1979ee2a7SFabiano Rosas /*
2979ee2a7SFabiano Rosas * QTest testcases for TLS migration
3979ee2a7SFabiano Rosas *
4979ee2a7SFabiano Rosas * Copyright (c) 2016-2018 Red Hat, Inc. and/or its affiliates
5979ee2a7SFabiano Rosas * based on the vhost-user-test.c that is:
6979ee2a7SFabiano Rosas * Copyright (c) 2014 Virtual Open Systems Sarl.
7979ee2a7SFabiano Rosas *
8979ee2a7SFabiano Rosas * This work is licensed under the terms of the GNU GPL, version 2 or later.
9979ee2a7SFabiano Rosas * See the COPYING file in the top-level directory.
10979ee2a7SFabiano Rosas *
11979ee2a7SFabiano Rosas */
12979ee2a7SFabiano Rosas
13979ee2a7SFabiano Rosas #include "qemu/osdep.h"
14979ee2a7SFabiano Rosas #include "crypto/tlscredspsk.h"
15979ee2a7SFabiano Rosas #include "libqtest.h"
16979ee2a7SFabiano Rosas #include "migration/framework.h"
17979ee2a7SFabiano Rosas #include "migration/migration-qmp.h"
18979ee2a7SFabiano Rosas #include "migration/migration-util.h"
19979ee2a7SFabiano Rosas
20979ee2a7SFabiano Rosas #include "tests/unit/crypto-tls-psk-helpers.h"
21979ee2a7SFabiano Rosas #ifdef CONFIG_TASN1
22979ee2a7SFabiano Rosas # include "tests/unit/crypto-tls-x509-helpers.h"
23979ee2a7SFabiano Rosas #endif /* CONFIG_TASN1 */
24979ee2a7SFabiano Rosas
25979ee2a7SFabiano Rosas
26979ee2a7SFabiano Rosas struct TestMigrateTLSPSKData {
27979ee2a7SFabiano Rosas char *workdir;
28979ee2a7SFabiano Rosas char *workdiralt;
29979ee2a7SFabiano Rosas char *pskfile;
30979ee2a7SFabiano Rosas char *pskfilealt;
31979ee2a7SFabiano Rosas };
32979ee2a7SFabiano Rosas
33979ee2a7SFabiano Rosas static char *tmpfs;
34979ee2a7SFabiano Rosas
35979ee2a7SFabiano Rosas static void *
migrate_hook_start_tls_psk_common(QTestState * from,QTestState * to,bool mismatch)36979ee2a7SFabiano Rosas migrate_hook_start_tls_psk_common(QTestState *from,
37979ee2a7SFabiano Rosas QTestState *to,
38979ee2a7SFabiano Rosas bool mismatch)
39979ee2a7SFabiano Rosas {
40979ee2a7SFabiano Rosas struct TestMigrateTLSPSKData *data =
41979ee2a7SFabiano Rosas g_new0(struct TestMigrateTLSPSKData, 1);
42979ee2a7SFabiano Rosas
43979ee2a7SFabiano Rosas data->workdir = g_strdup_printf("%s/tlscredspsk0", tmpfs);
44979ee2a7SFabiano Rosas data->pskfile = g_strdup_printf("%s/%s", data->workdir,
45979ee2a7SFabiano Rosas QCRYPTO_TLS_CREDS_PSKFILE);
46979ee2a7SFabiano Rosas g_mkdir_with_parents(data->workdir, 0700);
47979ee2a7SFabiano Rosas test_tls_psk_init(data->pskfile);
48979ee2a7SFabiano Rosas
49979ee2a7SFabiano Rosas if (mismatch) {
50979ee2a7SFabiano Rosas data->workdiralt = g_strdup_printf("%s/tlscredspskalt0", tmpfs);
51979ee2a7SFabiano Rosas data->pskfilealt = g_strdup_printf("%s/%s", data->workdiralt,
52979ee2a7SFabiano Rosas QCRYPTO_TLS_CREDS_PSKFILE);
53979ee2a7SFabiano Rosas g_mkdir_with_parents(data->workdiralt, 0700);
54979ee2a7SFabiano Rosas test_tls_psk_init_alt(data->pskfilealt);
55979ee2a7SFabiano Rosas }
56979ee2a7SFabiano Rosas
57979ee2a7SFabiano Rosas qtest_qmp_assert_success(from,
58979ee2a7SFabiano Rosas "{ 'execute': 'object-add',"
59979ee2a7SFabiano Rosas " 'arguments': { 'qom-type': 'tls-creds-psk',"
60979ee2a7SFabiano Rosas " 'id': 'tlscredspsk0',"
61979ee2a7SFabiano Rosas " 'endpoint': 'client',"
62979ee2a7SFabiano Rosas " 'dir': %s,"
63979ee2a7SFabiano Rosas " 'username': 'qemu'} }",
64979ee2a7SFabiano Rosas data->workdir);
65979ee2a7SFabiano Rosas
66979ee2a7SFabiano Rosas qtest_qmp_assert_success(to,
67979ee2a7SFabiano Rosas "{ 'execute': 'object-add',"
68979ee2a7SFabiano Rosas " 'arguments': { 'qom-type': 'tls-creds-psk',"
69979ee2a7SFabiano Rosas " 'id': 'tlscredspsk0',"
70979ee2a7SFabiano Rosas " 'endpoint': 'server',"
71979ee2a7SFabiano Rosas " 'dir': %s } }",
72979ee2a7SFabiano Rosas mismatch ? data->workdiralt : data->workdir);
73979ee2a7SFabiano Rosas
74979ee2a7SFabiano Rosas migrate_set_parameter_str(from, "tls-creds", "tlscredspsk0");
75979ee2a7SFabiano Rosas migrate_set_parameter_str(to, "tls-creds", "tlscredspsk0");
76979ee2a7SFabiano Rosas
77979ee2a7SFabiano Rosas return data;
78979ee2a7SFabiano Rosas }
79979ee2a7SFabiano Rosas
80979ee2a7SFabiano Rosas static void *
migrate_hook_start_tls_psk_match(QTestState * from,QTestState * to)81979ee2a7SFabiano Rosas migrate_hook_start_tls_psk_match(QTestState *from,
82979ee2a7SFabiano Rosas QTestState *to)
83979ee2a7SFabiano Rosas {
84979ee2a7SFabiano Rosas return migrate_hook_start_tls_psk_common(from, to, false);
85979ee2a7SFabiano Rosas }
86979ee2a7SFabiano Rosas
87979ee2a7SFabiano Rosas static void *
migrate_hook_start_tls_psk_mismatch(QTestState * from,QTestState * to)88979ee2a7SFabiano Rosas migrate_hook_start_tls_psk_mismatch(QTestState *from,
89979ee2a7SFabiano Rosas QTestState *to)
90979ee2a7SFabiano Rosas {
91979ee2a7SFabiano Rosas return migrate_hook_start_tls_psk_common(from, to, true);
92979ee2a7SFabiano Rosas }
93979ee2a7SFabiano Rosas
94979ee2a7SFabiano Rosas static void
migrate_hook_end_tls_psk(QTestState * from,QTestState * to,void * opaque)95979ee2a7SFabiano Rosas migrate_hook_end_tls_psk(QTestState *from,
96979ee2a7SFabiano Rosas QTestState *to,
97979ee2a7SFabiano Rosas void *opaque)
98979ee2a7SFabiano Rosas {
99979ee2a7SFabiano Rosas struct TestMigrateTLSPSKData *data = opaque;
100979ee2a7SFabiano Rosas
101979ee2a7SFabiano Rosas test_tls_psk_cleanup(data->pskfile);
102979ee2a7SFabiano Rosas if (data->pskfilealt) {
103979ee2a7SFabiano Rosas test_tls_psk_cleanup(data->pskfilealt);
104979ee2a7SFabiano Rosas }
105979ee2a7SFabiano Rosas rmdir(data->workdir);
106979ee2a7SFabiano Rosas if (data->workdiralt) {
107979ee2a7SFabiano Rosas rmdir(data->workdiralt);
108979ee2a7SFabiano Rosas }
109979ee2a7SFabiano Rosas
110979ee2a7SFabiano Rosas g_free(data->workdiralt);
111979ee2a7SFabiano Rosas g_free(data->pskfilealt);
112979ee2a7SFabiano Rosas g_free(data->workdir);
113979ee2a7SFabiano Rosas g_free(data->pskfile);
114979ee2a7SFabiano Rosas g_free(data);
115979ee2a7SFabiano Rosas }
116979ee2a7SFabiano Rosas
117979ee2a7SFabiano Rosas #ifdef CONFIG_TASN1
118979ee2a7SFabiano Rosas typedef struct {
119979ee2a7SFabiano Rosas char *workdir;
120979ee2a7SFabiano Rosas char *keyfile;
121979ee2a7SFabiano Rosas char *cacert;
122979ee2a7SFabiano Rosas char *servercert;
123979ee2a7SFabiano Rosas char *serverkey;
124979ee2a7SFabiano Rosas char *clientcert;
125979ee2a7SFabiano Rosas char *clientkey;
126979ee2a7SFabiano Rosas } TestMigrateTLSX509Data;
127979ee2a7SFabiano Rosas
128979ee2a7SFabiano Rosas typedef struct {
129979ee2a7SFabiano Rosas bool verifyclient;
130979ee2a7SFabiano Rosas bool clientcert;
131979ee2a7SFabiano Rosas bool hostileclient;
132979ee2a7SFabiano Rosas bool authzclient;
133979ee2a7SFabiano Rosas const char *certhostname;
134979ee2a7SFabiano Rosas const char *certipaddr;
135979ee2a7SFabiano Rosas } TestMigrateTLSX509;
136979ee2a7SFabiano Rosas
137979ee2a7SFabiano Rosas static void *
migrate_hook_start_tls_x509_common(QTestState * from,QTestState * to,TestMigrateTLSX509 * args)138979ee2a7SFabiano Rosas migrate_hook_start_tls_x509_common(QTestState *from,
139979ee2a7SFabiano Rosas QTestState *to,
140979ee2a7SFabiano Rosas TestMigrateTLSX509 *args)
141979ee2a7SFabiano Rosas {
142979ee2a7SFabiano Rosas TestMigrateTLSX509Data *data = g_new0(TestMigrateTLSX509Data, 1);
143979ee2a7SFabiano Rosas
144979ee2a7SFabiano Rosas data->workdir = g_strdup_printf("%s/tlscredsx5090", tmpfs);
145979ee2a7SFabiano Rosas data->keyfile = g_strdup_printf("%s/key.pem", data->workdir);
146979ee2a7SFabiano Rosas
147979ee2a7SFabiano Rosas data->cacert = g_strdup_printf("%s/ca-cert.pem", data->workdir);
148979ee2a7SFabiano Rosas data->serverkey = g_strdup_printf("%s/server-key.pem", data->workdir);
149979ee2a7SFabiano Rosas data->servercert = g_strdup_printf("%s/server-cert.pem", data->workdir);
150979ee2a7SFabiano Rosas if (args->clientcert) {
151979ee2a7SFabiano Rosas data->clientkey = g_strdup_printf("%s/client-key.pem", data->workdir);
152979ee2a7SFabiano Rosas data->clientcert = g_strdup_printf("%s/client-cert.pem", data->workdir);
153979ee2a7SFabiano Rosas }
154979ee2a7SFabiano Rosas
155979ee2a7SFabiano Rosas g_mkdir_with_parents(data->workdir, 0700);
156979ee2a7SFabiano Rosas
157979ee2a7SFabiano Rosas test_tls_init(data->keyfile);
158979ee2a7SFabiano Rosas #ifndef _WIN32
159979ee2a7SFabiano Rosas g_assert(link(data->keyfile, data->serverkey) == 0);
160979ee2a7SFabiano Rosas #else
161979ee2a7SFabiano Rosas g_assert(CreateHardLink(data->serverkey, data->keyfile, NULL) != 0);
162979ee2a7SFabiano Rosas #endif
163979ee2a7SFabiano Rosas if (args->clientcert) {
164979ee2a7SFabiano Rosas #ifndef _WIN32
165979ee2a7SFabiano Rosas g_assert(link(data->keyfile, data->clientkey) == 0);
166979ee2a7SFabiano Rosas #else
167979ee2a7SFabiano Rosas g_assert(CreateHardLink(data->clientkey, data->keyfile, NULL) != 0);
168979ee2a7SFabiano Rosas #endif
169979ee2a7SFabiano Rosas }
170979ee2a7SFabiano Rosas
171979ee2a7SFabiano Rosas TLS_ROOT_REQ_SIMPLE(cacertreq, data->cacert);
172979ee2a7SFabiano Rosas if (args->clientcert) {
173979ee2a7SFabiano Rosas TLS_CERT_REQ_SIMPLE_CLIENT(servercertreq, cacertreq,
174979ee2a7SFabiano Rosas args->hostileclient ?
175979ee2a7SFabiano Rosas QCRYPTO_TLS_TEST_CLIENT_HOSTILE_NAME :
176979ee2a7SFabiano Rosas QCRYPTO_TLS_TEST_CLIENT_NAME,
177979ee2a7SFabiano Rosas data->clientcert);
178979ee2a7SFabiano Rosas test_tls_deinit_cert(&servercertreq);
179979ee2a7SFabiano Rosas }
180979ee2a7SFabiano Rosas
181979ee2a7SFabiano Rosas TLS_CERT_REQ_SIMPLE_SERVER(clientcertreq, cacertreq,
182979ee2a7SFabiano Rosas data->servercert,
183979ee2a7SFabiano Rosas args->certhostname,
184979ee2a7SFabiano Rosas args->certipaddr);
185979ee2a7SFabiano Rosas test_tls_deinit_cert(&clientcertreq);
186979ee2a7SFabiano Rosas test_tls_deinit_cert(&cacertreq);
187979ee2a7SFabiano Rosas
188979ee2a7SFabiano Rosas qtest_qmp_assert_success(from,
189979ee2a7SFabiano Rosas "{ 'execute': 'object-add',"
190979ee2a7SFabiano Rosas " 'arguments': { 'qom-type': 'tls-creds-x509',"
191979ee2a7SFabiano Rosas " 'id': 'tlscredsx509client0',"
192979ee2a7SFabiano Rosas " 'endpoint': 'client',"
193979ee2a7SFabiano Rosas " 'dir': %s,"
194979ee2a7SFabiano Rosas " 'sanity-check': true,"
195979ee2a7SFabiano Rosas " 'verify-peer': true} }",
196979ee2a7SFabiano Rosas data->workdir);
197979ee2a7SFabiano Rosas migrate_set_parameter_str(from, "tls-creds", "tlscredsx509client0");
198979ee2a7SFabiano Rosas if (args->certhostname) {
199979ee2a7SFabiano Rosas migrate_set_parameter_str(from, "tls-hostname", args->certhostname);
200979ee2a7SFabiano Rosas }
201979ee2a7SFabiano Rosas
202979ee2a7SFabiano Rosas qtest_qmp_assert_success(to,
203979ee2a7SFabiano Rosas "{ 'execute': 'object-add',"
204979ee2a7SFabiano Rosas " 'arguments': { 'qom-type': 'tls-creds-x509',"
205979ee2a7SFabiano Rosas " 'id': 'tlscredsx509server0',"
206979ee2a7SFabiano Rosas " 'endpoint': 'server',"
207979ee2a7SFabiano Rosas " 'dir': %s,"
208979ee2a7SFabiano Rosas " 'sanity-check': true,"
209979ee2a7SFabiano Rosas " 'verify-peer': %i} }",
210979ee2a7SFabiano Rosas data->workdir, args->verifyclient);
211979ee2a7SFabiano Rosas migrate_set_parameter_str(to, "tls-creds", "tlscredsx509server0");
212979ee2a7SFabiano Rosas
213979ee2a7SFabiano Rosas if (args->authzclient) {
214979ee2a7SFabiano Rosas qtest_qmp_assert_success(to,
215979ee2a7SFabiano Rosas "{ 'execute': 'object-add',"
216979ee2a7SFabiano Rosas " 'arguments': { 'qom-type': 'authz-simple',"
217979ee2a7SFabiano Rosas " 'id': 'tlsauthz0',"
218979ee2a7SFabiano Rosas " 'identity': %s} }",
219979ee2a7SFabiano Rosas "CN=" QCRYPTO_TLS_TEST_CLIENT_NAME);
220979ee2a7SFabiano Rosas migrate_set_parameter_str(to, "tls-authz", "tlsauthz0");
221979ee2a7SFabiano Rosas }
222979ee2a7SFabiano Rosas
223979ee2a7SFabiano Rosas return data;
224979ee2a7SFabiano Rosas }
225979ee2a7SFabiano Rosas
226979ee2a7SFabiano Rosas /*
227979ee2a7SFabiano Rosas * The normal case: match server's cert hostname against
228979ee2a7SFabiano Rosas * whatever host we were telling QEMU to connect to (if any)
229979ee2a7SFabiano Rosas */
230979ee2a7SFabiano Rosas static void *
migrate_hook_start_tls_x509_default_host(QTestState * from,QTestState * to)231979ee2a7SFabiano Rosas migrate_hook_start_tls_x509_default_host(QTestState *from,
232979ee2a7SFabiano Rosas QTestState *to)
233979ee2a7SFabiano Rosas {
234979ee2a7SFabiano Rosas TestMigrateTLSX509 args = {
235979ee2a7SFabiano Rosas .verifyclient = true,
236979ee2a7SFabiano Rosas .clientcert = true,
237979ee2a7SFabiano Rosas .certipaddr = "127.0.0.1"
238979ee2a7SFabiano Rosas };
239979ee2a7SFabiano Rosas return migrate_hook_start_tls_x509_common(from, to, &args);
240979ee2a7SFabiano Rosas }
241979ee2a7SFabiano Rosas
242979ee2a7SFabiano Rosas /*
243979ee2a7SFabiano Rosas * The unusual case: the server's cert is different from
244979ee2a7SFabiano Rosas * the address we're telling QEMU to connect to (if any),
245979ee2a7SFabiano Rosas * so we must give QEMU an explicit hostname to validate
246979ee2a7SFabiano Rosas */
247979ee2a7SFabiano Rosas static void *
migrate_hook_start_tls_x509_override_host(QTestState * from,QTestState * to)248979ee2a7SFabiano Rosas migrate_hook_start_tls_x509_override_host(QTestState *from,
249979ee2a7SFabiano Rosas QTestState *to)
250979ee2a7SFabiano Rosas {
251979ee2a7SFabiano Rosas TestMigrateTLSX509 args = {
252979ee2a7SFabiano Rosas .verifyclient = true,
253979ee2a7SFabiano Rosas .clientcert = true,
254979ee2a7SFabiano Rosas .certhostname = "qemu.org",
255979ee2a7SFabiano Rosas };
256979ee2a7SFabiano Rosas return migrate_hook_start_tls_x509_common(from, to, &args);
257979ee2a7SFabiano Rosas }
258979ee2a7SFabiano Rosas
259979ee2a7SFabiano Rosas /*
260979ee2a7SFabiano Rosas * The unusual case: the server's cert is different from
261979ee2a7SFabiano Rosas * the address we're telling QEMU to connect to, and so we
262979ee2a7SFabiano Rosas * expect the client to reject the server
263979ee2a7SFabiano Rosas */
264979ee2a7SFabiano Rosas static void *
migrate_hook_start_tls_x509_mismatch_host(QTestState * from,QTestState * to)265979ee2a7SFabiano Rosas migrate_hook_start_tls_x509_mismatch_host(QTestState *from,
266979ee2a7SFabiano Rosas QTestState *to)
267979ee2a7SFabiano Rosas {
268979ee2a7SFabiano Rosas TestMigrateTLSX509 args = {
269979ee2a7SFabiano Rosas .verifyclient = true,
270979ee2a7SFabiano Rosas .clientcert = true,
271979ee2a7SFabiano Rosas .certipaddr = "10.0.0.1",
272979ee2a7SFabiano Rosas };
273979ee2a7SFabiano Rosas return migrate_hook_start_tls_x509_common(from, to, &args);
274979ee2a7SFabiano Rosas }
275979ee2a7SFabiano Rosas
276979ee2a7SFabiano Rosas static void *
migrate_hook_start_tls_x509_friendly_client(QTestState * from,QTestState * to)277979ee2a7SFabiano Rosas migrate_hook_start_tls_x509_friendly_client(QTestState *from,
278979ee2a7SFabiano Rosas QTestState *to)
279979ee2a7SFabiano Rosas {
280979ee2a7SFabiano Rosas TestMigrateTLSX509 args = {
281979ee2a7SFabiano Rosas .verifyclient = true,
282979ee2a7SFabiano Rosas .clientcert = true,
283979ee2a7SFabiano Rosas .authzclient = true,
284979ee2a7SFabiano Rosas .certipaddr = "127.0.0.1",
285979ee2a7SFabiano Rosas };
286979ee2a7SFabiano Rosas return migrate_hook_start_tls_x509_common(from, to, &args);
287979ee2a7SFabiano Rosas }
288979ee2a7SFabiano Rosas
289979ee2a7SFabiano Rosas static void *
migrate_hook_start_tls_x509_hostile_client(QTestState * from,QTestState * to)290979ee2a7SFabiano Rosas migrate_hook_start_tls_x509_hostile_client(QTestState *from,
291979ee2a7SFabiano Rosas QTestState *to)
292979ee2a7SFabiano Rosas {
293979ee2a7SFabiano Rosas TestMigrateTLSX509 args = {
294979ee2a7SFabiano Rosas .verifyclient = true,
295979ee2a7SFabiano Rosas .clientcert = true,
296979ee2a7SFabiano Rosas .hostileclient = true,
297979ee2a7SFabiano Rosas .authzclient = true,
298979ee2a7SFabiano Rosas .certipaddr = "127.0.0.1",
299979ee2a7SFabiano Rosas };
300979ee2a7SFabiano Rosas return migrate_hook_start_tls_x509_common(from, to, &args);
301979ee2a7SFabiano Rosas }
302979ee2a7SFabiano Rosas
303979ee2a7SFabiano Rosas /*
304979ee2a7SFabiano Rosas * The case with no client certificate presented,
305979ee2a7SFabiano Rosas * and no server verification
306979ee2a7SFabiano Rosas */
307979ee2a7SFabiano Rosas static void *
migrate_hook_start_tls_x509_allow_anon_client(QTestState * from,QTestState * to)308979ee2a7SFabiano Rosas migrate_hook_start_tls_x509_allow_anon_client(QTestState *from,
309979ee2a7SFabiano Rosas QTestState *to)
310979ee2a7SFabiano Rosas {
311979ee2a7SFabiano Rosas TestMigrateTLSX509 args = {
312979ee2a7SFabiano Rosas .certipaddr = "127.0.0.1",
313979ee2a7SFabiano Rosas };
314979ee2a7SFabiano Rosas return migrate_hook_start_tls_x509_common(from, to, &args);
315979ee2a7SFabiano Rosas }
316979ee2a7SFabiano Rosas
317979ee2a7SFabiano Rosas /*
318979ee2a7SFabiano Rosas * The case with no client certificate presented,
319979ee2a7SFabiano Rosas * and server verification rejecting
320979ee2a7SFabiano Rosas */
321979ee2a7SFabiano Rosas static void *
migrate_hook_start_tls_x509_reject_anon_client(QTestState * from,QTestState * to)322979ee2a7SFabiano Rosas migrate_hook_start_tls_x509_reject_anon_client(QTestState *from,
323979ee2a7SFabiano Rosas QTestState *to)
324979ee2a7SFabiano Rosas {
325979ee2a7SFabiano Rosas TestMigrateTLSX509 args = {
326979ee2a7SFabiano Rosas .verifyclient = true,
327979ee2a7SFabiano Rosas .certipaddr = "127.0.0.1",
328979ee2a7SFabiano Rosas };
329979ee2a7SFabiano Rosas return migrate_hook_start_tls_x509_common(from, to, &args);
330979ee2a7SFabiano Rosas }
331979ee2a7SFabiano Rosas
332979ee2a7SFabiano Rosas static void
migrate_hook_end_tls_x509(QTestState * from,QTestState * to,void * opaque)333979ee2a7SFabiano Rosas migrate_hook_end_tls_x509(QTestState *from,
334979ee2a7SFabiano Rosas QTestState *to,
335979ee2a7SFabiano Rosas void *opaque)
336979ee2a7SFabiano Rosas {
337979ee2a7SFabiano Rosas TestMigrateTLSX509Data *data = opaque;
338979ee2a7SFabiano Rosas
339979ee2a7SFabiano Rosas test_tls_cleanup(data->keyfile);
340979ee2a7SFabiano Rosas g_free(data->keyfile);
341979ee2a7SFabiano Rosas
342979ee2a7SFabiano Rosas unlink(data->cacert);
343979ee2a7SFabiano Rosas g_free(data->cacert);
344979ee2a7SFabiano Rosas unlink(data->servercert);
345979ee2a7SFabiano Rosas g_free(data->servercert);
346979ee2a7SFabiano Rosas unlink(data->serverkey);
347979ee2a7SFabiano Rosas g_free(data->serverkey);
348979ee2a7SFabiano Rosas
349979ee2a7SFabiano Rosas if (data->clientcert) {
350979ee2a7SFabiano Rosas unlink(data->clientcert);
351979ee2a7SFabiano Rosas g_free(data->clientcert);
352979ee2a7SFabiano Rosas }
353979ee2a7SFabiano Rosas if (data->clientkey) {
354979ee2a7SFabiano Rosas unlink(data->clientkey);
355979ee2a7SFabiano Rosas g_free(data->clientkey);
356979ee2a7SFabiano Rosas }
357979ee2a7SFabiano Rosas
358979ee2a7SFabiano Rosas rmdir(data->workdir);
359979ee2a7SFabiano Rosas g_free(data->workdir);
360979ee2a7SFabiano Rosas
361979ee2a7SFabiano Rosas g_free(data);
362979ee2a7SFabiano Rosas }
363979ee2a7SFabiano Rosas #endif /* CONFIG_TASN1 */
364979ee2a7SFabiano Rosas
test_postcopy_tls_psk(void)365979ee2a7SFabiano Rosas static void test_postcopy_tls_psk(void)
366979ee2a7SFabiano Rosas {
367979ee2a7SFabiano Rosas MigrateCommon args = {
368979ee2a7SFabiano Rosas .start_hook = migrate_hook_start_tls_psk_match,
369979ee2a7SFabiano Rosas .end_hook = migrate_hook_end_tls_psk,
370979ee2a7SFabiano Rosas };
371979ee2a7SFabiano Rosas
372979ee2a7SFabiano Rosas test_postcopy_common(&args);
373979ee2a7SFabiano Rosas }
374979ee2a7SFabiano Rosas
test_postcopy_preempt_tls_psk(void)375979ee2a7SFabiano Rosas static void test_postcopy_preempt_tls_psk(void)
376979ee2a7SFabiano Rosas {
377979ee2a7SFabiano Rosas MigrateCommon args = {
378979ee2a7SFabiano Rosas .postcopy_preempt = true,
379979ee2a7SFabiano Rosas .start_hook = migrate_hook_start_tls_psk_match,
380979ee2a7SFabiano Rosas .end_hook = migrate_hook_end_tls_psk,
381979ee2a7SFabiano Rosas };
382979ee2a7SFabiano Rosas
383979ee2a7SFabiano Rosas test_postcopy_common(&args);
384979ee2a7SFabiano Rosas }
385979ee2a7SFabiano Rosas
test_postcopy_recovery_tls_psk(void)386979ee2a7SFabiano Rosas static void test_postcopy_recovery_tls_psk(void)
387979ee2a7SFabiano Rosas {
388979ee2a7SFabiano Rosas MigrateCommon args = {
389979ee2a7SFabiano Rosas .start_hook = migrate_hook_start_tls_psk_match,
390979ee2a7SFabiano Rosas .end_hook = migrate_hook_end_tls_psk,
391979ee2a7SFabiano Rosas };
392979ee2a7SFabiano Rosas
393979ee2a7SFabiano Rosas test_postcopy_recovery_common(&args);
394979ee2a7SFabiano Rosas }
395979ee2a7SFabiano Rosas
396979ee2a7SFabiano Rosas /* This contains preempt+recovery+tls test altogether */
test_postcopy_preempt_all(void)397979ee2a7SFabiano Rosas static void test_postcopy_preempt_all(void)
398979ee2a7SFabiano Rosas {
399979ee2a7SFabiano Rosas MigrateCommon args = {
400979ee2a7SFabiano Rosas .postcopy_preempt = true,
401979ee2a7SFabiano Rosas .start_hook = migrate_hook_start_tls_psk_match,
402979ee2a7SFabiano Rosas .end_hook = migrate_hook_end_tls_psk,
403979ee2a7SFabiano Rosas };
404979ee2a7SFabiano Rosas
405979ee2a7SFabiano Rosas test_postcopy_recovery_common(&args);
406979ee2a7SFabiano Rosas }
407979ee2a7SFabiano Rosas
test_precopy_unix_tls_psk(void)408979ee2a7SFabiano Rosas static void test_precopy_unix_tls_psk(void)
409979ee2a7SFabiano Rosas {
410979ee2a7SFabiano Rosas g_autofree char *uri = g_strdup_printf("unix:%s/migsocket", tmpfs);
411979ee2a7SFabiano Rosas MigrateCommon args = {
412979ee2a7SFabiano Rosas .connect_uri = uri,
413979ee2a7SFabiano Rosas .listen_uri = uri,
414979ee2a7SFabiano Rosas .start_hook = migrate_hook_start_tls_psk_match,
415979ee2a7SFabiano Rosas .end_hook = migrate_hook_end_tls_psk,
416979ee2a7SFabiano Rosas };
417979ee2a7SFabiano Rosas
418979ee2a7SFabiano Rosas test_precopy_common(&args);
419979ee2a7SFabiano Rosas }
420979ee2a7SFabiano Rosas
421979ee2a7SFabiano Rosas #ifdef CONFIG_TASN1
test_precopy_unix_tls_x509_default_host(void)422979ee2a7SFabiano Rosas static void test_precopy_unix_tls_x509_default_host(void)
423979ee2a7SFabiano Rosas {
424979ee2a7SFabiano Rosas g_autofree char *uri = g_strdup_printf("unix:%s/migsocket", tmpfs);
425979ee2a7SFabiano Rosas MigrateCommon args = {
426979ee2a7SFabiano Rosas .start = {
427979ee2a7SFabiano Rosas .hide_stderr = true,
428979ee2a7SFabiano Rosas },
429979ee2a7SFabiano Rosas .connect_uri = uri,
430979ee2a7SFabiano Rosas .listen_uri = uri,
431979ee2a7SFabiano Rosas .start_hook = migrate_hook_start_tls_x509_default_host,
432979ee2a7SFabiano Rosas .end_hook = migrate_hook_end_tls_x509,
433979ee2a7SFabiano Rosas .result = MIG_TEST_FAIL_DEST_QUIT_ERR,
434979ee2a7SFabiano Rosas };
435979ee2a7SFabiano Rosas
436979ee2a7SFabiano Rosas test_precopy_common(&args);
437979ee2a7SFabiano Rosas }
438979ee2a7SFabiano Rosas
test_precopy_unix_tls_x509_override_host(void)439979ee2a7SFabiano Rosas static void test_precopy_unix_tls_x509_override_host(void)
440979ee2a7SFabiano Rosas {
441979ee2a7SFabiano Rosas g_autofree char *uri = g_strdup_printf("unix:%s/migsocket", tmpfs);
442979ee2a7SFabiano Rosas MigrateCommon args = {
443979ee2a7SFabiano Rosas .connect_uri = uri,
444979ee2a7SFabiano Rosas .listen_uri = uri,
445979ee2a7SFabiano Rosas .start_hook = migrate_hook_start_tls_x509_override_host,
446979ee2a7SFabiano Rosas .end_hook = migrate_hook_end_tls_x509,
447979ee2a7SFabiano Rosas };
448979ee2a7SFabiano Rosas
449979ee2a7SFabiano Rosas test_precopy_common(&args);
450979ee2a7SFabiano Rosas }
451979ee2a7SFabiano Rosas #endif /* CONFIG_TASN1 */
452979ee2a7SFabiano Rosas
test_precopy_tcp_tls_psk_match(void)453979ee2a7SFabiano Rosas static void test_precopy_tcp_tls_psk_match(void)
454979ee2a7SFabiano Rosas {
455979ee2a7SFabiano Rosas MigrateCommon args = {
456979ee2a7SFabiano Rosas .listen_uri = "tcp:127.0.0.1:0",
457979ee2a7SFabiano Rosas .start_hook = migrate_hook_start_tls_psk_match,
458979ee2a7SFabiano Rosas .end_hook = migrate_hook_end_tls_psk,
459979ee2a7SFabiano Rosas };
460979ee2a7SFabiano Rosas
461979ee2a7SFabiano Rosas test_precopy_common(&args);
462979ee2a7SFabiano Rosas }
463979ee2a7SFabiano Rosas
test_precopy_tcp_tls_psk_mismatch(void)464979ee2a7SFabiano Rosas static void test_precopy_tcp_tls_psk_mismatch(void)
465979ee2a7SFabiano Rosas {
466979ee2a7SFabiano Rosas MigrateCommon args = {
467979ee2a7SFabiano Rosas .start = {
468979ee2a7SFabiano Rosas .hide_stderr = true,
469979ee2a7SFabiano Rosas },
470979ee2a7SFabiano Rosas .listen_uri = "tcp:127.0.0.1:0",
471979ee2a7SFabiano Rosas .start_hook = migrate_hook_start_tls_psk_mismatch,
472979ee2a7SFabiano Rosas .end_hook = migrate_hook_end_tls_psk,
473979ee2a7SFabiano Rosas .result = MIG_TEST_FAIL,
474979ee2a7SFabiano Rosas };
475979ee2a7SFabiano Rosas
476979ee2a7SFabiano Rosas test_precopy_common(&args);
477979ee2a7SFabiano Rosas }
478979ee2a7SFabiano Rosas
479979ee2a7SFabiano Rosas #ifdef CONFIG_TASN1
test_precopy_tcp_tls_x509_default_host(void)480979ee2a7SFabiano Rosas static void test_precopy_tcp_tls_x509_default_host(void)
481979ee2a7SFabiano Rosas {
482979ee2a7SFabiano Rosas MigrateCommon args = {
483979ee2a7SFabiano Rosas .listen_uri = "tcp:127.0.0.1:0",
484979ee2a7SFabiano Rosas .start_hook = migrate_hook_start_tls_x509_default_host,
485979ee2a7SFabiano Rosas .end_hook = migrate_hook_end_tls_x509,
486979ee2a7SFabiano Rosas };
487979ee2a7SFabiano Rosas
488979ee2a7SFabiano Rosas test_precopy_common(&args);
489979ee2a7SFabiano Rosas }
490979ee2a7SFabiano Rosas
test_precopy_tcp_tls_x509_override_host(void)491979ee2a7SFabiano Rosas static void test_precopy_tcp_tls_x509_override_host(void)
492979ee2a7SFabiano Rosas {
493979ee2a7SFabiano Rosas MigrateCommon args = {
494979ee2a7SFabiano Rosas .listen_uri = "tcp:127.0.0.1:0",
495979ee2a7SFabiano Rosas .start_hook = migrate_hook_start_tls_x509_override_host,
496979ee2a7SFabiano Rosas .end_hook = migrate_hook_end_tls_x509,
497979ee2a7SFabiano Rosas };
498979ee2a7SFabiano Rosas
499979ee2a7SFabiano Rosas test_precopy_common(&args);
500979ee2a7SFabiano Rosas }
501979ee2a7SFabiano Rosas
test_precopy_tcp_tls_x509_mismatch_host(void)502979ee2a7SFabiano Rosas static void test_precopy_tcp_tls_x509_mismatch_host(void)
503979ee2a7SFabiano Rosas {
504979ee2a7SFabiano Rosas MigrateCommon args = {
505979ee2a7SFabiano Rosas .start = {
506979ee2a7SFabiano Rosas .hide_stderr = true,
507979ee2a7SFabiano Rosas },
508979ee2a7SFabiano Rosas .listen_uri = "tcp:127.0.0.1:0",
509979ee2a7SFabiano Rosas .start_hook = migrate_hook_start_tls_x509_mismatch_host,
510979ee2a7SFabiano Rosas .end_hook = migrate_hook_end_tls_x509,
511979ee2a7SFabiano Rosas .result = MIG_TEST_FAIL_DEST_QUIT_ERR,
512979ee2a7SFabiano Rosas };
513979ee2a7SFabiano Rosas
514979ee2a7SFabiano Rosas test_precopy_common(&args);
515979ee2a7SFabiano Rosas }
516979ee2a7SFabiano Rosas
test_precopy_tcp_tls_x509_friendly_client(void)517979ee2a7SFabiano Rosas static void test_precopy_tcp_tls_x509_friendly_client(void)
518979ee2a7SFabiano Rosas {
519979ee2a7SFabiano Rosas MigrateCommon args = {
520979ee2a7SFabiano Rosas .listen_uri = "tcp:127.0.0.1:0",
521979ee2a7SFabiano Rosas .start_hook = migrate_hook_start_tls_x509_friendly_client,
522979ee2a7SFabiano Rosas .end_hook = migrate_hook_end_tls_x509,
523979ee2a7SFabiano Rosas };
524979ee2a7SFabiano Rosas
525979ee2a7SFabiano Rosas test_precopy_common(&args);
526979ee2a7SFabiano Rosas }
527979ee2a7SFabiano Rosas
test_precopy_tcp_tls_x509_hostile_client(void)528979ee2a7SFabiano Rosas static void test_precopy_tcp_tls_x509_hostile_client(void)
529979ee2a7SFabiano Rosas {
530979ee2a7SFabiano Rosas MigrateCommon args = {
531979ee2a7SFabiano Rosas .start = {
532979ee2a7SFabiano Rosas .hide_stderr = true,
533979ee2a7SFabiano Rosas },
534979ee2a7SFabiano Rosas .listen_uri = "tcp:127.0.0.1:0",
535979ee2a7SFabiano Rosas .start_hook = migrate_hook_start_tls_x509_hostile_client,
536979ee2a7SFabiano Rosas .end_hook = migrate_hook_end_tls_x509,
537979ee2a7SFabiano Rosas .result = MIG_TEST_FAIL,
538979ee2a7SFabiano Rosas };
539979ee2a7SFabiano Rosas
540979ee2a7SFabiano Rosas test_precopy_common(&args);
541979ee2a7SFabiano Rosas }
542979ee2a7SFabiano Rosas
test_precopy_tcp_tls_x509_allow_anon_client(void)543979ee2a7SFabiano Rosas static void test_precopy_tcp_tls_x509_allow_anon_client(void)
544979ee2a7SFabiano Rosas {
545979ee2a7SFabiano Rosas MigrateCommon args = {
546979ee2a7SFabiano Rosas .listen_uri = "tcp:127.0.0.1:0",
547979ee2a7SFabiano Rosas .start_hook = migrate_hook_start_tls_x509_allow_anon_client,
548979ee2a7SFabiano Rosas .end_hook = migrate_hook_end_tls_x509,
549979ee2a7SFabiano Rosas };
550979ee2a7SFabiano Rosas
551979ee2a7SFabiano Rosas test_precopy_common(&args);
552979ee2a7SFabiano Rosas }
553979ee2a7SFabiano Rosas
test_precopy_tcp_tls_x509_reject_anon_client(void)554979ee2a7SFabiano Rosas static void test_precopy_tcp_tls_x509_reject_anon_client(void)
555979ee2a7SFabiano Rosas {
556979ee2a7SFabiano Rosas MigrateCommon args = {
557979ee2a7SFabiano Rosas .start = {
558979ee2a7SFabiano Rosas .hide_stderr = true,
559979ee2a7SFabiano Rosas },
560979ee2a7SFabiano Rosas .listen_uri = "tcp:127.0.0.1:0",
561979ee2a7SFabiano Rosas .start_hook = migrate_hook_start_tls_x509_reject_anon_client,
562979ee2a7SFabiano Rosas .end_hook = migrate_hook_end_tls_x509,
563979ee2a7SFabiano Rosas .result = MIG_TEST_FAIL,
564979ee2a7SFabiano Rosas };
565979ee2a7SFabiano Rosas
566979ee2a7SFabiano Rosas test_precopy_common(&args);
567979ee2a7SFabiano Rosas }
568979ee2a7SFabiano Rosas #endif /* CONFIG_TASN1 */
569979ee2a7SFabiano Rosas
570979ee2a7SFabiano Rosas static void *
migrate_hook_start_multifd_tcp_tls_psk_match(QTestState * from,QTestState * to)571979ee2a7SFabiano Rosas migrate_hook_start_multifd_tcp_tls_psk_match(QTestState *from,
572979ee2a7SFabiano Rosas QTestState *to)
573979ee2a7SFabiano Rosas {
574979ee2a7SFabiano Rosas migrate_hook_start_precopy_tcp_multifd_common(from, to, "none");
575979ee2a7SFabiano Rosas return migrate_hook_start_tls_psk_match(from, to);
576979ee2a7SFabiano Rosas }
577979ee2a7SFabiano Rosas
578979ee2a7SFabiano Rosas static void *
migrate_hook_start_multifd_tcp_tls_psk_mismatch(QTestState * from,QTestState * to)579979ee2a7SFabiano Rosas migrate_hook_start_multifd_tcp_tls_psk_mismatch(QTestState *from,
580979ee2a7SFabiano Rosas QTestState *to)
581979ee2a7SFabiano Rosas {
582979ee2a7SFabiano Rosas migrate_hook_start_precopy_tcp_multifd_common(from, to, "none");
583979ee2a7SFabiano Rosas return migrate_hook_start_tls_psk_mismatch(from, to);
584979ee2a7SFabiano Rosas }
585979ee2a7SFabiano Rosas
586979ee2a7SFabiano Rosas #ifdef CONFIG_TASN1
587979ee2a7SFabiano Rosas static void *
migrate_hook_start_multifd_tls_x509_default_host(QTestState * from,QTestState * to)588979ee2a7SFabiano Rosas migrate_hook_start_multifd_tls_x509_default_host(QTestState *from,
589979ee2a7SFabiano Rosas QTestState *to)
590979ee2a7SFabiano Rosas {
591979ee2a7SFabiano Rosas migrate_hook_start_precopy_tcp_multifd_common(from, to, "none");
592979ee2a7SFabiano Rosas return migrate_hook_start_tls_x509_default_host(from, to);
593979ee2a7SFabiano Rosas }
594979ee2a7SFabiano Rosas
595979ee2a7SFabiano Rosas static void *
migrate_hook_start_multifd_tls_x509_override_host(QTestState * from,QTestState * to)596979ee2a7SFabiano Rosas migrate_hook_start_multifd_tls_x509_override_host(QTestState *from,
597979ee2a7SFabiano Rosas QTestState *to)
598979ee2a7SFabiano Rosas {
599979ee2a7SFabiano Rosas migrate_hook_start_precopy_tcp_multifd_common(from, to, "none");
600979ee2a7SFabiano Rosas return migrate_hook_start_tls_x509_override_host(from, to);
601979ee2a7SFabiano Rosas }
602979ee2a7SFabiano Rosas
603979ee2a7SFabiano Rosas static void *
migrate_hook_start_multifd_tls_x509_mismatch_host(QTestState * from,QTestState * to)604979ee2a7SFabiano Rosas migrate_hook_start_multifd_tls_x509_mismatch_host(QTestState *from,
605979ee2a7SFabiano Rosas QTestState *to)
606979ee2a7SFabiano Rosas {
607979ee2a7SFabiano Rosas migrate_hook_start_precopy_tcp_multifd_common(from, to, "none");
608979ee2a7SFabiano Rosas return migrate_hook_start_tls_x509_mismatch_host(from, to);
609979ee2a7SFabiano Rosas }
610979ee2a7SFabiano Rosas
611979ee2a7SFabiano Rosas static void *
migrate_hook_start_multifd_tls_x509_allow_anon_client(QTestState * from,QTestState * to)612979ee2a7SFabiano Rosas migrate_hook_start_multifd_tls_x509_allow_anon_client(QTestState *from,
613979ee2a7SFabiano Rosas QTestState *to)
614979ee2a7SFabiano Rosas {
615979ee2a7SFabiano Rosas migrate_hook_start_precopy_tcp_multifd_common(from, to, "none");
616979ee2a7SFabiano Rosas return migrate_hook_start_tls_x509_allow_anon_client(from, to);
617979ee2a7SFabiano Rosas }
618979ee2a7SFabiano Rosas
619979ee2a7SFabiano Rosas static void *
migrate_hook_start_multifd_tls_x509_reject_anon_client(QTestState * from,QTestState * to)620979ee2a7SFabiano Rosas migrate_hook_start_multifd_tls_x509_reject_anon_client(QTestState *from,
621979ee2a7SFabiano Rosas QTestState *to)
622979ee2a7SFabiano Rosas {
623979ee2a7SFabiano Rosas migrate_hook_start_precopy_tcp_multifd_common(from, to, "none");
624979ee2a7SFabiano Rosas return migrate_hook_start_tls_x509_reject_anon_client(from, to);
625979ee2a7SFabiano Rosas }
626979ee2a7SFabiano Rosas #endif /* CONFIG_TASN1 */
627979ee2a7SFabiano Rosas
test_multifd_tcp_tls_psk_match(void)628979ee2a7SFabiano Rosas static void test_multifd_tcp_tls_psk_match(void)
629979ee2a7SFabiano Rosas {
630979ee2a7SFabiano Rosas MigrateCommon args = {
631979ee2a7SFabiano Rosas .listen_uri = "defer",
632979ee2a7SFabiano Rosas .start_hook = migrate_hook_start_multifd_tcp_tls_psk_match,
633979ee2a7SFabiano Rosas .end_hook = migrate_hook_end_tls_psk,
634979ee2a7SFabiano Rosas };
635979ee2a7SFabiano Rosas test_precopy_common(&args);
636979ee2a7SFabiano Rosas }
637979ee2a7SFabiano Rosas
test_multifd_tcp_tls_psk_mismatch(void)638979ee2a7SFabiano Rosas static void test_multifd_tcp_tls_psk_mismatch(void)
639979ee2a7SFabiano Rosas {
640979ee2a7SFabiano Rosas MigrateCommon args = {
641979ee2a7SFabiano Rosas .start = {
642979ee2a7SFabiano Rosas .hide_stderr = true,
643979ee2a7SFabiano Rosas },
644979ee2a7SFabiano Rosas .listen_uri = "defer",
645979ee2a7SFabiano Rosas .start_hook = migrate_hook_start_multifd_tcp_tls_psk_mismatch,
646979ee2a7SFabiano Rosas .end_hook = migrate_hook_end_tls_psk,
647979ee2a7SFabiano Rosas .result = MIG_TEST_FAIL,
648979ee2a7SFabiano Rosas };
649979ee2a7SFabiano Rosas test_precopy_common(&args);
650979ee2a7SFabiano Rosas }
651979ee2a7SFabiano Rosas
652979ee2a7SFabiano Rosas #ifdef CONFIG_TASN1
test_multifd_tcp_tls_x509_default_host(void)653979ee2a7SFabiano Rosas static void test_multifd_tcp_tls_x509_default_host(void)
654979ee2a7SFabiano Rosas {
655979ee2a7SFabiano Rosas MigrateCommon args = {
656979ee2a7SFabiano Rosas .listen_uri = "defer",
657979ee2a7SFabiano Rosas .start_hook = migrate_hook_start_multifd_tls_x509_default_host,
658979ee2a7SFabiano Rosas .end_hook = migrate_hook_end_tls_x509,
659979ee2a7SFabiano Rosas };
660979ee2a7SFabiano Rosas test_precopy_common(&args);
661979ee2a7SFabiano Rosas }
662979ee2a7SFabiano Rosas
test_multifd_tcp_tls_x509_override_host(void)663979ee2a7SFabiano Rosas static void test_multifd_tcp_tls_x509_override_host(void)
664979ee2a7SFabiano Rosas {
665979ee2a7SFabiano Rosas MigrateCommon args = {
666979ee2a7SFabiano Rosas .listen_uri = "defer",
667979ee2a7SFabiano Rosas .start_hook = migrate_hook_start_multifd_tls_x509_override_host,
668979ee2a7SFabiano Rosas .end_hook = migrate_hook_end_tls_x509,
669979ee2a7SFabiano Rosas };
670979ee2a7SFabiano Rosas test_precopy_common(&args);
671979ee2a7SFabiano Rosas }
672979ee2a7SFabiano Rosas
test_multifd_tcp_tls_x509_mismatch_host(void)673979ee2a7SFabiano Rosas static void test_multifd_tcp_tls_x509_mismatch_host(void)
674979ee2a7SFabiano Rosas {
675979ee2a7SFabiano Rosas /*
676979ee2a7SFabiano Rosas * This has different behaviour to the non-multifd case.
677979ee2a7SFabiano Rosas *
678979ee2a7SFabiano Rosas * In non-multifd case when client aborts due to mismatched
679979ee2a7SFabiano Rosas * cert host, the server has already started trying to load
680979ee2a7SFabiano Rosas * migration state, and so it exits with I/O failure.
681979ee2a7SFabiano Rosas *
682979ee2a7SFabiano Rosas * In multifd case when client aborts due to mismatched
683979ee2a7SFabiano Rosas * cert host, the server is still waiting for the other
684979ee2a7SFabiano Rosas * multifd connections to arrive so hasn't started trying
685979ee2a7SFabiano Rosas * to load migration state, and thus just aborts the migration
686979ee2a7SFabiano Rosas * without exiting.
687979ee2a7SFabiano Rosas */
688979ee2a7SFabiano Rosas MigrateCommon args = {
689979ee2a7SFabiano Rosas .start = {
690979ee2a7SFabiano Rosas .hide_stderr = true,
691979ee2a7SFabiano Rosas },
692979ee2a7SFabiano Rosas .listen_uri = "defer",
693979ee2a7SFabiano Rosas .start_hook = migrate_hook_start_multifd_tls_x509_mismatch_host,
694979ee2a7SFabiano Rosas .end_hook = migrate_hook_end_tls_x509,
695979ee2a7SFabiano Rosas .result = MIG_TEST_FAIL,
696979ee2a7SFabiano Rosas };
697979ee2a7SFabiano Rosas test_precopy_common(&args);
698979ee2a7SFabiano Rosas }
699979ee2a7SFabiano Rosas
test_multifd_tcp_tls_x509_allow_anon_client(void)700979ee2a7SFabiano Rosas static void test_multifd_tcp_tls_x509_allow_anon_client(void)
701979ee2a7SFabiano Rosas {
702979ee2a7SFabiano Rosas MigrateCommon args = {
703979ee2a7SFabiano Rosas .listen_uri = "defer",
704979ee2a7SFabiano Rosas .start_hook = migrate_hook_start_multifd_tls_x509_allow_anon_client,
705979ee2a7SFabiano Rosas .end_hook = migrate_hook_end_tls_x509,
706979ee2a7SFabiano Rosas };
707979ee2a7SFabiano Rosas test_precopy_common(&args);
708979ee2a7SFabiano Rosas }
709979ee2a7SFabiano Rosas
test_multifd_tcp_tls_x509_reject_anon_client(void)710979ee2a7SFabiano Rosas static void test_multifd_tcp_tls_x509_reject_anon_client(void)
711979ee2a7SFabiano Rosas {
712979ee2a7SFabiano Rosas MigrateCommon args = {
713979ee2a7SFabiano Rosas .start = {
714979ee2a7SFabiano Rosas .hide_stderr = true,
715979ee2a7SFabiano Rosas },
716979ee2a7SFabiano Rosas .listen_uri = "defer",
717979ee2a7SFabiano Rosas .start_hook = migrate_hook_start_multifd_tls_x509_reject_anon_client,
718979ee2a7SFabiano Rosas .end_hook = migrate_hook_end_tls_x509,
719979ee2a7SFabiano Rosas .result = MIG_TEST_FAIL,
720979ee2a7SFabiano Rosas };
721979ee2a7SFabiano Rosas test_precopy_common(&args);
722979ee2a7SFabiano Rosas }
723979ee2a7SFabiano Rosas #endif /* CONFIG_TASN1 */
724979ee2a7SFabiano Rosas
migration_test_add_tls_smoke(MigrationTestEnv * env)725*43ab3fb3SFabiano Rosas static void migration_test_add_tls_smoke(MigrationTestEnv *env)
726*43ab3fb3SFabiano Rosas {
727*43ab3fb3SFabiano Rosas migration_test_add("/migration/precopy/tcp/tls/psk/match",
728*43ab3fb3SFabiano Rosas test_precopy_tcp_tls_psk_match);
729*43ab3fb3SFabiano Rosas }
730*43ab3fb3SFabiano Rosas
migration_test_add_tls(MigrationTestEnv * env)731979ee2a7SFabiano Rosas void migration_test_add_tls(MigrationTestEnv *env)
732979ee2a7SFabiano Rosas {
733979ee2a7SFabiano Rosas tmpfs = env->tmpfs;
734979ee2a7SFabiano Rosas
735*43ab3fb3SFabiano Rosas migration_test_add_tls_smoke(env);
736*43ab3fb3SFabiano Rosas
737bc2a1f1aSFabiano Rosas if (!env->full_set) {
738bc2a1f1aSFabiano Rosas return;
739bc2a1f1aSFabiano Rosas }
740bc2a1f1aSFabiano Rosas
741979ee2a7SFabiano Rosas migration_test_add("/migration/precopy/unix/tls/psk",
742979ee2a7SFabiano Rosas test_precopy_unix_tls_psk);
743979ee2a7SFabiano Rosas
744979ee2a7SFabiano Rosas if (env->has_uffd) {
745979ee2a7SFabiano Rosas /*
746979ee2a7SFabiano Rosas * NOTE: psk test is enough for postcopy, as other types of TLS
747979ee2a7SFabiano Rosas * channels are tested under precopy. Here what we want to test is the
748979ee2a7SFabiano Rosas * general postcopy path that has TLS channel enabled.
749979ee2a7SFabiano Rosas */
750979ee2a7SFabiano Rosas migration_test_add("/migration/postcopy/tls/psk",
751979ee2a7SFabiano Rosas test_postcopy_tls_psk);
752979ee2a7SFabiano Rosas migration_test_add("/migration/postcopy/recovery/tls/psk",
753979ee2a7SFabiano Rosas test_postcopy_recovery_tls_psk);
754979ee2a7SFabiano Rosas migration_test_add("/migration/postcopy/preempt/tls/psk",
755979ee2a7SFabiano Rosas test_postcopy_preempt_tls_psk);
756979ee2a7SFabiano Rosas migration_test_add("/migration/postcopy/preempt/recovery/tls/psk",
757979ee2a7SFabiano Rosas test_postcopy_preempt_all);
758979ee2a7SFabiano Rosas }
759979ee2a7SFabiano Rosas #ifdef CONFIG_TASN1
760979ee2a7SFabiano Rosas migration_test_add("/migration/precopy/unix/tls/x509/default-host",
761979ee2a7SFabiano Rosas test_precopy_unix_tls_x509_default_host);
762979ee2a7SFabiano Rosas migration_test_add("/migration/precopy/unix/tls/x509/override-host",
763979ee2a7SFabiano Rosas test_precopy_unix_tls_x509_override_host);
764979ee2a7SFabiano Rosas #endif /* CONFIG_TASN1 */
765979ee2a7SFabiano Rosas
766979ee2a7SFabiano Rosas migration_test_add("/migration/precopy/tcp/tls/psk/mismatch",
767979ee2a7SFabiano Rosas test_precopy_tcp_tls_psk_mismatch);
768979ee2a7SFabiano Rosas #ifdef CONFIG_TASN1
769979ee2a7SFabiano Rosas migration_test_add("/migration/precopy/tcp/tls/x509/default-host",
770979ee2a7SFabiano Rosas test_precopy_tcp_tls_x509_default_host);
771979ee2a7SFabiano Rosas migration_test_add("/migration/precopy/tcp/tls/x509/override-host",
772979ee2a7SFabiano Rosas test_precopy_tcp_tls_x509_override_host);
773979ee2a7SFabiano Rosas migration_test_add("/migration/precopy/tcp/tls/x509/mismatch-host",
774979ee2a7SFabiano Rosas test_precopy_tcp_tls_x509_mismatch_host);
775979ee2a7SFabiano Rosas migration_test_add("/migration/precopy/tcp/tls/x509/friendly-client",
776979ee2a7SFabiano Rosas test_precopy_tcp_tls_x509_friendly_client);
777979ee2a7SFabiano Rosas migration_test_add("/migration/precopy/tcp/tls/x509/hostile-client",
778979ee2a7SFabiano Rosas test_precopy_tcp_tls_x509_hostile_client);
779979ee2a7SFabiano Rosas migration_test_add("/migration/precopy/tcp/tls/x509/allow-anon-client",
780979ee2a7SFabiano Rosas test_precopy_tcp_tls_x509_allow_anon_client);
781979ee2a7SFabiano Rosas migration_test_add("/migration/precopy/tcp/tls/x509/reject-anon-client",
782979ee2a7SFabiano Rosas test_precopy_tcp_tls_x509_reject_anon_client);
783979ee2a7SFabiano Rosas #endif /* CONFIG_TASN1 */
784979ee2a7SFabiano Rosas
785979ee2a7SFabiano Rosas migration_test_add("/migration/multifd/tcp/tls/psk/match",
786979ee2a7SFabiano Rosas test_multifd_tcp_tls_psk_match);
787979ee2a7SFabiano Rosas migration_test_add("/migration/multifd/tcp/tls/psk/mismatch",
788979ee2a7SFabiano Rosas test_multifd_tcp_tls_psk_mismatch);
789979ee2a7SFabiano Rosas #ifdef CONFIG_TASN1
790979ee2a7SFabiano Rosas migration_test_add("/migration/multifd/tcp/tls/x509/default-host",
791979ee2a7SFabiano Rosas test_multifd_tcp_tls_x509_default_host);
792979ee2a7SFabiano Rosas migration_test_add("/migration/multifd/tcp/tls/x509/override-host",
793979ee2a7SFabiano Rosas test_multifd_tcp_tls_x509_override_host);
794979ee2a7SFabiano Rosas migration_test_add("/migration/multifd/tcp/tls/x509/mismatch-host",
795979ee2a7SFabiano Rosas test_multifd_tcp_tls_x509_mismatch_host);
796979ee2a7SFabiano Rosas migration_test_add("/migration/multifd/tcp/tls/x509/allow-anon-client",
797979ee2a7SFabiano Rosas test_multifd_tcp_tls_x509_allow_anon_client);
798979ee2a7SFabiano Rosas migration_test_add("/migration/multifd/tcp/tls/x509/reject-anon-client",
799979ee2a7SFabiano Rosas test_multifd_tcp_tls_x509_reject_anon_client);
800979ee2a7SFabiano Rosas #endif /* CONFIG_TASN1 */
801979ee2a7SFabiano Rosas }
802