strs[i] = (char *)malloc(strlen(test_str) + 1);
411 		snprintf(test_strs[i], strlen(test_str) + 1, "%s", test_str);
412 		vec[i].iov_base = (void *)test_strs[i];
413 		vec[i].iov_len = strlen(test_strs[i]) + 1;
414 		total_len += vec[i].iov_len;
415 	}
416 	msg.msg_iov = vec;
417 	msg.msg_iovlen = iov_len;
418 
419 	EXPECT_EQ(sendmsg(self->cfd, &msg, 0), total_len);
420 	buf = malloc(total_len);
421 	EXPECT_NE(recv(self->fd, buf, total_len, 0), -1);
422 	for (i = 0; i < iov_len; i++) {
423 		EXPECT_EQ(memcmp(test_strs[i], buf + len_cmp,
424 				 strlen(test_strs[i])),
425 			  0);
426 		len_cmp += strlen(buf + len_cmp) + 1;
427 	}
428 	for (i = 0; i < iov_len; i++)
429 		free(test_strs[i]);
430 	free(buf);
431 }
432 
433 TEST_F(tls, sendmsg_multiple_stress)
434 {
435 	char const *test_str = "abcdefghijklmno";
436 	struct iovec vec[1024];
437 	char *test_strs[1024];
438 	int iov_len = 1024;
439 	int total_len = 0;
440 	char buf[1 << 14];
441 	struct msghdr msg;
442 	int len_cmp = 0;
443 	int i;
444 
445 	memset(&msg, 0, sizeof(struct msghdr));
446 	for (i = 0; i < iov_len; i++) {
447 		test_strs[i] = (char *)malloc(strlen(test_str) + 1);
448 		snprintf(test_strs[i], strlen(test_str) + 1, "%s", test_str);
449 		vec[i].iov_base = (void *)test_strs[i];
450 		vec[i].iov_len = strlen(test_strs[i]) + 1;
451 		total_len += vec[i].iov_len;
452 	}
453 	msg.msg_iov = vec;
454 	msg.msg_iovlen = iov_len;
455 
456 	EXPECT_EQ(sendmsg(self->fd, &msg, 0), total_len);
457 	EXPECT_NE(recv(self->cfd, buf, total_len, 0), -1);
458 
459 	for (i = 0; i < iov_len; i++)
460 		len_cmp += strlen(buf + len_cmp) + 1;
461 
462 	for (i = 0; i < iov_len; i++)
463 		free(test_strs[i]);
464 }
465 
466 TEST_F(tls, splice_from_pipe)
467 {
468 	int send_len = TLS_PAYLOAD_MAX_LEN;
469 	char mem_send[TLS_PAYLOAD_MAX_LEN];
470 	char mem_recv[TLS_PAYLOAD_MAX_LEN];
471 	int p[2];
472 
473 	ASSERT_GE(pipe(p), 0);
474 	EXPECT_GE(write(p[1], mem_send, send_len), 0);
475 	EXPECT_GE(splice(p[0], NULL, self->fd, NULL, send_len, 0), 0);
476 	EXPECT_EQ(recv(self->cfd, mem_recv, send_len, MSG_WAITALL), send_len);
477 	EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0);
478 }
479 
480 TEST_F(tls, splice_from_pipe2)
481 {
482 	int send_len = 16000;
483 	char mem_send[16000];
484 	char mem_recv[16000];
485 	int p2[2];
486 	int p[2];
487 
488 	ASSERT_GE(pipe(p), 0);
489 	ASSERT_GE(pipe(p2), 0);
490 	EXPECT_GE(write(p[1], mem_send, 8000), 0);
491 	EXPECT_GE(splice(p[0], NULL, self->fd, NULL, 8000, 0), 0);
492 	EXPECT_GE(write(p2[1], mem_send + 8000, 8000), 0);
493 	EXPECT_GE(splice(p2[0], NULL, self->fd, NULL, 8000, 0), 0);
494 	EXPECT_EQ(recv(self->cfd, mem_recv, send_len, MSG_WAITALL), send_len);
495 	EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0);
496 }
497 
498 TEST_F(tls, send_and_splice)
499 {
500 	int send_len = TLS_PAYLOAD_MAX_LEN;
501 	char mem_send[TLS_PAYLOAD_MAX_LEN];
502 	char mem_recv[TLS_PAYLOAD_MAX_LEN];
503 	char const *test_str = "test_read";
504 	int send_len2 = 10;
505 	char buf[10];
506 	int p[2];
507 
508 	ASSERT_GE(pipe(p), 0);
509 	EXPECT_EQ(send(self->fd, test_str, send_len2, 0), send_len2);
510 	EXPECT_EQ(recv(self->cfd, buf, send_len2, MSG_WAITALL), send_len2);
511 	EXPECT_EQ(memcmp(test_str, buf, send_len2), 0);
512 
513 	EXPECT_GE(write(p[1], mem_send, send_len), send_len);
514 	EXPECT_GE(splice(p[0], NULL, self->fd, NULL, send_len, 0), send_len);
515 
516 	EXPECT_EQ(recv(self->cfd, mem_recv, send_len, MSG_WAITALL), send_len);
517 	EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0);
518 }
519 
520 TEST_F(tls, splice_to_pipe)
521 {
522 	int send_len = TLS_PAYLOAD_MAX_LEN;
523 	char mem_send[TLS_PAYLOAD_MAX_LEN];
524 	char mem_recv[TLS_PAYLOAD_MAX_LEN];
525 	int p[2];
526 
527 	ASSERT_GE(pipe(p), 0);
528 	EXPECT_GE(send(self->fd, mem_send, send_len, 0), 0);
529 	EXPECT_GE(splice(self->cfd, NULL, p[1], NULL, send_len, 0), 0);
530 	EXPECT_GE(read(p[0], mem_recv, send_len), 0);
531 	EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0);
532 }
533 
534 TEST_F(tls, recvmsg_single)
535 {
536 	char const *test_str = "test_recvmsg_single";
537 	int send_len = strlen(test_str) + 1;
538 	char buf[20];
539 	struct msghdr hdr;
540 	struct iovec vec;
541 
542 	memset(&hdr, 0, sizeof(hdr));
543 	EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
544 	vec.iov_base = (char *)buf;
545 	vec.iov_len = send_len;
546 	hdr.msg_iovlen = 1;
547 	hdr.msg_iov = &vec;
548 	EXPECT_NE(recvmsg(self->cfd, &hdr, 0), -1);
549 	EXPECT_EQ(memcmp(test_str, buf, send_len), 0);
550 }
551 
552 TEST_F(tls, recvmsg_single_max)
553 {
554 	int send_len = TLS_PAYLOAD_MAX_LEN;
555 	char send_mem[TLS_PAYLOAD_MAX_LEN];
556 	char recv_mem[TLS_PAYLOAD_MAX_LEN];
557 	struct iovec vec;
558 	struct msghdr hdr;
559 
560 	EXPECT_EQ(send(self->fd, send_mem, send_len, 0), send_len);
561 	vec.iov_base = (char *)recv_mem;
562 	vec.iov_len = TLS_PAYLOAD_MAX_LEN;
563 
564 	hdr.msg_iovlen = 1;
565 	hdr.msg_iov = &vec;
566 	EXPECT_NE(recvmsg(self->cfd, &hdr, 0), -1);
567 	EXPECT_EQ(memcmp(send_mem, recv_mem, send_len), 0);
568 }
569 
570 TEST_F(tls, recvmsg_multiple)
571 {
572 	unsigned int msg_iovlen = 1024;
573 	unsigned int len_compared = 0;
574 	struct iovec vec[1024];
575 	char *iov_base[1024];
576 	unsigned int iov_len = 16;
577 	int send_len = 1 << 14;
578 	char buf[1 << 14];
579 	struct msghdr hdr;
580 	int i;
581 
582 	EXPECT_EQ(send(self->fd, buf, send_len, 0), send_len);
583 	for (i = 0; i < msg_iovlen; i++) {
584 		iov_base[i] = (char *)malloc(iov_len);
585 		vec[i].iov_base = iov_base[i];
586 		vec[i].iov_len = iov_len;
587 	}
588 
589 	hdr.msg_iovlen = msg_iovlen;
590 	hdr.msg_iov = vec;
591 	EXPECT_NE(recvmsg(self->cfd, &hdr, 0), -1);
592 	for (i = 0; i < msg_iovlen; i++)
593 		len_compared += iov_len;
594 
595 	for (i = 0; i < msg_iovlen; i++)
596 		free(iov_base[i]);
597 }
598 
599 TEST_F(tls, single_send_multiple_recv)
600 {
601 	unsigned int total_len = TLS_PAYLOAD_MAX_LEN * 2;
602 	unsigned int send_len = TLS_PAYLOAD_MAX_LEN;
603 	char send_mem[TLS_PAYLOAD_MAX_LEN * 2];
604 	char recv_mem[TLS_PAYLOAD_MAX_LEN * 2];
605 
606 	EXPECT_GE(send(self->fd, send_mem, total_len, 0), 0);
607 	memset(recv_mem, 0, total_len);
608 
609 	EXPECT_NE(recv(self->cfd, recv_mem, send_len, 0), -1);
610 	EXPECT_NE(recv(self->cfd, recv_mem + send_len, send_len, 0), -1);
611 	EXPECT_EQ(memcmp(send_mem, recv_mem, total_len), 0);
612 }
613 
614 TEST_F(tls, multiple_send_single_recv)
615 {
616 	unsigned int total_len = 2 * 10;
617 	unsigned int send_len = 10;
618 	char recv_mem[2 * 10];
619 	char send_mem[10];
620 
621 	EXPECT_GE(send(self->fd, send_mem, send_len, 0), 0);
622 	EXPECT_GE(send(self->fd, send_mem, send_len, 0), 0);
623 	memset(recv_mem, 0, total_len);
624 	EXPECT_EQ(recv(self->cfd, recv_mem, total_len, MSG_WAITALL), total_len);
625 
626 	EXPECT_EQ(memcmp(send_mem, recv_mem, send_len), 0);
627 	EXPECT_EQ(memcmp(send_mem, recv_mem + send_len, send_len), 0);
628 }
629 
630 TEST_F(tls, single_send_multiple_recv_non_align)
631 {
632 	const unsigned int total_len = 15;
633 	const unsigned int recv_len = 10;
634 	char recv_mem[recv_len * 2];
635 	char send_mem[total_len];
636 
637 	EXPECT_GE(send(self->fd, send_mem, total_len, 0), 0);
638 	memset(recv_mem, 0, total_len);
639 
640 	EXPECT_EQ(recv(self->cfd, recv_mem, recv_len, 0), recv_len);
641 	EXPECT_EQ(recv(self->cfd, recv_mem + recv_len, recv_len, 0), 5);
642 	EXPECT_EQ(memcmp(send_mem, recv_mem, total_len), 0);
643 }
644 
645 TEST_F(tls, recv_partial)
646 {
647 	char const *test_str = "test_read_partial";
648 	char const *test_str_first = "test_read";
649 	char const *test_str_second = "_partial";
650 	int send_len = strlen(test_str) + 1;
651 	char recv_mem[18];
652 
653 	memset(recv_mem, 0, sizeof(recv_mem));
654 	EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
655 	EXPECT_NE(recv(self->cfd, recv_mem, strlen(test_str_first),
656 		       MSG_WAITALL), -1);
657 	EXPECT_EQ(memcmp(test_str_first, recv_mem, strlen(test_str_first)), 0);
658 	memset(recv_mem, 0, sizeof(recv_mem));
659 	EXPECT_NE(recv(self->cfd, recv_mem, strlen(test_str_second),
660 		       MSG_WAITALL), -1);
661 	EXPECT_EQ(memcmp(test_str_second, recv_mem, strlen(test_str_second)),
662 		  0);
663 }
664 
665 TEST_F(tls, recv_nonblock)
666 {
667 	char buf[4096];
668 	bool err;
669 
670 	EXPECT_EQ(recv(self->cfd, buf, sizeof(buf), MSG_DONTWAIT), -1);
671 	err = (errno == EAGAIN || errno == EWOULDBLOCK);
672 	EXPECT_EQ(err, true);
673 }
674 
675 TEST_F(tls, recv_peek)
676 {
677 	char const *test_str = "test_read_peek";
678 	int send_len = strlen(test_str) + 1;
679 	char buf[15];
680 
681 	EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
682 	EXPECT_NE(recv(self->cfd, buf, send_len, MSG_PEEK), -1);
683 	EXPECT_EQ(memcmp(test_str, buf, send_len), 0);
684 	memset(buf, 0, sizeof(buf));
685 	EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1);
686 	EXPECT_EQ(memcmp(test_str, buf, send_len), 0);
687 }
688 
689 TEST_F(tls, recv_peek_multiple)
690 {
691 	char const *test_str = "test_read_peek";
692 	int send_len = strlen(test_str) + 1;
693 	unsigned int num_peeks = 100;
694 	char buf[15];
695 	int i;
696 
697 	EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
698 	for (i = 0; i < num_peeks; i++) {
699 		EXPECT_NE(recv(self->cfd, buf, send_len, MSG_PEEK), -1);
700 		EXPECT_EQ(memcmp(test_str, buf, send_len), 0);
701 		memset(buf, 0, sizeof(buf));
702 	}
703 	EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1);
704 	EXPECT_EQ(memcmp(test_str, buf, send_len), 0);
705 }
706 
707 TEST_F(tls, recv_peek_multiple_records)
708 {
709 	char const *test_str = "test_read_peek_mult_recs";
710 	char const *test_str_first = "test_read_peek";
711 	char const *test_str_second = "_mult_recs";
712 	int len;
713 	char buf[64];
714 
715 	len = strlen(test_str_first);
716 	EXPECT_EQ(send(self->fd, test_str_first, len, 0), len);
717 
718 	len = strlen(test_str_second) + 1;
719 	EXPECT_EQ(send(self->fd, test_str_second, len, 0), len);
720 
721 	len = strlen(test_str_first);
722 	memset(buf, 0, len);
723 	EXPECT_EQ(recv(self->cfd, buf, len, MSG_PEEK | MSG_WAITALL), len);
724 
725 	/* MSG_PEEK can only peek into the current record. */
726 	len = strlen(test_str_first);
727 	EXPECT_EQ(memcmp(test_str_first, buf, len), 0);
728 
729 	len = strlen(test_str) + 1;
730 	memset(buf, 0, len);
731 	EXPECT_EQ(recv(self->cfd, buf, len, MSG_WAITALL), len);
732 
733 	/* Non-MSG_PEEK will advance strparser (and therefore record)
734 	 * however.
735 	 */
736 	len = strlen(test_str) + 1;
737 	EXPECT_EQ(memcmp(test_str, buf, len), 0);
738 
739 	/* MSG_MORE will hold current record open, so later MSG_PEEK
740 	 * will see everything.
741 	 */
742 	len = strlen(test_str_first);
743 	EXPECT_EQ(send(self->fd, test_str_first, len, MSG_MORE), len);
744 
745 	len = strlen(test_str_second) + 1;
746 	EXPECT_EQ(send(self->fd, test_str_second, len, 0), len);
747 
748 	len = strlen(test_str) + 1;
749 	memset(buf, 0, len);
750 	EXPECT_EQ(recv(self->cfd, buf, len, MSG_PEEK | MSG_WAITALL), len);
751 
752 	len = strlen(test_str) + 1;
753 	EXPECT_EQ(memcmp(test_str, buf, len), 0);
754 }
755 
756 TEST_F(tls, recv_peek_large_buf_mult_recs)
757 {
758 	char const *test_str = "test_read_peek_mult_recs";
759 	char const *test_str_first = "test_read_peek";
760 	char const *test_str_second = "_mult_recs";
761 	int len;
762 	char buf[64];
763 
764 	len = strlen(test_str_first);
765 	EXPECT_EQ(send(self->fd, test_str_first, len, 0), len);
766 
767 	len = strlen(test_str_second) + 1;
768 	EXPECT_EQ(send(self->fd, test_str_second, len, 0), len);
769 
770 	len = strlen(test_str) + 1;
771 	memset(buf, 0, len);
772 	EXPECT_NE((len = recv(self->cfd, buf, len,
773 			      MSG_PEEK | MSG_WAITALL)), -1);
774 	len = strlen(test_str) + 1;
775 	EXPECT_EQ(memcmp(test_str, buf, len), 0);
776 }
777 
778 TEST_F(tls, recv_lowat)
779 {
780 	char send_mem[10] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 };
781 	char recv_mem[20];
782 	int lowat = 8;
783 
784 	EXPECT_EQ(send(self->fd, send_mem, 10, 0), 10);
785 	EXPECT_EQ(send(self->fd, send_mem, 5, 0), 5);
786 
787 	memset(recv_mem, 0, 20);
788 	EXPECT_EQ(setsockopt(self->cfd, SOL_SOCKET, SO_RCVLOWAT,
789 			     &lowat, sizeof(lowat)), 0);
790 	EXPECT_EQ(recv(self->cfd, recv_mem, 1, MSG_WAITALL), 1);
791 	EXPECT_EQ(recv(self->cfd, recv_mem + 1, 6, MSG_WAITALL), 6);
792 	EXPECT_EQ(recv(self->cfd, recv_mem + 7, 10, 0), 8);
793 
794 	EXPECT_EQ(memcmp(send_mem, recv_mem, 10), 0);
795 	EXPECT_EQ(memcmp(send_mem, recv_mem + 10, 5), 0);
796 }
797 
798 TEST_F(tls, bidir)
799 {
800 	char const *test_str = "test_read";
801 	int send_len = 10;
802 	char buf[10];
803 	int ret;
804 
805 	if (!self->notls) {
806 		struct tls12_crypto_info_aes_gcm_128 tls12;
807 
808 		memset(&tls12, 0, sizeof(tls12));
809 		tls12.info.version = variant->tls_version;
810 		tls12.info.cipher_type = TLS_CIPHER_AES_GCM_128;
811 
812 		ret = setsockopt(self->fd, SOL_TLS, TLS_RX, &tls12,
813 				 sizeof(tls12));
814 		ASSERT_EQ(ret, 0);
815 
816 		ret = setsockopt(self->cfd, SOL_TLS, TLS_TX, &tls12,
817 				 sizeof(tls12));
818 		ASSERT_EQ(ret, 0);
819 	}
820 
821 	ASSERT_EQ(strlen(test_str) + 1, send_len);
822 
823 	EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
824 	EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1);
825 	EXPECT_EQ(memcmp(buf, test_str, send_len), 0);
826 
827 	memset(buf, 0, sizeof(buf));
828 
829 	EXPECT_EQ(send(self->cfd, test_str, send_len, 0), send_len);
830 	EXPECT_NE(recv(self->fd, buf, send_len, 0), -1);
831 	EXPECT_EQ(memcmp(buf, test_str, send_len), 0);
832 };
833 
834 TEST_F(tls, pollin)
835 {
836 	char const *test_str = "test_poll";
837 	struct pollfd fd = { 0, 0, 0 };
838 	char buf[10];
839 	int send_len = 10;
840 
841 	EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
842 	fd.fd = self->cfd;
843 	fd.events = POLLIN;
844 
845 	EXPECT_EQ(poll(&fd, 1, 20), 1);
846 	EXPECT_EQ(fd.revents & POLLIN, 1);
847 	EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_WAITALL), send_len);
848 	/* Test timing out */
849 	EXPECT_EQ(poll(&fd, 1, 20), 0);
850 }
851 
852 TEST_F(tls, poll_wait)
853 {
854 	char const *test_str = "test_poll_wait";
855 	int send_len = strlen(test_str) + 1;
856 	struct pollfd fd = { 0, 0, 0 };
857 	char recv_mem[15];
858 
859 	fd.fd = self->cfd;
860 	fd.events = POLLIN;
861 	EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
862 	/* Set timeout to inf. secs */
863 	EXPECT_EQ(poll(&fd, 1, -1), 1);
864 	EXPECT_EQ(fd.revents & POLLIN, 1);
865 	EXPECT_EQ(recv(self->cfd, recv_mem, send_len, MSG_WAITALL), send_len);
866 }
867 
868 TEST_F(tls, poll_wait_split)
869 {
870 	struct pollfd fd = { 0, 0, 0 };
871 	char send_mem[20] = {};
872 	char recv_mem[15];
873 
874 	fd.fd = self->cfd;
875 	fd.events = POLLIN;
876 	/* Send 20 bytes */
877 	EXPECT_EQ(send(self->fd, send_mem, sizeof(send_mem), 0),
878 		  sizeof(send_mem));
879 	/* Poll with inf. timeout */
880 	EXPECT_EQ(poll(&fd, 1, -1), 1);
881 	EXPECT_EQ(fd.revents & POLLIN, 1);
882 	EXPECT_EQ(recv(self->cfd, recv_mem, sizeof(recv_mem), MSG_WAITALL),
883 		  sizeof(recv_mem));
884 
885 	/* Now the remaining 5 bytes of record data are in TLS ULP */
886 	fd.fd = self->cfd;
887 	fd.events = POLLIN;
888 	EXPECT_EQ(poll(&fd, 1, -1), 1);
889 	EXPECT_EQ(fd.revents & POLLIN, 1);
890 	EXPECT_EQ(recv(self->cfd, recv_mem, sizeof(recv_mem), 0),
891 		  sizeof(send_mem) - sizeof(recv_mem));
892 }
893 
894 TEST_F(tls, blocking)
895 {
896 	size_t data = 100000;
897 	int res = fork();
898 
899 	EXPECT_NE(res, -1);
900 
901 	if (res) {
902 		/* parent */
903 		size_t left = data;
904 		char buf[16384];
905 		int status;
906 		int pid2;
907 
908 		while (left) {
909 			int res = send(self->fd, buf,
910 				       left > 16384 ? 16384 : left, 0);
911 
912 			EXPECT_GE(res, 0);
913 			left -= res;
914 		}
915 
916 		pid2 = wait(&status);
917 		EXPECT_EQ(status, 0);
918 		EXPECT_EQ(res, pid2);
919 	} else {
920 		/* child */
921 		size_t left = data;
922 		char buf[16384];
923 
924 		while (left) {
925 			int res = recv(self->cfd, buf,
926 				       left > 16384 ? 16384 : left, 0);
927 
928 			EXPECT_GE(res, 0);
929 			left -= res;
930 		}
931 	}
932 }
933 
934 TEST_F(tls, nonblocking)
935 {
936 	size_t data = 100000;
937 	int sendbuf = 100;
938 	int flags;
939 	int res;
940 
941 	flags = fcntl(self->fd, F_GETFL, 0);
942 	fcntl(self->fd, F_SETFL, flags | O_NONBLOCK);
943 	fcntl(self->cfd, F_SETFL, flags | O_NONBLOCK);
944 
945 	/* Ensure nonblocking behavior by imposing a small send
946 	 * buffer.
947 	 */
948 	EXPECT_EQ(setsockopt(self->fd, SOL_SOCKET, SO_SNDBUF,
949 			     &sendbuf, sizeof(sendbuf)), 0);
950 
951 	res = fork();
952 	EXPECT_NE(res, -1);
953 
954 	if (res) {
955 		/* parent */
956 		bool eagain = false;
957 		size_t left = data;
958 		char buf[16384];
959 		int status;
960 		int pid2;
961 
962 		while (left) {
963 			int res = send(self->fd, buf,
964 				       left > 16384 ? 16384 : left, 0);
965 
966 			if (res == -1 && errno == EAGAIN) {
967 				eagain = true;
968 				usleep(10000);
969 				continue;
970 			}
971 			EXPECT_GE(res, 0);
972 			left -= res;
973 		}
974 
975 		EXPECT_TRUE(eagain);
976 		pid2 = wait(&status);
977 
978 		EXPECT_EQ(status, 0);
979 		EXPECT_EQ(res, pid2);
980 	} else {
981 		/* child */
982 		bool eagain = false;
983 		size_t left = data;
984 		char buf[16384];
985 
986 		while (left) {
987 			int res = recv(self->cfd, buf,
988 				       left > 16384 ? 16384 : left, 0);
989 
990 			if (res == -1 && errno == EAGAIN) {
991 				eagain = true;
992 				usleep(10000);
993 				continue;
994 			}
995 			EXPECT_GE(res, 0);
996 			left -= res;
997 		}
998 		EXPECT_TRUE(eagain);
999 	}
1000 }
1001 
1002 static void
1003 test_mutliproc(struct __test_metadata *_metadata, struct _test_data_tls *self,
1004 	       bool sendpg, unsigned int n_readers, unsigned int n_writers)
1005 {
1006 	const unsigned int n_children = n_readers + n_writers;
1007 	const size_t data = 6 * 1000 * 1000;
1008 	const size_t file_sz = data / 100;
1009 	size_t read_bias, write_bias;
1010 	int i, fd, child_id;
1011 	char buf[file_sz];
1012 	pid_t pid;
1013 
1014 	/* Only allow multiples for simplicity */
1015 	ASSERT_EQ(!(n_readers % n_writers) || !(n_writers % n_readers), true);
1016 	read_bias = n_writers / n_readers ?: 1;
1017 	write_bias = n_readers / n_writers ?: 1;
1018 
1019 	/* prep a file to send */
1020 	fd = open("/tmp/", O_TMPFILE | O_RDWR, 0600);
1021 	ASSERT_GE(fd, 0);
1022 
1023 	memset(buf, 0xac, file_sz);
1024 	ASSERT_EQ(write(fd, buf, file_sz), file_sz);
1025 
1026 	/* spawn children */
1027 	for (child_id = 0; child_id < n_children; child_id++) {
1028 		pid = fork();
1029 		ASSERT_NE(pid, -1);
1030 		if (!pid)
1031 			break;
1032 	}
1033 
1034 	/* parent waits for all children */
1035 	if (pid) {
1036 		for (i = 0; i < n_children; i++) {
1037 			int status;
1038 
1039 			wait(&status);
1040 			EXPECT_EQ(status, 0);
1041 		}
1042 
1043 		return;
1044 	}
1045 
1046 	/* Split threads for reading and writing */
1047 	if (child_id < n_readers) {
1048 		size_t left = data * read_bias;
1049 		char rb[8001];
1050 
1051 		while (left) {
1052 			int res;
1053 
1054 			res = recv(self->cfd, rb,
1055 				   left > sizeof(rb) ? sizeof(rb) : left, 0);
1056 
1057 			EXPECT_GE(res, 0);
1058 			left -= res;
1059 		}
1060 	} else {
1061 		size_t left = data * write_bias;
1062 
1063 		while (left) {
1064 			int res;
1065 
1066 			ASSERT_EQ(lseek(fd, 0, SEEK_SET), 0);
1067 			if (sendpg)
1068 				res = sendfile(self->fd, fd, NULL,
1069 					       left > file_sz ? file_sz : left);
1070 			else
1071 				res = send(self->fd, buf,
1072 					   left > file_sz ? file_sz : left, 0);
1073 
1074 			EXPECT_GE(res, 0);
1075 			left -= res;
1076 		}
1077 	}
1078 }
1079 
1080 TEST_F(tls, mutliproc_even)
1081 {
1082 	test_mutliproc(_metadata, self, false, 6, 6);
1083 }
1084 
1085 TEST_F(tls, mutliproc_readers)
1086 {
1087 	test_mutliproc(_metadata, self, false, 4, 12);
1088 }
1089 
1090 TEST_F(tls, mutliproc_writers)
1091 {
1092 	test_mutliproc(_metadata, self, false, 10, 2);
1093 }
1094 
1095 TEST_F(tls, mutliproc_sendpage_even)
1096 {
1097 	test_mutliproc(_metadata, self, true, 6, 6);
1098 }
1099 
1100 TEST_F(tls, mutliproc_sendpage_readers)
1101 {
1102 	test_mutliproc(_metadata, self, true, 4, 12);
1103 }
1104 
1105 TEST_F(tls, mutliproc_sendpage_writers)
1106 {
1107 	test_mutliproc(_metadata, self, true, 10, 2);
1108 }
1109 
1110 TEST_F(tls, control_msg)
1111 {
1112 	if (self->notls)
1113 		return;
1114 
1115 	char cbuf[CMSG_SPACE(sizeof(char))];
1116 	char const *test_str = "test_read";
1117 	int cmsg_len = sizeof(char);
1118 	char record_type = 100;
1119 	struct cmsghdr *cmsg;
1120 	struct msghdr msg;
1121 	int send_len = 10;
1122 	struct iovec vec;
1123 	char buf[10];
1124 
1125 	vec.iov_base = (char *)test_str;
1126 	vec.iov_len = 10;
1127 	memset(&msg, 0, sizeof(struct msghdr));
1128 	msg.msg_iov = &vec;
1129 	msg.msg_iovlen = 1;
1130 	msg.msg_control = cbuf;
1131 	msg.msg_controllen = sizeof(cbuf);
1132 	cmsg = CMSG_FIRSTHDR(&msg);
1133 	cmsg->cmsg_level = SOL_TLS;
1134 	/* test sending non-record types. */
1135 	cmsg->cmsg_type = TLS_SET_RECORD_TYPE;
1136 	cmsg->cmsg_len = CMSG_LEN(cmsg_len);
1137 	*CMSG_DATA(cmsg) = record_type;
1138 	msg.msg_controllen = cmsg->cmsg_len;
1139 
1140 	EXPECT_EQ(sendmsg(self->fd, &msg, 0), send_len);
1141 	/* Should fail because we didn't provide a control message */
1142 	EXPECT_EQ(recv(self->cfd, buf, send_len, 0), -1);
1143 
1144 	vec.iov_base = buf;
1145 	EXPECT_EQ(recvmsg(self->cfd, &msg, MSG_WAITALL | MSG_PEEK), send_len);
1146 
1147 	cmsg = CMSG_FIRSTHDR(&msg);
1148 	EXPECT_NE(cmsg, NULL);
1149 	EXPECT_EQ(cmsg->cmsg_level, SOL_TLS);
1150 	EXPECT_EQ(cmsg->cmsg_type, TLS_GET_RECORD_TYPE);
1151 	record_type = *((unsigned char *)CMSG_DATA(cmsg));
1152 	EXPECT_EQ(record_type, 100);
1153 	EXPECT_EQ(memcmp(buf, test_str, send_len), 0);
1154 
1155 	/* Recv the message again without MSG_PEEK */
1156 	record_type = 0;
1157 	memset(buf, 0, sizeof(buf));
1158 
1159 	EXPECT_EQ(recvmsg(self->cfd, &msg, MSG_WAITALL), send_len);
1160 	cmsg = CMSG_FIRSTHDR(&msg);
1161 	EXPECT_NE(cmsg, NULL);
1162 	EXPECT_EQ(cmsg->cmsg_level, SOL_TLS);
1163 	EXPECT_EQ(cmsg->cmsg_type, TLS_GET_RECORD_TYPE);
1164 	record_type = *((unsigned char *)CMSG_DATA(cmsg));
1165 	EXPECT_EQ(record_type, 100);
1166 	EXPECT_EQ(memcmp(buf, test_str, send_len), 0);
1167 }
1168 
1169 TEST_F(tls, shutdown)
1170 {
1171 	char const *test_str = "test_read";
1172 	int send_len = 10;
1173 	char buf[10];
1174 
1175 	ASSERT_EQ(strlen(test_str) + 1, send_len);
1176 
1177 	EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
1178 	EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1);
1179 	EXPECT_EQ(memcmp(buf, test_str, send_len), 0);
1180 
1181 	shutdown(self->fd, SHUT_RDWR);
1182 	shutdown(self->cfd, SHUT_RDWR);
1183 }
1184 
1185 TEST_F(tls, shutdown_unsent)
1186 {
1187 	char const *test_str = "test_read";
1188 	int send_len = 10;
1189 
1190 	EXPECT_EQ(send(self->fd, test_str, send_len, MSG_MORE), send_len);
1191 
1192 	shutdown(self->fd, SHUT_RDWR);
1193 	shutdown(self->cfd, SHUT_RDWR);
1194 }
1195 
1196 TEST_F(tls, shutdown_reuse)
1197 {
1198 	struct sockaddr_in addr;
1199 	int ret;
1200 
1201 	shutdown(self->fd, SHUT_RDWR);
1202 	shutdown(self->cfd, SHUT_RDWR);
1203 	close(self->cfd);
1204 
1205 	addr.sin_family = AF_INET;
1206 	addr.sin_addr.s_addr = htonl(INADDR_ANY);
1207 	addr.sin_port = 0;
1208 
1209 	ret = bind(self->fd, &addr, sizeof(addr));
1210 	EXPECT_EQ(ret, 0);
1211 	ret = listen(self->fd, 10);
1212 	EXPECT_EQ(ret, -1);
1213 	EXPECT_EQ(errno, EINVAL);
1214 
1215 	ret = connect(self->fd, &addr, sizeof(addr));
1216 	EXPECT_EQ(ret, -1);
1217 	EXPECT_EQ(errno, EISCONN);
1218 }
1219 
1220 TEST(non_established) {
1221 	struct tls12_crypto_info_aes_gcm_256 tls12;
1222 	struct sockaddr_in addr;
1223 	int sfd, ret, fd;
1224 	socklen_t len;
1225 
1226 	len = sizeof(addr);
1227 
1228 	memset(&tls12, 0, sizeof(tls12));
1229 	tls12.info.version = TLS_1_2_VERSION;
1230 	tls12.info.cipher_type = TLS_CIPHER_AES_GCM_256;
1231 
1232 	addr.sin_family = AF_INET;
1233 	addr.sin_addr.s_addr = htonl(INADDR_ANY);
1234 	addr.sin_port = 0;
1235 
1236 	fd = socket(AF_INET, SOCK_STREAM, 0);
1237 	sfd = socket(AF_INET, SOCK_STREAM, 0);
1238 
1239 	ret = bind(sfd, &addr, sizeof(addr));
1240 	ASSERT_EQ(ret, 0);
1241 	ret = listen(sfd, 10);
1242 	ASSERT_EQ(ret, 0);
1243 
1244 	ret = setsockopt(fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls"));
1245 	EXPECT_EQ(ret, -1);
1246 	/* TLS ULP not supported */
1247 	if (errno == ENOENT)
1248 		return;
1249 	EXPECT_EQ(errno, ENOTCONN);
1250 
1251 	ret = setsockopt(sfd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls"));
1252 	EXPECT_EQ(ret, -1);
1253 	EXPECT_EQ(errno, ENOTCONN);
1254 
1255 	ret = getsockname(sfd, &addr, &len);
1256 	ASSERT_EQ(ret, 0);
1257 
1258 	ret = connect(fd, &addr, sizeof(addr));
1259 	ASSERT_EQ(ret, 0);
1260 
1261 	ret = setsockopt(fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls"));
1262 	ASSERT_EQ(ret, 0);
1263 
1264 	ret = setsockopt(fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls"));
1265 	EXPECT_EQ(ret, -1);
1266 	EXPECT_EQ(errno, EEXIST);
1267 
1268 	close(fd);
1269 	close(sfd);
1270 }
1271 
1272 TEST(keysizes) {
1273 	struct tls12_crypto_info_aes_gcm_256 tls12;
1274 	struct sockaddr_in addr;
1275 	int sfd, ret, fd, cfd;
1276 	socklen_t len;
1277 	bool notls;
1278 
1279 	notls = false;
1280 	len = sizeof(addr);
1281 
1282 	memset(&tls12, 0, sizeof(tls12));
1283 	tls12.info.version = TLS_1_2_VERSION;
1284 	tls12.info.cipher_type = TLS_CIPHER_AES_GCM_256;
1285 
1286 	addr.sin_family = AF_INET;
1287 	addr.sin_addr.s_addr = htonl(INADDR_ANY);
1288 	addr.sin_port = 0;
1289 
1290 	fd = socket(AF_INET, SOCK_STREAM, 0);
1291 	sfd = socket(AF_INET, SOCK_STREAM, 0);
1292 
1293 	ret = bind(sfd, &addr, sizeof(addr));
1294 	ASSERT_EQ(ret, 0);
1295 	ret = listen(sfd, 10);
1296 	ASSERT_EQ(ret, 0);
1297 
1298 	ret = getsockname(sfd, &addr, &len);
1299 	ASSERT_EQ(ret, 0);
1300 
1301 	ret = connect(fd, &addr, sizeof(addr));
1302 	ASSERT_EQ(ret, 0);
1303 
1304 	ret = setsockopt(fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls"));
1305 	if (ret != 0) {
1306 		notls = true;
1307 		printf("Failure setting TCP_ULP, testing without tls\n");
1308 	}
1309 
1310 	if (!notls) {
1311 		ret = setsockopt(fd, SOL_TLS, TLS_TX, &tls12,
1312 				 sizeof(tls12));
1313 		EXPECT_EQ(ret, 0);
1314 	}
1315 
1316 	cfd = accept(sfd, &addr, &len);
1317 	ASSERT_GE(cfd, 0);
1318 
1319 	if (!notls) {
1320 		ret = setsockopt(cfd, IPPROTO_TCP, TCP_ULP, "tls",
1321 				 sizeof("tls"));
1322 		EXPECT_EQ(ret, 0);
1323 
1324 		ret = setsockopt(cfd, SOL_TLS, TLS_RX, &tls12,
1325 				 sizeof(tls12));
1326 		EXPECT_EQ(ret, 0);
1327 	}
1328 
1329 	close(sfd);
1330 	close(fd);
1331 	close(cfd);
1332 }
1333 
1334 TEST_HARNESS_MAIN
1335