]> Git Repo - J-linux.git/blob - tools/testing/selftests/bpf/prog_tests/crypto_sanity.c
Merge tag 'vfs-6.13-rc7.fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs
[J-linux.git] / tools / testing / selftests / bpf / prog_tests / crypto_sanity.c
1 // SPDX-License-Identifier: GPL-2.0
2 /* Copyright (c) 2024 Meta Platforms, Inc. and affiliates. */
3
4 #include <sys/types.h>
5 #include <sys/socket.h>
6 #include <net/if.h>
7 #include <linux/if_alg.h>
8
9 #include "test_progs.h"
10 #include "network_helpers.h"
11 #include "crypto_sanity.skel.h"
12 #include "crypto_basic.skel.h"
13
14 #define NS_TEST "crypto_sanity_ns"
15 #define IPV6_IFACE_ADDR "face::1"
16 static const unsigned char crypto_key[] = "testtest12345678";
17 static const char plain_text[] = "stringtoencrypt0";
18 static int opfd = -1, tfmfd = -1;
19 static const char algo[] = "ecb(aes)";
20 static int init_afalg(void)
21 {
22         struct sockaddr_alg sa = {
23                 .salg_family = AF_ALG,
24                 .salg_type = "skcipher",
25                 .salg_name = "ecb(aes)"
26         };
27
28         tfmfd = socket(AF_ALG, SOCK_SEQPACKET, 0);
29         if (tfmfd == -1)
30                 return errno;
31         if (bind(tfmfd, (struct sockaddr *)&sa, sizeof(sa)) == -1)
32                 return errno;
33         if (setsockopt(tfmfd, SOL_ALG, ALG_SET_KEY, crypto_key, 16) == -1)
34                 return errno;
35         opfd = accept(tfmfd, NULL, 0);
36         if (opfd == -1)
37                 return errno;
38         return 0;
39 }
40
41 static void deinit_afalg(void)
42 {
43         if (tfmfd != -1)
44                 close(tfmfd);
45         if (opfd != -1)
46                 close(opfd);
47 }
48
49 static void do_crypt_afalg(const void *src, void *dst, int size, bool encrypt)
50 {
51         struct msghdr msg = {};
52         struct cmsghdr *cmsg;
53         char cbuf[CMSG_SPACE(4)] = {0};
54         struct iovec iov;
55
56         msg.msg_control = cbuf;
57         msg.msg_controllen = sizeof(cbuf);
58
59         cmsg = CMSG_FIRSTHDR(&msg);
60         cmsg->cmsg_level = SOL_ALG;
61         cmsg->cmsg_type = ALG_SET_OP;
62         cmsg->cmsg_len = CMSG_LEN(4);
63         *(__u32 *)CMSG_DATA(cmsg) = encrypt ? ALG_OP_ENCRYPT : ALG_OP_DECRYPT;
64
65         iov.iov_base = (char *)src;
66         iov.iov_len = size;
67
68         msg.msg_iov = &iov;
69         msg.msg_iovlen = 1;
70
71         sendmsg(opfd, &msg, 0);
72         read(opfd, dst, size);
73 }
74
75 void test_crypto_basic(void)
76 {
77         RUN_TESTS(crypto_basic);
78 }
79
80 void test_crypto_sanity(void)
81 {
82         LIBBPF_OPTS(bpf_tc_hook, qdisc_hook, .attach_point = BPF_TC_EGRESS);
83         LIBBPF_OPTS(bpf_tc_opts, tc_attach_enc);
84         LIBBPF_OPTS(bpf_tc_opts, tc_attach_dec);
85         LIBBPF_OPTS(bpf_test_run_opts, opts);
86         struct nstoken *nstoken = NULL;
87         struct crypto_sanity *skel;
88         char afalg_plain[16] = {0};
89         char afalg_dst[16] = {0};
90         struct sockaddr_in6 addr;
91         int sockfd, err, pfd;
92         socklen_t addrlen;
93         u16 udp_test_port;
94
95         skel = crypto_sanity__open_and_load();
96         if (!ASSERT_OK_PTR(skel, "skel open"))
97                 return;
98
99         SYS(fail, "ip netns add %s", NS_TEST);
100         SYS(fail, "ip -net %s -6 addr add %s/128 dev lo nodad", NS_TEST, IPV6_IFACE_ADDR);
101         SYS(fail, "ip -net %s link set dev lo up", NS_TEST);
102
103         nstoken = open_netns(NS_TEST);
104         if (!ASSERT_OK_PTR(nstoken, "open_netns"))
105                 goto fail;
106
107         err = init_afalg();
108         if (!ASSERT_OK(err, "AF_ALG init fail"))
109                 goto fail;
110
111         qdisc_hook.ifindex = if_nametoindex("lo");
112         if (!ASSERT_GT(qdisc_hook.ifindex, 0, "if_nametoindex lo"))
113                 goto fail;
114
115         skel->bss->key_len = 16;
116         skel->bss->authsize = 0;
117         udp_test_port = skel->data->udp_test_port;
118         memcpy(skel->bss->key, crypto_key, sizeof(crypto_key));
119         snprintf(skel->bss->algo, 128, "%s", algo);
120         pfd = bpf_program__fd(skel->progs.skb_crypto_setup);
121         if (!ASSERT_GT(pfd, 0, "skb_crypto_setup fd"))
122                 goto fail;
123
124         err = bpf_prog_test_run_opts(pfd, &opts);
125         if (!ASSERT_OK(err, "skb_crypto_setup") ||
126             !ASSERT_OK(opts.retval, "skb_crypto_setup retval"))
127                 goto fail;
128
129         if (!ASSERT_OK(skel->bss->status, "skb_crypto_setup status"))
130                 goto fail;
131
132         err = bpf_tc_hook_create(&qdisc_hook);
133         if (!ASSERT_OK(err, "create qdisc hook"))
134                 goto fail;
135
136         addrlen = sizeof(addr);
137         err = make_sockaddr(AF_INET6, IPV6_IFACE_ADDR, udp_test_port,
138                             (void *)&addr, &addrlen);
139         if (!ASSERT_OK(err, "make_sockaddr"))
140                 goto fail;
141
142         tc_attach_enc.prog_fd = bpf_program__fd(skel->progs.encrypt_sanity);
143         err = bpf_tc_attach(&qdisc_hook, &tc_attach_enc);
144         if (!ASSERT_OK(err, "attach encrypt filter"))
145                 goto fail;
146
147         sockfd = socket(AF_INET6, SOCK_DGRAM, 0);
148         if (!ASSERT_NEQ(sockfd, -1, "encrypt socket"))
149                 goto fail;
150         err = sendto(sockfd, plain_text, sizeof(plain_text), 0, (void *)&addr, addrlen);
151         close(sockfd);
152         if (!ASSERT_EQ(err, sizeof(plain_text), "encrypt send"))
153                 goto fail;
154
155         do_crypt_afalg(plain_text, afalg_dst, sizeof(afalg_dst), true);
156
157         if (!ASSERT_OK(skel->bss->status, "encrypt status"))
158                 goto fail;
159         if (!ASSERT_STRNEQ(skel->bss->dst, afalg_dst, sizeof(afalg_dst), "encrypt AF_ALG"))
160                 goto fail;
161
162         tc_attach_enc.flags = tc_attach_enc.prog_fd = tc_attach_enc.prog_id = 0;
163         err = bpf_tc_detach(&qdisc_hook, &tc_attach_enc);
164         if (!ASSERT_OK(err, "bpf_tc_detach encrypt"))
165                 goto fail;
166
167         tc_attach_dec.prog_fd = bpf_program__fd(skel->progs.decrypt_sanity);
168         err = bpf_tc_attach(&qdisc_hook, &tc_attach_dec);
169         if (!ASSERT_OK(err, "attach decrypt filter"))
170                 goto fail;
171
172         sockfd = socket(AF_INET6, SOCK_DGRAM, 0);
173         if (!ASSERT_NEQ(sockfd, -1, "decrypt socket"))
174                 goto fail;
175         err = sendto(sockfd, afalg_dst, sizeof(afalg_dst), 0, (void *)&addr, addrlen);
176         close(sockfd);
177         if (!ASSERT_EQ(err, sizeof(afalg_dst), "decrypt send"))
178                 goto fail;
179
180         do_crypt_afalg(afalg_dst, afalg_plain, sizeof(afalg_plain), false);
181
182         if (!ASSERT_OK(skel->bss->status, "decrypt status"))
183                 goto fail;
184         if (!ASSERT_STRNEQ(skel->bss->dst, afalg_plain, sizeof(afalg_plain), "decrypt AF_ALG"))
185                 goto fail;
186
187         tc_attach_dec.flags = tc_attach_dec.prog_fd = tc_attach_dec.prog_id = 0;
188         err = bpf_tc_detach(&qdisc_hook, &tc_attach_dec);
189         ASSERT_OK(err, "bpf_tc_detach decrypt");
190
191 fail:
192         close_netns(nstoken);
193         deinit_afalg();
194         SYS_NOFAIL("ip netns del " NS_TEST " &> /dev/null");
195         crypto_sanity__destroy(skel);
196 }
This page took 0.038197 seconds and 4 git commands to generate.