1 // SPDX-License-Identifier: GPL-2.0
14 #include <linux/tls.h>
15 #include <linux/tcp.h>
16 #include <linux/socket.h>
18 #include <sys/epoll.h>
19 #include <sys/types.h>
20 #include <sys/sendfile.h>
21 #include <sys/socket.h>
24 #include "../kselftest_harness.h"
26 #define TLS_PAYLOAD_MAX_LEN 16384
29 static int fips_enabled;
31 struct tls_crypto_info_keys {
33 struct tls_crypto_info crypto_info;
34 struct tls12_crypto_info_aes_gcm_128 aes128;
35 struct tls12_crypto_info_chacha20_poly1305 chacha20;
36 struct tls12_crypto_info_sm4_gcm sm4gcm;
37 struct tls12_crypto_info_sm4_ccm sm4ccm;
38 struct tls12_crypto_info_aes_ccm_128 aesccm128;
39 struct tls12_crypto_info_aes_gcm_256 aesgcm256;
40 struct tls12_crypto_info_aria_gcm_128 ariagcm128;
41 struct tls12_crypto_info_aria_gcm_256 ariagcm256;
46 static void tls_crypto_info_init(uint16_t tls_version, uint16_t cipher_type,
47 struct tls_crypto_info_keys *tls12,
50 memset(tls12, key_generation, sizeof(*tls12));
51 memset(tls12, 0, sizeof(struct tls_crypto_info));
53 switch (cipher_type) {
54 case TLS_CIPHER_CHACHA20_POLY1305:
55 tls12->len = sizeof(struct tls12_crypto_info_chacha20_poly1305);
56 tls12->chacha20.info.version = tls_version;
57 tls12->chacha20.info.cipher_type = cipher_type;
59 case TLS_CIPHER_AES_GCM_128:
60 tls12->len = sizeof(struct tls12_crypto_info_aes_gcm_128);
61 tls12->aes128.info.version = tls_version;
62 tls12->aes128.info.cipher_type = cipher_type;
64 case TLS_CIPHER_SM4_GCM:
65 tls12->len = sizeof(struct tls12_crypto_info_sm4_gcm);
66 tls12->sm4gcm.info.version = tls_version;
67 tls12->sm4gcm.info.cipher_type = cipher_type;
69 case TLS_CIPHER_SM4_CCM:
70 tls12->len = sizeof(struct tls12_crypto_info_sm4_ccm);
71 tls12->sm4ccm.info.version = tls_version;
72 tls12->sm4ccm.info.cipher_type = cipher_type;
74 case TLS_CIPHER_AES_CCM_128:
75 tls12->len = sizeof(struct tls12_crypto_info_aes_ccm_128);
76 tls12->aesccm128.info.version = tls_version;
77 tls12->aesccm128.info.cipher_type = cipher_type;
79 case TLS_CIPHER_AES_GCM_256:
80 tls12->len = sizeof(struct tls12_crypto_info_aes_gcm_256);
81 tls12->aesgcm256.info.version = tls_version;
82 tls12->aesgcm256.info.cipher_type = cipher_type;
84 case TLS_CIPHER_ARIA_GCM_128:
85 tls12->len = sizeof(struct tls12_crypto_info_aria_gcm_128);
86 tls12->ariagcm128.info.version = tls_version;
87 tls12->ariagcm128.info.cipher_type = cipher_type;
89 case TLS_CIPHER_ARIA_GCM_256:
90 tls12->len = sizeof(struct tls12_crypto_info_aria_gcm_256);
91 tls12->ariagcm256.info.version = tls_version;
92 tls12->ariagcm256.info.cipher_type = cipher_type;
99 static void memrnd(void *s, size_t n)
104 for (; n >= 4; n -= 4)
106 byte = (void *)dword;
111 static void ulp_sock_pair(struct __test_metadata *_metadata,
112 int *fd, int *cfd, bool *notls)
114 struct sockaddr_in addr;
121 addr.sin_family = AF_INET;
122 addr.sin_addr.s_addr = htonl(INADDR_ANY);
125 *fd = socket(AF_INET, SOCK_STREAM, 0);
126 sfd = socket(AF_INET, SOCK_STREAM, 0);
128 ret = bind(sfd, &addr, sizeof(addr));
130 ret = listen(sfd, 10);
133 ret = getsockname(sfd, &addr, &len);
136 ret = connect(*fd, &addr, sizeof(addr));
139 *cfd = accept(sfd, &addr, &len);
144 ret = setsockopt(*fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls"));
146 ASSERT_EQ(errno, ENOENT);
148 printf("Failure setting TCP_ULP, testing without tls\n");
152 ret = setsockopt(*cfd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls"));
156 /* Produce a basic cmsg */
157 static int tls_send_cmsg(int fd, unsigned char record_type,
158 void *data, size_t len, int flags)
160 char cbuf[CMSG_SPACE(sizeof(char))];
161 int cmsg_len = sizeof(char);
162 struct cmsghdr *cmsg;
168 memset(&msg, 0, sizeof(struct msghdr));
171 msg.msg_control = cbuf;
172 msg.msg_controllen = sizeof(cbuf);
173 cmsg = CMSG_FIRSTHDR(&msg);
174 cmsg->cmsg_level = SOL_TLS;
175 /* test sending non-record types. */
176 cmsg->cmsg_type = TLS_SET_RECORD_TYPE;
177 cmsg->cmsg_len = CMSG_LEN(cmsg_len);
178 *CMSG_DATA(cmsg) = record_type;
179 msg.msg_controllen = cmsg->cmsg_len;
181 return sendmsg(fd, &msg, flags);
184 static int tls_recv_cmsg(struct __test_metadata *_metadata,
185 int fd, unsigned char record_type,
186 void *data, size_t len, int flags)
188 char cbuf[CMSG_SPACE(sizeof(char))];
189 struct cmsghdr *cmsg;
197 memset(&msg, 0, sizeof(struct msghdr));
200 msg.msg_control = cbuf;
201 msg.msg_controllen = sizeof(cbuf);
203 n = recvmsg(fd, &msg, flags);
205 cmsg = CMSG_FIRSTHDR(&msg);
206 EXPECT_NE(cmsg, NULL);
207 EXPECT_EQ(cmsg->cmsg_level, SOL_TLS);
208 EXPECT_EQ(cmsg->cmsg_type, TLS_GET_RECORD_TYPE);
209 ctype = *((unsigned char *)CMSG_DATA(cmsg));
210 EXPECT_EQ(ctype, record_type);
221 FIXTURE_SETUP(tls_basic)
223 ulp_sock_pair(_metadata, &self->fd, &self->cfd, &self->notls);
226 FIXTURE_TEARDOWN(tls_basic)
232 /* Send some data through with ULP but no keys */
233 TEST_F(tls_basic, base_base)
235 char const *test_str = "test_read";
239 ASSERT_EQ(strlen(test_str) + 1, send_len);
241 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
242 EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1);
243 EXPECT_EQ(memcmp(buf, test_str, send_len), 0);
246 TEST_F(tls_basic, bad_cipher)
248 struct tls_crypto_info_keys tls12;
250 tls12.crypto_info.version = 200;
251 tls12.crypto_info.cipher_type = TLS_CIPHER_AES_GCM_128;
252 EXPECT_EQ(setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, sizeof(struct tls12_crypto_info_aes_gcm_128)), -1);
254 tls12.crypto_info.version = TLS_1_2_VERSION;
255 tls12.crypto_info.cipher_type = 50;
256 EXPECT_EQ(setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, sizeof(struct tls12_crypto_info_aes_gcm_128)), -1);
258 tls12.crypto_info.version = TLS_1_2_VERSION;
259 tls12.crypto_info.cipher_type = 59;
260 EXPECT_EQ(setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, sizeof(struct tls12_crypto_info_aes_gcm_128)), -1);
262 tls12.crypto_info.version = TLS_1_2_VERSION;
263 tls12.crypto_info.cipher_type = 10;
264 EXPECT_EQ(setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, sizeof(struct tls12_crypto_info_aes_gcm_128)), -1);
266 tls12.crypto_info.version = TLS_1_2_VERSION;
267 tls12.crypto_info.cipher_type = 70;
268 EXPECT_EQ(setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, sizeof(struct tls12_crypto_info_aes_gcm_128)), -1);
271 TEST_F(tls_basic, recseq_wrap)
273 struct tls_crypto_info_keys tls12;
274 char const *test_str = "test_read";
278 SKIP(return, "no TLS support");
280 tls_crypto_info_init(TLS_1_2_VERSION, TLS_CIPHER_AES_GCM_128, &tls12, 0);
281 memset(&tls12.aes128.rec_seq, 0xff, sizeof(tls12.aes128.rec_seq));
283 ASSERT_EQ(setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, tls12.len), 0);
284 ASSERT_EQ(setsockopt(self->cfd, SOL_TLS, TLS_RX, &tls12, tls12.len), 0);
286 EXPECT_EQ(send(self->fd, test_str, send_len, 0), -1);
287 EXPECT_EQ(errno, EBADMSG);
298 uint16_t tls_version;
299 uint16_t cipher_type;
300 bool nopad, fips_non_compliant;
303 FIXTURE_VARIANT_ADD(tls, 12_aes_gcm)
305 .tls_version = TLS_1_2_VERSION,
306 .cipher_type = TLS_CIPHER_AES_GCM_128,
309 FIXTURE_VARIANT_ADD(tls, 13_aes_gcm)
311 .tls_version = TLS_1_3_VERSION,
312 .cipher_type = TLS_CIPHER_AES_GCM_128,
315 FIXTURE_VARIANT_ADD(tls, 12_chacha)
317 .tls_version = TLS_1_2_VERSION,
318 .cipher_type = TLS_CIPHER_CHACHA20_POLY1305,
319 .fips_non_compliant = true,
322 FIXTURE_VARIANT_ADD(tls, 13_chacha)
324 .tls_version = TLS_1_3_VERSION,
325 .cipher_type = TLS_CIPHER_CHACHA20_POLY1305,
326 .fips_non_compliant = true,
329 FIXTURE_VARIANT_ADD(tls, 13_sm4_gcm)
331 .tls_version = TLS_1_3_VERSION,
332 .cipher_type = TLS_CIPHER_SM4_GCM,
333 .fips_non_compliant = true,
336 FIXTURE_VARIANT_ADD(tls, 13_sm4_ccm)
338 .tls_version = TLS_1_3_VERSION,
339 .cipher_type = TLS_CIPHER_SM4_CCM,
340 .fips_non_compliant = true,
343 FIXTURE_VARIANT_ADD(tls, 12_aes_ccm)
345 .tls_version = TLS_1_2_VERSION,
346 .cipher_type = TLS_CIPHER_AES_CCM_128,
349 FIXTURE_VARIANT_ADD(tls, 13_aes_ccm)
351 .tls_version = TLS_1_3_VERSION,
352 .cipher_type = TLS_CIPHER_AES_CCM_128,
355 FIXTURE_VARIANT_ADD(tls, 12_aes_gcm_256)
357 .tls_version = TLS_1_2_VERSION,
358 .cipher_type = TLS_CIPHER_AES_GCM_256,
361 FIXTURE_VARIANT_ADD(tls, 13_aes_gcm_256)
363 .tls_version = TLS_1_3_VERSION,
364 .cipher_type = TLS_CIPHER_AES_GCM_256,
367 FIXTURE_VARIANT_ADD(tls, 13_nopad)
369 .tls_version = TLS_1_3_VERSION,
370 .cipher_type = TLS_CIPHER_AES_GCM_128,
374 FIXTURE_VARIANT_ADD(tls, 12_aria_gcm)
376 .tls_version = TLS_1_2_VERSION,
377 .cipher_type = TLS_CIPHER_ARIA_GCM_128,
380 FIXTURE_VARIANT_ADD(tls, 12_aria_gcm_256)
382 .tls_version = TLS_1_2_VERSION,
383 .cipher_type = TLS_CIPHER_ARIA_GCM_256,
388 struct tls_crypto_info_keys tls12;
392 if (fips_enabled && variant->fips_non_compliant)
393 SKIP(return, "Unsupported cipher in FIPS mode");
395 tls_crypto_info_init(variant->tls_version, variant->cipher_type,
398 ulp_sock_pair(_metadata, &self->fd, &self->cfd, &self->notls);
403 ret = setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, tls12.len);
406 ret = setsockopt(self->cfd, SOL_TLS, TLS_RX, &tls12, tls12.len);
409 if (variant->nopad) {
410 ret = setsockopt(self->cfd, SOL_TLS, TLS_RX_EXPECT_NO_PAD,
411 (void *)&one, sizeof(one));
416 FIXTURE_TEARDOWN(tls)
422 TEST_F(tls, sendfile)
424 int filefd = open("/proc/self/exe", O_RDONLY);
427 EXPECT_GE(filefd, 0);
429 EXPECT_GE(sendfile(self->fd, filefd, 0, st.st_size), 0);
432 TEST_F(tls, send_then_sendfile)
434 int filefd = open("/proc/self/exe", O_RDONLY);
435 char const *test_str = "test_send";
436 int to_send = strlen(test_str) + 1;
441 EXPECT_GE(filefd, 0);
443 buf = (char *)malloc(st.st_size);
445 EXPECT_EQ(send(self->fd, test_str, to_send, 0), to_send);
446 EXPECT_EQ(recv(self->cfd, recv_buf, to_send, MSG_WAITALL), to_send);
447 EXPECT_EQ(memcmp(test_str, recv_buf, to_send), 0);
449 EXPECT_GE(sendfile(self->fd, filefd, 0, st.st_size), 0);
450 EXPECT_EQ(recv(self->cfd, buf, st.st_size, MSG_WAITALL), st.st_size);
453 static void chunked_sendfile(struct __test_metadata *_metadata,
454 struct _test_data_tls *self,
456 uint16_t extra_payload_size)
458 char buf[TLS_PAYLOAD_MAX_LEN];
459 uint16_t test_payload_size;
462 char filename[] = "/tmp/mytemp.XXXXXX";
463 int fd = mkstemp(filename);
468 EXPECT_GE(chunk_size, 1);
469 test_payload_size = chunk_size + extra_payload_size;
470 ASSERT_GE(TLS_PAYLOAD_MAX_LEN, test_payload_size);
471 memset(buf, 1, test_payload_size);
472 size = write(fd, buf, test_payload_size);
473 EXPECT_EQ(size, test_payload_size);
477 ret = sendfile(self->fd, fd, &offset, chunk_size);
482 EXPECT_EQ(recv(self->cfd, buf, test_payload_size, MSG_WAITALL),
488 TEST_F(tls, multi_chunk_sendfile)
490 chunked_sendfile(_metadata, self, 4096, 4096);
491 chunked_sendfile(_metadata, self, 4096, 0);
492 chunked_sendfile(_metadata, self, 4096, 1);
493 chunked_sendfile(_metadata, self, 4096, 2048);
494 chunked_sendfile(_metadata, self, 8192, 2048);
495 chunked_sendfile(_metadata, self, 4096, 8192);
496 chunked_sendfile(_metadata, self, 8192, 4096);
497 chunked_sendfile(_metadata, self, 12288, 1024);
498 chunked_sendfile(_metadata, self, 12288, 2000);
499 chunked_sendfile(_metadata, self, 15360, 100);
500 chunked_sendfile(_metadata, self, 15360, 300);
501 chunked_sendfile(_metadata, self, 1, 4096);
502 chunked_sendfile(_metadata, self, 2048, 4096);
503 chunked_sendfile(_metadata, self, 2048, 8192);
504 chunked_sendfile(_metadata, self, 4096, 8192);
505 chunked_sendfile(_metadata, self, 1024, 12288);
506 chunked_sendfile(_metadata, self, 2000, 12288);
507 chunked_sendfile(_metadata, self, 100, 15360);
508 chunked_sendfile(_metadata, self, 300, 15360);
511 TEST_F(tls, recv_max)
513 unsigned int send_len = TLS_PAYLOAD_MAX_LEN;
514 char recv_mem[TLS_PAYLOAD_MAX_LEN];
515 char buf[TLS_PAYLOAD_MAX_LEN];
517 memrnd(buf, sizeof(buf));
519 EXPECT_GE(send(self->fd, buf, send_len, 0), 0);
520 EXPECT_NE(recv(self->cfd, recv_mem, send_len, 0), -1);
521 EXPECT_EQ(memcmp(buf, recv_mem, send_len), 0);
524 TEST_F(tls, recv_small)
526 char const *test_str = "test_read";
530 send_len = strlen(test_str) + 1;
531 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
532 EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1);
533 EXPECT_EQ(memcmp(buf, test_str, send_len), 0);
536 TEST_F(tls, msg_more)
538 char const *test_str = "test_read";
542 EXPECT_EQ(send(self->fd, test_str, send_len, MSG_MORE), send_len);
543 EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_DONTWAIT), -1);
544 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
545 EXPECT_EQ(recv(self->cfd, buf, send_len * 2, MSG_WAITALL),
547 EXPECT_EQ(memcmp(buf, test_str, send_len), 0);
550 TEST_F(tls, msg_more_unsent)
552 char const *test_str = "test_read";
556 EXPECT_EQ(send(self->fd, test_str, send_len, MSG_MORE), send_len);
557 EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_DONTWAIT), -1);
562 char const *test_str = "test_read";
566 EXPECT_EQ(send(self->fd, test_str, send_len, MSG_EOR), send_len);
567 EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_WAITALL), send_len);
568 EXPECT_EQ(memcmp(buf, test_str, send_len), 0);
571 TEST_F(tls, sendmsg_single)
575 char const *test_str = "test_sendmsg";
576 size_t send_len = 13;
580 vec.iov_base = (char *)test_str;
581 vec.iov_len = send_len;
582 memset(&msg, 0, sizeof(struct msghdr));
585 EXPECT_EQ(sendmsg(self->fd, &msg, 0), send_len);
586 EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_WAITALL), send_len);
587 EXPECT_EQ(memcmp(buf, test_str, send_len), 0);
592 TEST_F(tls, sendmsg_fragmented)
594 char const *test_str = "test_sendmsg";
595 char buf[SEND_LEN * MAX_FRAGS];
596 struct iovec vec[MAX_FRAGS];
600 for (frags = 1; frags <= MAX_FRAGS; frags++) {
601 for (i = 0; i < frags; i++) {
602 vec[i].iov_base = (char *)test_str;
603 vec[i].iov_len = SEND_LEN;
606 memset(&msg, 0, sizeof(struct msghdr));
608 msg.msg_iovlen = frags;
610 EXPECT_EQ(sendmsg(self->fd, &msg, 0), SEND_LEN * frags);
611 EXPECT_EQ(recv(self->cfd, buf, SEND_LEN * frags, MSG_WAITALL),
614 for (i = 0; i < frags; i++)
615 EXPECT_EQ(memcmp(buf + SEND_LEN * i,
616 test_str, SEND_LEN), 0);
622 TEST_F(tls, sendmsg_large)
624 void *mem = malloc(16384);
625 size_t send_len = 16384;
631 memset(&msg, 0, sizeof(struct msghdr));
632 while (sent++ < sends) {
633 struct iovec vec = { (void *)mem, send_len };
637 EXPECT_EQ(sendmsg(self->fd, &msg, 0), send_len);
640 while (recvs++ < sends) {
641 EXPECT_NE(recv(self->cfd, mem, send_len, 0), -1);
647 TEST_F(tls, sendmsg_multiple)
649 char const *test_str = "test_sendmsg_multiple";
659 memset(&msg, 0, sizeof(struct msghdr));
660 for (i = 0; i < iov_len; i++) {
661 test_strs[i] = (char *)malloc(strlen(test_str) + 1);
662 snprintf(test_strs[i], strlen(test_str) + 1, "%s", test_str);
663 vec[i].iov_base = (void *)test_strs[i];
664 vec[i].iov_len = strlen(test_strs[i]) + 1;
665 total_len += vec[i].iov_len;
668 msg.msg_iovlen = iov_len;
670 EXPECT_EQ(sendmsg(self->fd, &msg, 0), total_len);
671 buf = malloc(total_len);
672 EXPECT_NE(recv(self->cfd, buf, total_len, 0), -1);
673 for (i = 0; i < iov_len; i++) {
674 EXPECT_EQ(memcmp(test_strs[i], buf + len_cmp,
675 strlen(test_strs[i])),
677 len_cmp += strlen(buf + len_cmp) + 1;
679 for (i = 0; i < iov_len; i++)
684 TEST_F(tls, sendmsg_multiple_stress)
686 char const *test_str = "abcdefghijklmno";
687 struct iovec vec[1024];
688 char *test_strs[1024];
696 memset(&msg, 0, sizeof(struct msghdr));
697 for (i = 0; i < iov_len; i++) {
698 test_strs[i] = (char *)malloc(strlen(test_str) + 1);
699 snprintf(test_strs[i], strlen(test_str) + 1, "%s", test_str);
700 vec[i].iov_base = (void *)test_strs[i];
701 vec[i].iov_len = strlen(test_strs[i]) + 1;
702 total_len += vec[i].iov_len;
705 msg.msg_iovlen = iov_len;
707 EXPECT_EQ(sendmsg(self->fd, &msg, 0), total_len);
708 EXPECT_NE(recv(self->cfd, buf, total_len, 0), -1);
710 for (i = 0; i < iov_len; i++)
711 len_cmp += strlen(buf + len_cmp) + 1;
713 for (i = 0; i < iov_len; i++)
717 TEST_F(tls, splice_from_pipe)
719 int send_len = TLS_PAYLOAD_MAX_LEN;
720 char mem_send[TLS_PAYLOAD_MAX_LEN];
721 char mem_recv[TLS_PAYLOAD_MAX_LEN];
724 ASSERT_GE(pipe(p), 0);
725 EXPECT_GE(write(p[1], mem_send, send_len), 0);
726 EXPECT_GE(splice(p[0], NULL, self->fd, NULL, send_len, 0), 0);
727 EXPECT_EQ(recv(self->cfd, mem_recv, send_len, MSG_WAITALL), send_len);
728 EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0);
731 TEST_F(tls, splice_more)
733 unsigned int f = SPLICE_F_NONBLOCK | SPLICE_F_MORE | SPLICE_F_GIFT;
734 int send_len = TLS_PAYLOAD_MAX_LEN;
735 char mem_send[TLS_PAYLOAD_MAX_LEN];
736 int i, send_pipe = 1;
739 ASSERT_GE(pipe(p), 0);
740 EXPECT_GE(write(p[1], mem_send, send_len), 0);
741 for (i = 0; i < 32; i++)
742 EXPECT_EQ(splice(p[0], NULL, self->fd, NULL, send_pipe, f), 1);
745 TEST_F(tls, splice_from_pipe2)
747 int send_len = 16000;
748 char mem_send[16000];
749 char mem_recv[16000];
753 memrnd(mem_send, sizeof(mem_send));
755 ASSERT_GE(pipe(p), 0);
756 ASSERT_GE(pipe(p2), 0);
757 EXPECT_EQ(write(p[1], mem_send, 8000), 8000);
758 EXPECT_EQ(splice(p[0], NULL, self->fd, NULL, 8000, 0), 8000);
759 EXPECT_EQ(write(p2[1], mem_send + 8000, 8000), 8000);
760 EXPECT_EQ(splice(p2[0], NULL, self->fd, NULL, 8000, 0), 8000);
761 EXPECT_EQ(recv(self->cfd, mem_recv, send_len, MSG_WAITALL), send_len);
762 EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0);
765 TEST_F(tls, send_and_splice)
767 int send_len = TLS_PAYLOAD_MAX_LEN;
768 char mem_send[TLS_PAYLOAD_MAX_LEN];
769 char mem_recv[TLS_PAYLOAD_MAX_LEN];
770 char const *test_str = "test_read";
775 ASSERT_GE(pipe(p), 0);
776 EXPECT_EQ(send(self->fd, test_str, send_len2, 0), send_len2);
777 EXPECT_EQ(recv(self->cfd, buf, send_len2, MSG_WAITALL), send_len2);
778 EXPECT_EQ(memcmp(test_str, buf, send_len2), 0);
780 EXPECT_GE(write(p[1], mem_send, send_len), send_len);
781 EXPECT_GE(splice(p[0], NULL, self->fd, NULL, send_len, 0), send_len);
783 EXPECT_EQ(recv(self->cfd, mem_recv, send_len, MSG_WAITALL), send_len);
784 EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0);
787 TEST_F(tls, splice_to_pipe)
789 int send_len = TLS_PAYLOAD_MAX_LEN;
790 char mem_send[TLS_PAYLOAD_MAX_LEN];
791 char mem_recv[TLS_PAYLOAD_MAX_LEN];
794 memrnd(mem_send, sizeof(mem_send));
796 ASSERT_GE(pipe(p), 0);
797 EXPECT_EQ(send(self->fd, mem_send, send_len, 0), send_len);
798 EXPECT_EQ(splice(self->cfd, NULL, p[1], NULL, send_len, 0), send_len);
799 EXPECT_EQ(read(p[0], mem_recv, send_len), send_len);
800 EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0);
803 TEST_F(tls, splice_cmsg_to_pipe)
805 char *test_str = "test_read";
806 char record_type = 100;
812 SKIP(return, "no TLS support");
814 ASSERT_GE(pipe(p), 0);
815 EXPECT_EQ(tls_send_cmsg(self->fd, 100, test_str, send_len, 0), 10);
816 EXPECT_EQ(splice(self->cfd, NULL, p[1], NULL, send_len, 0), -1);
817 EXPECT_EQ(errno, EINVAL);
818 EXPECT_EQ(recv(self->cfd, buf, send_len, 0), -1);
819 EXPECT_EQ(errno, EIO);
820 EXPECT_EQ(tls_recv_cmsg(_metadata, self->cfd, record_type,
821 buf, sizeof(buf), MSG_WAITALL),
823 EXPECT_EQ(memcmp(test_str, buf, send_len), 0);
826 TEST_F(tls, splice_dec_cmsg_to_pipe)
828 char *test_str = "test_read";
829 char record_type = 100;
835 SKIP(return, "no TLS support");
837 ASSERT_GE(pipe(p), 0);
838 EXPECT_EQ(tls_send_cmsg(self->fd, 100, test_str, send_len, 0), 10);
839 EXPECT_EQ(recv(self->cfd, buf, send_len, 0), -1);
840 EXPECT_EQ(errno, EIO);
841 EXPECT_EQ(splice(self->cfd, NULL, p[1], NULL, send_len, 0), -1);
842 EXPECT_EQ(errno, EINVAL);
843 EXPECT_EQ(tls_recv_cmsg(_metadata, self->cfd, record_type,
844 buf, sizeof(buf), MSG_WAITALL),
846 EXPECT_EQ(memcmp(test_str, buf, send_len), 0);
849 TEST_F(tls, recv_and_splice)
851 int send_len = TLS_PAYLOAD_MAX_LEN;
852 char mem_send[TLS_PAYLOAD_MAX_LEN];
853 char mem_recv[TLS_PAYLOAD_MAX_LEN];
854 int half = send_len / 2;
857 ASSERT_GE(pipe(p), 0);
858 EXPECT_EQ(send(self->fd, mem_send, send_len, 0), send_len);
859 /* Recv hald of the record, splice the other half */
860 EXPECT_EQ(recv(self->cfd, mem_recv, half, MSG_WAITALL), half);
861 EXPECT_EQ(splice(self->cfd, NULL, p[1], NULL, half, SPLICE_F_NONBLOCK),
863 EXPECT_EQ(read(p[0], &mem_recv[half], half), half);
864 EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0);
867 TEST_F(tls, peek_and_splice)
869 int send_len = TLS_PAYLOAD_MAX_LEN;
870 char mem_send[TLS_PAYLOAD_MAX_LEN];
871 char mem_recv[TLS_PAYLOAD_MAX_LEN];
872 int chunk = TLS_PAYLOAD_MAX_LEN / 4;
875 memrnd(mem_send, sizeof(mem_send));
877 ASSERT_GE(pipe(p), 0);
878 for (i = 0; i < 4; i++)
879 EXPECT_EQ(send(self->fd, &mem_send[chunk * i], chunk, 0),
882 EXPECT_EQ(recv(self->cfd, mem_recv, chunk * 5 / 2,
883 MSG_WAITALL | MSG_PEEK),
885 EXPECT_EQ(memcmp(mem_send, mem_recv, chunk * 5 / 2), 0);
888 while (n < send_len) {
889 i = splice(self->cfd, NULL, p[1], NULL, send_len - n, 0);
893 EXPECT_EQ(n, send_len);
894 EXPECT_EQ(read(p[0], mem_recv, send_len), send_len);
895 EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0);
898 TEST_F(tls, recvmsg_single)
900 char const *test_str = "test_recvmsg_single";
901 int send_len = strlen(test_str) + 1;
906 memset(&hdr, 0, sizeof(hdr));
907 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
908 vec.iov_base = (char *)buf;
909 vec.iov_len = send_len;
912 EXPECT_NE(recvmsg(self->cfd, &hdr, 0), -1);
913 EXPECT_EQ(memcmp(test_str, buf, send_len), 0);
916 TEST_F(tls, recvmsg_single_max)
918 int send_len = TLS_PAYLOAD_MAX_LEN;
919 char send_mem[TLS_PAYLOAD_MAX_LEN];
920 char recv_mem[TLS_PAYLOAD_MAX_LEN];
924 memrnd(send_mem, sizeof(send_mem));
926 EXPECT_EQ(send(self->fd, send_mem, send_len, 0), send_len);
927 vec.iov_base = (char *)recv_mem;
928 vec.iov_len = TLS_PAYLOAD_MAX_LEN;
932 EXPECT_NE(recvmsg(self->cfd, &hdr, 0), -1);
933 EXPECT_EQ(memcmp(send_mem, recv_mem, send_len), 0);
936 TEST_F(tls, recvmsg_multiple)
938 unsigned int msg_iovlen = 1024;
939 struct iovec vec[1024];
940 char *iov_base[1024];
941 unsigned int iov_len = 16;
942 int send_len = 1 << 14;
947 memrnd(buf, sizeof(buf));
949 EXPECT_EQ(send(self->fd, buf, send_len, 0), send_len);
950 for (i = 0; i < msg_iovlen; i++) {
951 iov_base[i] = (char *)malloc(iov_len);
952 vec[i].iov_base = iov_base[i];
953 vec[i].iov_len = iov_len;
956 hdr.msg_iovlen = msg_iovlen;
958 EXPECT_NE(recvmsg(self->cfd, &hdr, 0), -1);
960 for (i = 0; i < msg_iovlen; i++)
964 TEST_F(tls, single_send_multiple_recv)
966 unsigned int total_len = TLS_PAYLOAD_MAX_LEN * 2;
967 unsigned int send_len = TLS_PAYLOAD_MAX_LEN;
968 char send_mem[TLS_PAYLOAD_MAX_LEN * 2];
969 char recv_mem[TLS_PAYLOAD_MAX_LEN * 2];
971 memrnd(send_mem, sizeof(send_mem));
973 EXPECT_GE(send(self->fd, send_mem, total_len, 0), 0);
974 memset(recv_mem, 0, total_len);
976 EXPECT_NE(recv(self->cfd, recv_mem, send_len, 0), -1);
977 EXPECT_NE(recv(self->cfd, recv_mem + send_len, send_len, 0), -1);
978 EXPECT_EQ(memcmp(send_mem, recv_mem, total_len), 0);
981 TEST_F(tls, multiple_send_single_recv)
983 unsigned int total_len = 2 * 10;
984 unsigned int send_len = 10;
985 char recv_mem[2 * 10];
988 memrnd(send_mem, sizeof(send_mem));
990 EXPECT_GE(send(self->fd, send_mem, send_len, 0), 0);
991 EXPECT_GE(send(self->fd, send_mem, send_len, 0), 0);
992 memset(recv_mem, 0, total_len);
993 EXPECT_EQ(recv(self->cfd, recv_mem, total_len, MSG_WAITALL), total_len);
995 EXPECT_EQ(memcmp(send_mem, recv_mem, send_len), 0);
996 EXPECT_EQ(memcmp(send_mem, recv_mem + send_len, send_len), 0);
999 TEST_F(tls, single_send_multiple_recv_non_align)
1001 const unsigned int total_len = 15;
1002 const unsigned int recv_len = 10;
1003 char recv_mem[recv_len * 2];
1004 char send_mem[total_len];
1006 memrnd(send_mem, sizeof(send_mem));
1008 EXPECT_GE(send(self->fd, send_mem, total_len, 0), 0);
1009 memset(recv_mem, 0, total_len);
1011 EXPECT_EQ(recv(self->cfd, recv_mem, recv_len, 0), recv_len);
1012 EXPECT_EQ(recv(self->cfd, recv_mem + recv_len, recv_len, 0), 5);
1013 EXPECT_EQ(memcmp(send_mem, recv_mem, total_len), 0);
1016 TEST_F(tls, recv_partial)
1018 char const *test_str = "test_read_partial";
1019 char const *test_str_first = "test_read";
1020 char const *test_str_second = "_partial";
1021 int send_len = strlen(test_str) + 1;
1024 memset(recv_mem, 0, sizeof(recv_mem));
1025 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
1026 EXPECT_EQ(recv(self->cfd, recv_mem, strlen(test_str_first),
1027 MSG_WAITALL), strlen(test_str_first));
1028 EXPECT_EQ(memcmp(test_str_first, recv_mem, strlen(test_str_first)), 0);
1029 memset(recv_mem, 0, sizeof(recv_mem));
1030 EXPECT_EQ(recv(self->cfd, recv_mem, strlen(test_str_second),
1031 MSG_WAITALL), strlen(test_str_second));
1032 EXPECT_EQ(memcmp(test_str_second, recv_mem, strlen(test_str_second)),
1036 TEST_F(tls, recv_nonblock)
1041 EXPECT_EQ(recv(self->cfd, buf, sizeof(buf), MSG_DONTWAIT), -1);
1042 err = (errno == EAGAIN || errno == EWOULDBLOCK);
1043 EXPECT_EQ(err, true);
1046 TEST_F(tls, recv_peek)
1048 char const *test_str = "test_read_peek";
1049 int send_len = strlen(test_str) + 1;
1052 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
1053 EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_PEEK), send_len);
1054 EXPECT_EQ(memcmp(test_str, buf, send_len), 0);
1055 memset(buf, 0, sizeof(buf));
1056 EXPECT_EQ(recv(self->cfd, buf, send_len, 0), send_len);
1057 EXPECT_EQ(memcmp(test_str, buf, send_len), 0);
1060 TEST_F(tls, recv_peek_multiple)
1062 char const *test_str = "test_read_peek";
1063 int send_len = strlen(test_str) + 1;
1064 unsigned int num_peeks = 100;
1068 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
1069 for (i = 0; i < num_peeks; i++) {
1070 EXPECT_NE(recv(self->cfd, buf, send_len, MSG_PEEK), -1);
1071 EXPECT_EQ(memcmp(test_str, buf, send_len), 0);
1072 memset(buf, 0, sizeof(buf));
1074 EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1);
1075 EXPECT_EQ(memcmp(test_str, buf, send_len), 0);
1078 TEST_F(tls, recv_peek_multiple_records)
1080 char const *test_str = "test_read_peek_mult_recs";
1081 char const *test_str_first = "test_read_peek";
1082 char const *test_str_second = "_mult_recs";
1086 len = strlen(test_str_first);
1087 EXPECT_EQ(send(self->fd, test_str_first, len, 0), len);
1089 len = strlen(test_str_second) + 1;
1090 EXPECT_EQ(send(self->fd, test_str_second, len, 0), len);
1092 len = strlen(test_str_first);
1093 memset(buf, 0, len);
1094 EXPECT_EQ(recv(self->cfd, buf, len, MSG_PEEK | MSG_WAITALL), len);
1096 /* MSG_PEEK can only peek into the current record. */
1097 len = strlen(test_str_first);
1098 EXPECT_EQ(memcmp(test_str_first, buf, len), 0);
1100 len = strlen(test_str) + 1;
1101 memset(buf, 0, len);
1102 EXPECT_EQ(recv(self->cfd, buf, len, MSG_WAITALL), len);
1104 /* Non-MSG_PEEK will advance strparser (and therefore record)
1107 len = strlen(test_str) + 1;
1108 EXPECT_EQ(memcmp(test_str, buf, len), 0);
1110 /* MSG_MORE will hold current record open, so later MSG_PEEK
1111 * will see everything.
1113 len = strlen(test_str_first);
1114 EXPECT_EQ(send(self->fd, test_str_first, len, MSG_MORE), len);
1116 len = strlen(test_str_second) + 1;
1117 EXPECT_EQ(send(self->fd, test_str_second, len, 0), len);
1119 len = strlen(test_str) + 1;
1120 memset(buf, 0, len);
1121 EXPECT_EQ(recv(self->cfd, buf, len, MSG_PEEK | MSG_WAITALL), len);
1123 len = strlen(test_str) + 1;
1124 EXPECT_EQ(memcmp(test_str, buf, len), 0);
1127 TEST_F(tls, recv_peek_large_buf_mult_recs)
1129 char const *test_str = "test_read_peek_mult_recs";
1130 char const *test_str_first = "test_read_peek";
1131 char const *test_str_second = "_mult_recs";
1135 len = strlen(test_str_first);
1136 EXPECT_EQ(send(self->fd, test_str_first, len, 0), len);
1138 len = strlen(test_str_second) + 1;
1139 EXPECT_EQ(send(self->fd, test_str_second, len, 0), len);
1141 len = strlen(test_str) + 1;
1142 memset(buf, 0, len);
1143 EXPECT_NE((len = recv(self->cfd, buf, len,
1144 MSG_PEEK | MSG_WAITALL)), -1);
1145 len = strlen(test_str) + 1;
1146 EXPECT_EQ(memcmp(test_str, buf, len), 0);
1149 TEST_F(tls, recv_lowat)
1151 char send_mem[10] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 };
1155 EXPECT_EQ(send(self->fd, send_mem, 10, 0), 10);
1156 EXPECT_EQ(send(self->fd, send_mem, 5, 0), 5);
1158 memset(recv_mem, 0, 20);
1159 EXPECT_EQ(setsockopt(self->cfd, SOL_SOCKET, SO_RCVLOWAT,
1160 &lowat, sizeof(lowat)), 0);
1161 EXPECT_EQ(recv(self->cfd, recv_mem, 1, MSG_WAITALL), 1);
1162 EXPECT_EQ(recv(self->cfd, recv_mem + 1, 6, MSG_WAITALL), 6);
1163 EXPECT_EQ(recv(self->cfd, recv_mem + 7, 10, 0), 8);
1165 EXPECT_EQ(memcmp(send_mem, recv_mem, 10), 0);
1166 EXPECT_EQ(memcmp(send_mem, recv_mem + 10, 5), 0);
1171 char const *test_str = "test_read";
1177 struct tls_crypto_info_keys tls12;
1179 tls_crypto_info_init(variant->tls_version, variant->cipher_type,
1182 ret = setsockopt(self->fd, SOL_TLS, TLS_RX, &tls12,
1186 ret = setsockopt(self->cfd, SOL_TLS, TLS_TX, &tls12,
1191 ASSERT_EQ(strlen(test_str) + 1, send_len);
1193 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
1194 EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1);
1195 EXPECT_EQ(memcmp(buf, test_str, send_len), 0);
1197 memset(buf, 0, sizeof(buf));
1199 EXPECT_EQ(send(self->cfd, test_str, send_len, 0), send_len);
1200 EXPECT_NE(recv(self->fd, buf, send_len, 0), -1);
1201 EXPECT_EQ(memcmp(buf, test_str, send_len), 0);
1206 char const *test_str = "test_poll";
1207 struct pollfd fd = { 0, 0, 0 };
1211 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
1215 EXPECT_EQ(poll(&fd, 1, 20), 1);
1216 EXPECT_EQ(fd.revents & POLLIN, 1);
1217 EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_WAITALL), send_len);
1218 /* Test timing out */
1219 EXPECT_EQ(poll(&fd, 1, 20), 0);
1222 TEST_F(tls, poll_wait)
1224 char const *test_str = "test_poll_wait";
1225 int send_len = strlen(test_str) + 1;
1226 struct pollfd fd = { 0, 0, 0 };
1231 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
1232 /* Set timeout to inf. secs */
1233 EXPECT_EQ(poll(&fd, 1, -1), 1);
1234 EXPECT_EQ(fd.revents & POLLIN, 1);
1235 EXPECT_EQ(recv(self->cfd, recv_mem, send_len, MSG_WAITALL), send_len);
1238 TEST_F(tls, poll_wait_split)
1240 struct pollfd fd = { 0, 0, 0 };
1241 char send_mem[20] = {};
1247 EXPECT_EQ(send(self->fd, send_mem, sizeof(send_mem), 0),
1249 /* Poll with inf. timeout */
1250 EXPECT_EQ(poll(&fd, 1, -1), 1);
1251 EXPECT_EQ(fd.revents & POLLIN, 1);
1252 EXPECT_EQ(recv(self->cfd, recv_mem, sizeof(recv_mem), MSG_WAITALL),
1255 /* Now the remaining 5 bytes of record data are in TLS ULP */
1258 EXPECT_EQ(poll(&fd, 1, -1), 1);
1259 EXPECT_EQ(fd.revents & POLLIN, 1);
1260 EXPECT_EQ(recv(self->cfd, recv_mem, sizeof(recv_mem), 0),
1261 sizeof(send_mem) - sizeof(recv_mem));
1264 TEST_F(tls, blocking)
1266 size_t data = 100000;
1279 int res = send(self->fd, buf,
1280 left > 16384 ? 16384 : left, 0);
1286 pid2 = wait(&status);
1287 EXPECT_EQ(status, 0);
1288 EXPECT_EQ(res, pid2);
1295 int res = recv(self->cfd, buf,
1296 left > 16384 ? 16384 : left, 0);
1304 TEST_F(tls, nonblocking)
1306 size_t data = 100000;
1311 flags = fcntl(self->fd, F_GETFL, 0);
1312 fcntl(self->fd, F_SETFL, flags | O_NONBLOCK);
1313 fcntl(self->cfd, F_SETFL, flags | O_NONBLOCK);
1315 /* Ensure nonblocking behavior by imposing a small send
1318 EXPECT_EQ(setsockopt(self->fd, SOL_SOCKET, SO_SNDBUF,
1319 &sendbuf, sizeof(sendbuf)), 0);
1326 bool eagain = false;
1333 int res = send(self->fd, buf,
1334 left > 16384 ? 16384 : left, 0);
1336 if (res == -1 && errno == EAGAIN) {
1345 EXPECT_TRUE(eagain);
1346 pid2 = wait(&status);
1348 EXPECT_EQ(status, 0);
1349 EXPECT_EQ(res, pid2);
1352 bool eagain = false;
1357 int res = recv(self->cfd, buf,
1358 left > 16384 ? 16384 : left, 0);
1360 if (res == -1 && errno == EAGAIN) {
1368 EXPECT_TRUE(eagain);
1373 test_mutliproc(struct __test_metadata *_metadata, struct _test_data_tls *self,
1374 bool sendpg, unsigned int n_readers, unsigned int n_writers)
1376 const unsigned int n_children = n_readers + n_writers;
1377 const size_t data = 6 * 1000 * 1000;
1378 const size_t file_sz = data / 100;
1379 size_t read_bias, write_bias;
1380 int i, fd, child_id;
1384 /* Only allow multiples for simplicity */
1385 ASSERT_EQ(!(n_readers % n_writers) || !(n_writers % n_readers), true);
1386 read_bias = n_writers / n_readers ?: 1;
1387 write_bias = n_readers / n_writers ?: 1;
1389 /* prep a file to send */
1390 fd = open("/tmp/", O_TMPFILE | O_RDWR, 0600);
1393 memset(buf, 0xac, file_sz);
1394 ASSERT_EQ(write(fd, buf, file_sz), file_sz);
1396 /* spawn children */
1397 for (child_id = 0; child_id < n_children; child_id++) {
1404 /* parent waits for all children */
1406 for (i = 0; i < n_children; i++) {
1410 EXPECT_EQ(status, 0);
1416 /* Split threads for reading and writing */
1417 if (child_id < n_readers) {
1418 size_t left = data * read_bias;
1424 res = recv(self->cfd, rb,
1425 left > sizeof(rb) ? sizeof(rb) : left, 0);
1431 size_t left = data * write_bias;
1436 ASSERT_EQ(lseek(fd, 0, SEEK_SET), 0);
1438 res = sendfile(self->fd, fd, NULL,
1439 left > file_sz ? file_sz : left);
1441 res = send(self->fd, buf,
1442 left > file_sz ? file_sz : left, 0);
1450 TEST_F(tls, mutliproc_even)
1452 test_mutliproc(_metadata, self, false, 6, 6);
1455 TEST_F(tls, mutliproc_readers)
1457 test_mutliproc(_metadata, self, false, 4, 12);
1460 TEST_F(tls, mutliproc_writers)
1462 test_mutliproc(_metadata, self, false, 10, 2);
1465 TEST_F(tls, mutliproc_sendpage_even)
1467 test_mutliproc(_metadata, self, true, 6, 6);
1470 TEST_F(tls, mutliproc_sendpage_readers)
1472 test_mutliproc(_metadata, self, true, 4, 12);
1475 TEST_F(tls, mutliproc_sendpage_writers)
1477 test_mutliproc(_metadata, self, true, 10, 2);
1480 TEST_F(tls, control_msg)
1482 char *test_str = "test_read";
1483 char record_type = 100;
1488 SKIP(return, "no TLS support");
1490 EXPECT_EQ(tls_send_cmsg(self->fd, record_type, test_str, send_len, 0),
1492 /* Should fail because we didn't provide a control message */
1493 EXPECT_EQ(recv(self->cfd, buf, send_len, 0), -1);
1495 EXPECT_EQ(tls_recv_cmsg(_metadata, self->cfd, record_type,
1496 buf, sizeof(buf), MSG_WAITALL | MSG_PEEK),
1498 EXPECT_EQ(memcmp(buf, test_str, send_len), 0);
1500 /* Recv the message again without MSG_PEEK */
1501 memset(buf, 0, sizeof(buf));
1503 EXPECT_EQ(tls_recv_cmsg(_metadata, self->cfd, record_type,
1504 buf, sizeof(buf), MSG_WAITALL),
1506 EXPECT_EQ(memcmp(buf, test_str, send_len), 0);
1509 TEST_F(tls, control_msg_nomerge)
1511 char *rec1 = "1111";
1512 char *rec2 = "2222";
1517 SKIP(return, "no TLS support");
1519 EXPECT_EQ(tls_send_cmsg(self->fd, 100, rec1, send_len, 0), send_len);
1520 EXPECT_EQ(tls_send_cmsg(self->fd, 100, rec2, send_len, 0), send_len);
1522 EXPECT_EQ(tls_recv_cmsg(_metadata, self->cfd, 100, buf, sizeof(buf), MSG_PEEK), send_len);
1523 EXPECT_EQ(memcmp(buf, rec1, send_len), 0);
1525 EXPECT_EQ(tls_recv_cmsg(_metadata, self->cfd, 100, buf, sizeof(buf), MSG_PEEK), send_len);
1526 EXPECT_EQ(memcmp(buf, rec1, send_len), 0);
1528 EXPECT_EQ(tls_recv_cmsg(_metadata, self->cfd, 100, buf, sizeof(buf), 0), send_len);
1529 EXPECT_EQ(memcmp(buf, rec1, send_len), 0);
1531 EXPECT_EQ(tls_recv_cmsg(_metadata, self->cfd, 100, buf, sizeof(buf), 0), send_len);
1532 EXPECT_EQ(memcmp(buf, rec2, send_len), 0);
1535 TEST_F(tls, data_control_data)
1537 char *rec1 = "1111";
1538 char *rec2 = "2222";
1539 char *rec3 = "3333";
1544 SKIP(return, "no TLS support");
1546 EXPECT_EQ(send(self->fd, rec1, send_len, 0), send_len);
1547 EXPECT_EQ(tls_send_cmsg(self->fd, 100, rec2, send_len, 0), send_len);
1548 EXPECT_EQ(send(self->fd, rec3, send_len, 0), send_len);
1550 EXPECT_EQ(recv(self->cfd, buf, sizeof(buf), MSG_PEEK), send_len);
1551 EXPECT_EQ(recv(self->cfd, buf, sizeof(buf), MSG_PEEK), send_len);
1554 TEST_F(tls, shutdown)
1556 char const *test_str = "test_read";
1560 ASSERT_EQ(strlen(test_str) + 1, send_len);
1562 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
1563 EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1);
1564 EXPECT_EQ(memcmp(buf, test_str, send_len), 0);
1566 shutdown(self->fd, SHUT_RDWR);
1567 shutdown(self->cfd, SHUT_RDWR);
1570 TEST_F(tls, shutdown_unsent)
1572 char const *test_str = "test_read";
1575 EXPECT_EQ(send(self->fd, test_str, send_len, MSG_MORE), send_len);
1577 shutdown(self->fd, SHUT_RDWR);
1578 shutdown(self->cfd, SHUT_RDWR);
1581 TEST_F(tls, shutdown_reuse)
1583 struct sockaddr_in addr;
1586 shutdown(self->fd, SHUT_RDWR);
1587 shutdown(self->cfd, SHUT_RDWR);
1590 addr.sin_family = AF_INET;
1591 addr.sin_addr.s_addr = htonl(INADDR_ANY);
1594 ret = bind(self->fd, &addr, sizeof(addr));
1596 ret = listen(self->fd, 10);
1598 EXPECT_EQ(errno, EINVAL);
1600 ret = connect(self->fd, &addr, sizeof(addr));
1602 EXPECT_EQ(errno, EISCONN);
1605 TEST_F(tls, getsockopt)
1607 struct tls_crypto_info_keys expect, get;
1610 /* get only the version/cipher */
1611 len = sizeof(struct tls_crypto_info);
1612 memrnd(&get, sizeof(get));
1613 EXPECT_EQ(getsockopt(self->fd, SOL_TLS, TLS_TX, &get, &len), 0);
1614 EXPECT_EQ(len, sizeof(struct tls_crypto_info));
1615 EXPECT_EQ(get.crypto_info.version, variant->tls_version);
1616 EXPECT_EQ(get.crypto_info.cipher_type, variant->cipher_type);
1618 /* get the full crypto_info */
1619 tls_crypto_info_init(variant->tls_version, variant->cipher_type, &expect, 0);
1621 memrnd(&get, sizeof(get));
1622 EXPECT_EQ(getsockopt(self->fd, SOL_TLS, TLS_TX, &get, &len), 0);
1623 EXPECT_EQ(len, expect.len);
1624 EXPECT_EQ(get.crypto_info.version, variant->tls_version);
1625 EXPECT_EQ(get.crypto_info.cipher_type, variant->cipher_type);
1626 EXPECT_EQ(memcmp(&get, &expect, expect.len), 0);
1628 /* short get should fail */
1629 len = sizeof(struct tls_crypto_info) - 1;
1630 EXPECT_EQ(getsockopt(self->fd, SOL_TLS, TLS_TX, &get, &len), -1);
1631 EXPECT_EQ(errno, EINVAL);
1633 /* partial get of the cipher data should fail */
1634 len = expect.len - 1;
1635 EXPECT_EQ(getsockopt(self->fd, SOL_TLS, TLS_TX, &get, &len), -1);
1636 EXPECT_EQ(errno, EINVAL);
1639 TEST_F(tls, recv_efault)
1641 char *rec1 = "1111111111";
1642 char *rec2 = "2222222222";
1643 struct msghdr hdr = {};
1644 struct iovec iov[2];
1649 SKIP(return, "no TLS support");
1651 EXPECT_EQ(send(self->fd, rec1, 10, 0), 10);
1652 EXPECT_EQ(send(self->fd, rec2, 10, 0), 10);
1654 iov[0].iov_base = recv_mem;
1655 iov[0].iov_len = sizeof(recv_mem);
1656 iov[1].iov_base = NULL; /* broken iov to make process_rx_list fail */
1662 EXPECT_EQ(recv(self->cfd, recv_mem, 1, 0), 1);
1663 EXPECT_EQ(recv_mem[0], rec1[0]);
1665 ret = recvmsg(self->cfd, &hdr, 0);
1666 EXPECT_LE(ret, sizeof(recv_mem));
1668 EXPECT_EQ(memcmp(rec1, recv_mem, 9), 0);
1670 EXPECT_EQ(memcmp(rec2, recv_mem + 9, ret - 9), 0);
1673 #define TLS_RECORD_TYPE_HANDSHAKE 0x16
1674 /* key_update, length 1, update_not_requested */
1675 static const char key_update_msg[] = "\x18\x00\x00\x01\x00";
1676 static void tls_send_keyupdate(struct __test_metadata *_metadata, int fd)
1678 size_t len = sizeof(key_update_msg);
1680 EXPECT_EQ(tls_send_cmsg(fd, TLS_RECORD_TYPE_HANDSHAKE,
1681 (char *)key_update_msg, len, 0),
1685 static void tls_recv_keyupdate(struct __test_metadata *_metadata, int fd, int flags)
1689 EXPECT_EQ(tls_recv_cmsg(_metadata, fd, TLS_RECORD_TYPE_HANDSHAKE, buf, sizeof(buf), flags),
1690 sizeof(key_update_msg));
1691 EXPECT_EQ(memcmp(buf, key_update_msg, sizeof(key_update_msg)), 0);
1694 /* set the key to 0 then 1 for RX, immediately to 1 for TX */
1695 TEST_F(tls_basic, rekey_rx)
1697 struct tls_crypto_info_keys tls12_0, tls12_1;
1698 char const *test_str = "test_message";
1699 int send_len = strlen(test_str) + 1;
1706 tls_crypto_info_init(TLS_1_3_VERSION, TLS_CIPHER_AES_GCM_128,
1708 tls_crypto_info_init(TLS_1_3_VERSION, TLS_CIPHER_AES_GCM_128,
1711 ret = setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12_1, tls12_1.len);
1714 ret = setsockopt(self->cfd, SOL_TLS, TLS_RX, &tls12_0, tls12_0.len);
1717 ret = setsockopt(self->cfd, SOL_TLS, TLS_RX, &tls12_1, tls12_1.len);
1720 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
1721 EXPECT_EQ(recv(self->cfd, buf, send_len, 0), send_len);
1722 EXPECT_EQ(memcmp(buf, test_str, send_len), 0);
1725 /* set the key to 0 then 1 for TX, immediately to 1 for RX */
1726 TEST_F(tls_basic, rekey_tx)
1728 struct tls_crypto_info_keys tls12_0, tls12_1;
1729 char const *test_str = "test_message";
1730 int send_len = strlen(test_str) + 1;
1737 tls_crypto_info_init(TLS_1_3_VERSION, TLS_CIPHER_AES_GCM_128,
1739 tls_crypto_info_init(TLS_1_3_VERSION, TLS_CIPHER_AES_GCM_128,
1742 ret = setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12_0, tls12_0.len);
1745 ret = setsockopt(self->cfd, SOL_TLS, TLS_RX, &tls12_1, tls12_1.len);
1748 ret = setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12_1, tls12_1.len);
1751 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
1752 EXPECT_EQ(recv(self->cfd, buf, send_len, 0), send_len);
1753 EXPECT_EQ(memcmp(buf, test_str, send_len), 0);
1758 char const *test_str_1 = "test_message_before_rekey";
1759 char const *test_str_2 = "test_message_after_rekey";
1760 struct tls_crypto_info_keys tls12;
1764 if (variant->tls_version != TLS_1_3_VERSION)
1767 /* initial send/recv */
1768 send_len = strlen(test_str_1) + 1;
1769 EXPECT_EQ(send(self->fd, test_str_1, send_len, 0), send_len);
1770 EXPECT_EQ(recv(self->cfd, buf, send_len, 0), send_len);
1771 EXPECT_EQ(memcmp(buf, test_str_1, send_len), 0);
1774 tls_send_keyupdate(_metadata, self->fd);
1775 tls_crypto_info_init(variant->tls_version, variant->cipher_type, &tls12, 1);
1776 EXPECT_EQ(setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, tls12.len), 0);
1778 /* send after rekey */
1779 send_len = strlen(test_str_2) + 1;
1780 EXPECT_EQ(send(self->fd, test_str_2, send_len, 0), send_len);
1782 /* can't receive the KeyUpdate without a control message */
1783 EXPECT_EQ(recv(self->cfd, buf, send_len, 0), -1);
1786 tls_recv_keyupdate(_metadata, self->cfd, 0);
1788 /* recv blocking -> -EKEYEXPIRED */
1789 EXPECT_EQ(recv(self->cfd, buf, sizeof(buf), 0), -1);
1790 EXPECT_EQ(errno, EKEYEXPIRED);
1792 /* recv non-blocking -> -EKEYEXPIRED */
1793 EXPECT_EQ(recv(self->cfd, buf, sizeof(buf), MSG_DONTWAIT), -1);
1794 EXPECT_EQ(errno, EKEYEXPIRED);
1797 EXPECT_EQ(setsockopt(self->cfd, SOL_TLS, TLS_RX, &tls12, tls12.len), 0);
1799 /* recv after rekey */
1800 EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1);
1801 EXPECT_EQ(memcmp(buf, test_str_2, send_len), 0);
1804 TEST_F(tls, rekey_fail)
1806 char const *test_str_1 = "test_message_before_rekey";
1807 char const *test_str_2 = "test_message_after_rekey";
1808 struct tls_crypto_info_keys tls12;
1812 /* initial send/recv */
1813 send_len = strlen(test_str_1) + 1;
1814 EXPECT_EQ(send(self->fd, test_str_1, send_len, 0), send_len);
1815 EXPECT_EQ(recv(self->cfd, buf, send_len, 0), send_len);
1816 EXPECT_EQ(memcmp(buf, test_str_1, send_len), 0);
1819 tls_send_keyupdate(_metadata, self->fd);
1821 if (variant->tls_version != TLS_1_3_VERSION) {
1822 /* just check that rekey is not supported and return */
1823 tls_crypto_info_init(variant->tls_version, variant->cipher_type, &tls12, 1);
1824 EXPECT_EQ(setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, tls12.len), -1);
1825 EXPECT_EQ(errno, EBUSY);
1829 /* successful update */
1830 tls_crypto_info_init(variant->tls_version, variant->cipher_type, &tls12, 1);
1831 EXPECT_EQ(setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, tls12.len), 0);
1833 /* invalid update: change of version */
1834 tls_crypto_info_init(TLS_1_2_VERSION, variant->cipher_type, &tls12, 1);
1835 EXPECT_EQ(setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, tls12.len), -1);
1836 EXPECT_EQ(errno, EINVAL);
1838 /* invalid update (RX socket): change of version */
1839 tls_crypto_info_init(TLS_1_2_VERSION, variant->cipher_type, &tls12, 1);
1840 EXPECT_EQ(setsockopt(self->cfd, SOL_TLS, TLS_RX, &tls12, tls12.len), -1);
1841 EXPECT_EQ(errno, EINVAL);
1843 /* invalid update: change of cipher */
1844 if (variant->cipher_type == TLS_CIPHER_AES_GCM_256)
1845 tls_crypto_info_init(variant->tls_version, TLS_CIPHER_CHACHA20_POLY1305, &tls12, 1);
1847 tls_crypto_info_init(variant->tls_version, TLS_CIPHER_AES_GCM_256, &tls12, 1);
1848 EXPECT_EQ(setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, tls12.len), -1);
1849 EXPECT_EQ(errno, EINVAL);
1851 /* send after rekey, the invalid updates shouldn't have an effect */
1852 send_len = strlen(test_str_2) + 1;
1853 EXPECT_EQ(send(self->fd, test_str_2, send_len, 0), send_len);
1855 /* can't receive the KeyUpdate without a control message */
1856 EXPECT_EQ(recv(self->cfd, buf, send_len, 0), -1);
1859 tls_recv_keyupdate(_metadata, self->cfd, 0);
1861 /* recv blocking -> -EKEYEXPIRED */
1862 EXPECT_EQ(recv(self->cfd, buf, sizeof(buf), 0), -1);
1863 EXPECT_EQ(errno, EKEYEXPIRED);
1865 /* recv non-blocking -> -EKEYEXPIRED */
1866 EXPECT_EQ(recv(self->cfd, buf, sizeof(buf), MSG_DONTWAIT), -1);
1867 EXPECT_EQ(errno, EKEYEXPIRED);
1870 tls_crypto_info_init(variant->tls_version, variant->cipher_type, &tls12, 1);
1871 EXPECT_EQ(setsockopt(self->cfd, SOL_TLS, TLS_RX, &tls12, tls12.len), 0);
1873 /* recv after rekey */
1874 EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1);
1875 EXPECT_EQ(memcmp(buf, test_str_2, send_len), 0);
1878 TEST_F(tls, rekey_peek)
1880 char const *test_str_1 = "test_message_before_rekey";
1881 struct tls_crypto_info_keys tls12;
1885 if (variant->tls_version != TLS_1_3_VERSION)
1888 send_len = strlen(test_str_1) + 1;
1889 EXPECT_EQ(send(self->fd, test_str_1, send_len, 0), send_len);
1892 tls_send_keyupdate(_metadata, self->fd);
1893 tls_crypto_info_init(variant->tls_version, variant->cipher_type, &tls12, 1);
1894 EXPECT_EQ(setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, tls12.len), 0);
1896 EXPECT_EQ(recv(self->cfd, buf, sizeof(buf), MSG_PEEK), send_len);
1897 EXPECT_EQ(memcmp(buf, test_str_1, send_len), 0);
1899 EXPECT_EQ(recv(self->cfd, buf, send_len, 0), send_len);
1900 EXPECT_EQ(memcmp(buf, test_str_1, send_len), 0);
1902 /* can't receive the KeyUpdate without a control message */
1903 EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_PEEK), -1);
1905 /* peek KeyUpdate */
1906 tls_recv_keyupdate(_metadata, self->cfd, MSG_PEEK);
1909 tls_recv_keyupdate(_metadata, self->cfd, 0);
1912 EXPECT_EQ(setsockopt(self->cfd, SOL_TLS, TLS_RX, &tls12, tls12.len), 0);
1915 TEST_F(tls, splice_rekey)
1917 int send_len = TLS_PAYLOAD_MAX_LEN / 2;
1918 char mem_send[TLS_PAYLOAD_MAX_LEN];
1919 char mem_recv[TLS_PAYLOAD_MAX_LEN];
1920 struct tls_crypto_info_keys tls12;
1923 if (variant->tls_version != TLS_1_3_VERSION)
1926 memrnd(mem_send, sizeof(mem_send));
1928 ASSERT_GE(pipe(p), 0);
1929 EXPECT_EQ(send(self->fd, mem_send, send_len, 0), send_len);
1932 tls_send_keyupdate(_metadata, self->fd);
1933 tls_crypto_info_init(variant->tls_version, variant->cipher_type, &tls12, 1);
1934 EXPECT_EQ(setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, tls12.len), 0);
1936 EXPECT_EQ(send(self->fd, mem_send, send_len, 0), send_len);
1938 EXPECT_EQ(splice(self->cfd, NULL, p[1], NULL, TLS_PAYLOAD_MAX_LEN, 0), send_len);
1939 EXPECT_EQ(read(p[0], mem_recv, send_len), send_len);
1940 EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0);
1942 /* can't splice the KeyUpdate */
1943 EXPECT_EQ(splice(self->cfd, NULL, p[1], NULL, TLS_PAYLOAD_MAX_LEN, 0), -1);
1944 EXPECT_EQ(errno, EINVAL);
1946 /* peek KeyUpdate */
1947 tls_recv_keyupdate(_metadata, self->cfd, MSG_PEEK);
1950 tls_recv_keyupdate(_metadata, self->cfd, 0);
1952 /* can't splice before updating the key */
1953 EXPECT_EQ(splice(self->cfd, NULL, p[1], NULL, TLS_PAYLOAD_MAX_LEN, 0), -1);
1954 EXPECT_EQ(errno, EKEYEXPIRED);
1957 EXPECT_EQ(setsockopt(self->cfd, SOL_TLS, TLS_RX, &tls12, tls12.len), 0);
1959 EXPECT_EQ(splice(self->cfd, NULL, p[1], NULL, TLS_PAYLOAD_MAX_LEN, 0), send_len);
1960 EXPECT_EQ(read(p[0], mem_recv, send_len), send_len);
1961 EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0);
1964 TEST_F(tls, rekey_peek_splice)
1966 char const *test_str_1 = "test_message_before_rekey";
1967 struct tls_crypto_info_keys tls12;
1970 char mem_recv[TLS_PAYLOAD_MAX_LEN];
1973 if (variant->tls_version != TLS_1_3_VERSION)
1976 ASSERT_GE(pipe(p), 0);
1978 send_len = strlen(test_str_1) + 1;
1979 EXPECT_EQ(send(self->fd, test_str_1, send_len, 0), send_len);
1982 tls_send_keyupdate(_metadata, self->fd);
1983 tls_crypto_info_init(variant->tls_version, variant->cipher_type, &tls12, 1);
1984 EXPECT_EQ(setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, tls12.len), 0);
1986 EXPECT_EQ(recv(self->cfd, buf, sizeof(buf), MSG_PEEK), send_len);
1987 EXPECT_EQ(memcmp(buf, test_str_1, send_len), 0);
1989 EXPECT_EQ(splice(self->cfd, NULL, p[1], NULL, TLS_PAYLOAD_MAX_LEN, 0), send_len);
1990 EXPECT_EQ(read(p[0], mem_recv, send_len), send_len);
1991 EXPECT_EQ(memcmp(mem_recv, test_str_1, send_len), 0);
1994 TEST_F(tls, rekey_getsockopt)
1996 struct tls_crypto_info_keys tls12;
1997 struct tls_crypto_info_keys tls12_get;
2000 tls_crypto_info_init(variant->tls_version, variant->cipher_type, &tls12, 0);
2003 EXPECT_EQ(getsockopt(self->fd, SOL_TLS, TLS_TX, &tls12_get, &len), 0);
2004 EXPECT_EQ(len, tls12.len);
2005 EXPECT_EQ(memcmp(&tls12_get, &tls12, tls12.len), 0);
2008 EXPECT_EQ(getsockopt(self->cfd, SOL_TLS, TLS_RX, &tls12_get, &len), 0);
2009 EXPECT_EQ(len, tls12.len);
2010 EXPECT_EQ(memcmp(&tls12_get, &tls12, tls12.len), 0);
2012 if (variant->tls_version != TLS_1_3_VERSION)
2015 tls_send_keyupdate(_metadata, self->fd);
2016 tls_crypto_info_init(variant->tls_version, variant->cipher_type, &tls12, 1);
2017 EXPECT_EQ(setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, tls12.len), 0);
2019 tls_recv_keyupdate(_metadata, self->cfd, 0);
2020 EXPECT_EQ(setsockopt(self->cfd, SOL_TLS, TLS_RX, &tls12, tls12.len), 0);
2023 EXPECT_EQ(getsockopt(self->fd, SOL_TLS, TLS_TX, &tls12_get, &len), 0);
2024 EXPECT_EQ(len, tls12.len);
2025 EXPECT_EQ(memcmp(&tls12_get, &tls12, tls12.len), 0);
2028 EXPECT_EQ(getsockopt(self->cfd, SOL_TLS, TLS_RX, &tls12_get, &len), 0);
2029 EXPECT_EQ(len, tls12.len);
2030 EXPECT_EQ(memcmp(&tls12_get, &tls12, tls12.len), 0);
2033 TEST_F(tls, rekey_poll_pending)
2035 char const *test_str = "test_message_after_rekey";
2036 struct tls_crypto_info_keys tls12;
2037 struct pollfd pfd = { };
2041 if (variant->tls_version != TLS_1_3_VERSION)
2045 tls_send_keyupdate(_metadata, self->fd);
2046 tls_crypto_info_init(variant->tls_version, variant->cipher_type, &tls12, 1);
2047 EXPECT_EQ(setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, tls12.len), 0);
2050 tls_recv_keyupdate(_metadata, self->cfd, 0);
2052 /* send immediately after rekey */
2053 send_len = strlen(test_str) + 1;
2054 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
2056 /* key hasn't been updated, expect cfd to be non-readable */
2058 pfd.events = POLLIN;
2059 EXPECT_EQ(poll(&pfd, 1, 0), 0);
2067 /* wait before installing the new key */
2070 /* update RX key while poll() is sleeping */
2071 EXPECT_EQ(setsockopt(self->cfd, SOL_TLS, TLS_RX, &tls12, tls12.len), 0);
2073 pid2 = wait(&status);
2074 EXPECT_EQ(pid2, ret);
2075 EXPECT_EQ(status, 0);
2078 pfd.events = POLLIN;
2079 EXPECT_EQ(poll(&pfd, 1, 5000), 1);
2081 exit(!__test_passed(_metadata));
2085 TEST_F(tls, rekey_poll_delay)
2087 char const *test_str = "test_message_after_rekey";
2088 struct tls_crypto_info_keys tls12;
2089 struct pollfd pfd = { };
2093 if (variant->tls_version != TLS_1_3_VERSION)
2097 tls_send_keyupdate(_metadata, self->fd);
2098 tls_crypto_info_init(variant->tls_version, variant->cipher_type, &tls12, 1);
2099 EXPECT_EQ(setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, tls12.len), 0);
2102 tls_recv_keyupdate(_metadata, self->cfd, 0);
2110 /* wait before installing the new key */
2113 /* update RX key while poll() is sleeping */
2114 EXPECT_EQ(setsockopt(self->cfd, SOL_TLS, TLS_RX, &tls12, tls12.len), 0);
2117 send_len = strlen(test_str) + 1;
2118 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
2120 pid2 = wait(&status);
2121 EXPECT_EQ(pid2, ret);
2122 EXPECT_EQ(status, 0);
2125 pfd.events = POLLIN;
2126 EXPECT_EQ(poll(&pfd, 1, 5000), 1);
2127 exit(!__test_passed(_metadata));
2138 FIXTURE_VARIANT(tls_err)
2140 uint16_t tls_version;
2143 FIXTURE_VARIANT_ADD(tls_err, 12_aes_gcm)
2145 .tls_version = TLS_1_2_VERSION,
2148 FIXTURE_VARIANT_ADD(tls_err, 13_aes_gcm)
2150 .tls_version = TLS_1_3_VERSION,
2153 FIXTURE_SETUP(tls_err)
2155 struct tls_crypto_info_keys tls12;
2158 tls_crypto_info_init(variant->tls_version, TLS_CIPHER_AES_GCM_128,
2161 ulp_sock_pair(_metadata, &self->fd, &self->cfd, &self->notls);
2162 ulp_sock_pair(_metadata, &self->fd2, &self->cfd2, &self->notls);
2166 ret = setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, tls12.len);
2169 ret = setsockopt(self->cfd2, SOL_TLS, TLS_RX, &tls12, tls12.len);
2173 FIXTURE_TEARDOWN(tls_err)
2181 TEST_F(tls_err, bad_rec)
2186 SKIP(return, "no TLS support");
2188 memset(buf, 0x55, sizeof(buf));
2189 EXPECT_EQ(send(self->fd2, buf, sizeof(buf), 0), sizeof(buf));
2190 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1);
2191 EXPECT_EQ(errno, EMSGSIZE);
2192 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), MSG_DONTWAIT), -1);
2193 EXPECT_EQ(errno, EAGAIN);
2196 TEST_F(tls_err, bad_auth)
2202 SKIP(return, "no TLS support");
2204 memrnd(buf, sizeof(buf) / 2);
2205 EXPECT_EQ(send(self->fd, buf, sizeof(buf) / 2, 0), sizeof(buf) / 2);
2206 n = recv(self->cfd, buf, sizeof(buf), 0);
2207 EXPECT_GT(n, sizeof(buf) / 2);
2211 EXPECT_EQ(send(self->fd2, buf, n, 0), n);
2212 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1);
2213 EXPECT_EQ(errno, EBADMSG);
2214 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1);
2215 EXPECT_EQ(errno, EBADMSG);
2218 TEST_F(tls_err, bad_in_large_read)
2226 SKIP(return, "no TLS support");
2228 /* Put 3 records in the sockets */
2229 for (i = 0; i < 3; i++) {
2230 memrnd(txt[i], sizeof(txt[i]));
2231 EXPECT_EQ(send(self->fd, txt[i], sizeof(txt[i]), 0),
2233 n = recv(self->cfd, cip[i], sizeof(cip[i]), 0);
2234 EXPECT_GT(n, sizeof(txt[i]));
2235 /* Break the third message */
2238 EXPECT_EQ(send(self->fd2, cip[i], n, 0), n);
2241 /* We should be able to receive the first two messages */
2242 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), sizeof(txt[0]) * 2);
2243 EXPECT_EQ(memcmp(buf, txt[0], sizeof(txt[0])), 0);
2244 EXPECT_EQ(memcmp(buf + sizeof(txt[0]), txt[1], sizeof(txt[1])), 0);
2245 /* Third mesasge is bad */
2246 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1);
2247 EXPECT_EQ(errno, EBADMSG);
2248 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1);
2249 EXPECT_EQ(errno, EBADMSG);
2252 TEST_F(tls_err, bad_cmsg)
2254 char *test_str = "test_read";
2262 SKIP(return, "no TLS support");
2264 /* Queue up one data record */
2265 memrnd(txt, sizeof(txt));
2266 EXPECT_EQ(send(self->fd, txt, sizeof(txt), 0), sizeof(txt));
2267 n = recv(self->cfd, cip, sizeof(cip), 0);
2268 EXPECT_GT(n, sizeof(txt));
2269 EXPECT_EQ(send(self->fd2, cip, n, 0), n);
2271 EXPECT_EQ(tls_send_cmsg(self->fd, 100, test_str, send_len, 0), 10);
2272 n = recv(self->cfd, cip, sizeof(cip), 0);
2273 cip[n - 1]++; /* Break it */
2274 EXPECT_GT(n, send_len);
2275 EXPECT_EQ(send(self->fd2, cip, n, 0), n);
2277 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), sizeof(txt));
2278 EXPECT_EQ(memcmp(buf, txt, sizeof(txt)), 0);
2279 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1);
2280 EXPECT_EQ(errno, EBADMSG);
2281 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1);
2282 EXPECT_EQ(errno, EBADMSG);
2285 TEST_F(tls_err, timeo)
2287 struct timeval tv = { .tv_usec = 10000, };
2292 SKIP(return, "no TLS support");
2294 ret = setsockopt(self->cfd2, SOL_SOCKET, SO_RCVTIMEO, &tv, sizeof(tv));
2301 usleep(1000); /* Give child a head start */
2303 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1);
2304 EXPECT_EQ(errno, EAGAIN);
2306 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1);
2307 EXPECT_EQ(errno, EAGAIN);
2311 EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1);
2312 EXPECT_EQ(errno, EAGAIN);
2317 TEST_F(tls_err, poll_partial_rec)
2319 struct pollfd pfd = { };
2325 SKIP(return, "no TLS support");
2327 pfd.fd = self->cfd2;
2328 pfd.events = POLLIN;
2329 EXPECT_EQ(poll(&pfd, 1, 1), 0);
2331 memrnd(buf, sizeof(buf));
2332 EXPECT_EQ(send(self->fd, buf, sizeof(buf), 0), sizeof(buf));
2333 rec_len = recv(self->cfd, rec, sizeof(rec), 0);
2334 EXPECT_GT(rec_len, sizeof(buf));
2336 /* Write 100B, not the full record ... */
2337 EXPECT_EQ(send(self->fd2, rec, 100, 0), 100);
2338 /* ... no full record should mean no POLLIN */
2339 pfd.fd = self->cfd2;
2340 pfd.events = POLLIN;
2341 EXPECT_EQ(poll(&pfd, 1, 1), 0);
2342 /* Now write the rest, and it should all pop out of the other end. */
2343 EXPECT_EQ(send(self->fd2, rec + 100, rec_len - 100, 0), rec_len - 100);
2344 pfd.fd = self->cfd2;
2345 pfd.events = POLLIN;
2346 EXPECT_EQ(poll(&pfd, 1, 1), 1);
2347 EXPECT_EQ(recv(self->cfd2, rec, sizeof(rec), 0), sizeof(buf));
2348 EXPECT_EQ(memcmp(buf, rec, sizeof(buf)), 0);
2351 TEST_F(tls_err, epoll_partial_rec)
2353 struct epoll_event ev, events[10];
2360 SKIP(return, "no TLS support");
2362 epollfd = epoll_create1(0);
2363 ASSERT_GE(epollfd, 0);
2365 memset(&ev, 0, sizeof(ev));
2366 ev.events = EPOLLIN;
2367 ev.data.fd = self->cfd2;
2368 ASSERT_GE(epoll_ctl(epollfd, EPOLL_CTL_ADD, self->cfd2, &ev), 0);
2370 EXPECT_EQ(epoll_wait(epollfd, events, 10, 0), 0);
2372 memrnd(buf, sizeof(buf));
2373 EXPECT_EQ(send(self->fd, buf, sizeof(buf), 0), sizeof(buf));
2374 rec_len = recv(self->cfd, rec, sizeof(rec), 0);
2375 EXPECT_GT(rec_len, sizeof(buf));
2377 /* Write 100B, not the full record ... */
2378 EXPECT_EQ(send(self->fd2, rec, 100, 0), 100);
2379 /* ... no full record should mean no POLLIN */
2380 EXPECT_EQ(epoll_wait(epollfd, events, 10, 0), 0);
2381 /* Now write the rest, and it should all pop out of the other end. */
2382 EXPECT_EQ(send(self->fd2, rec + 100, rec_len - 100, 0), rec_len - 100);
2383 EXPECT_EQ(epoll_wait(epollfd, events, 10, 0), 1);
2384 EXPECT_EQ(recv(self->cfd2, rec, sizeof(rec), 0), sizeof(buf));
2385 EXPECT_EQ(memcmp(buf, rec, sizeof(buf)), 0);
2390 TEST_F(tls_err, poll_partial_rec_async)
2392 struct pollfd pfd = { };
2401 SKIP(return, "no TLS support");
2403 ASSERT_GE(pipe(p), 0);
2405 memrnd(buf, sizeof(buf));
2406 EXPECT_EQ(send(self->fd, buf, sizeof(buf), 0), sizeof(buf));
2407 rec_len = recv(self->cfd, rec, sizeof(rec), 0);
2408 EXPECT_GT(rec_len, sizeof(buf));
2417 usleep(1000); /* Give child a head start */
2419 EXPECT_EQ(send(self->fd2, rec, 100, 0), 100);
2421 EXPECT_EQ(read(p[0], &token, 1), 1); /* Barrier #1 */
2423 EXPECT_EQ(send(self->fd2, rec + 100, rec_len - 100, 0),
2426 pid2 = wait(&status);
2427 EXPECT_EQ(pid2, ret);
2428 EXPECT_EQ(status, 0);
2432 /* Child should sleep in poll(), never get a wake */
2433 pfd.fd = self->cfd2;
2434 pfd.events = POLLIN;
2435 EXPECT_EQ(poll(&pfd, 1, 20), 0);
2437 EXPECT_EQ(write(p[1], &token, 1), 1); /* Barrier #1 */
2439 pfd.fd = self->cfd2;
2440 pfd.events = POLLIN;
2441 EXPECT_EQ(poll(&pfd, 1, 20), 1);
2443 exit(!__test_passed(_metadata));
2447 TEST(non_established) {
2448 struct tls12_crypto_info_aes_gcm_256 tls12;
2449 struct sockaddr_in addr;
2455 memset(&tls12, 0, sizeof(tls12));
2456 tls12.info.version = TLS_1_2_VERSION;
2457 tls12.info.cipher_type = TLS_CIPHER_AES_GCM_256;
2459 addr.sin_family = AF_INET;
2460 addr.sin_addr.s_addr = htonl(INADDR_ANY);
2463 fd = socket(AF_INET, SOCK_STREAM, 0);
2464 sfd = socket(AF_INET, SOCK_STREAM, 0);
2466 ret = bind(sfd, &addr, sizeof(addr));
2468 ret = listen(sfd, 10);
2471 ret = setsockopt(fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls"));
2473 /* TLS ULP not supported */
2474 if (errno == ENOENT)
2476 EXPECT_EQ(errno, ENOTCONN);
2478 ret = setsockopt(sfd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls"));
2480 EXPECT_EQ(errno, ENOTCONN);
2482 ret = getsockname(sfd, &addr, &len);
2485 ret = connect(fd, &addr, sizeof(addr));
2488 ret = setsockopt(fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls"));
2491 ret = setsockopt(fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls"));
2493 EXPECT_EQ(errno, EEXIST);
2500 struct tls12_crypto_info_aes_gcm_256 tls12;
2504 memset(&tls12, 0, sizeof(tls12));
2505 tls12.info.version = TLS_1_2_VERSION;
2506 tls12.info.cipher_type = TLS_CIPHER_AES_GCM_256;
2508 ulp_sock_pair(_metadata, &fd, &cfd, ¬ls);
2511 ret = setsockopt(fd, SOL_TLS, TLS_TX, &tls12,
2515 ret = setsockopt(cfd, SOL_TLS, TLS_RX, &tls12,
2525 struct tls12_crypto_info_aes_gcm_256 tls12;
2526 int ret, fd, cfd, val;
2530 memset(&tls12, 0, sizeof(tls12));
2531 tls12.info.version = TLS_1_3_VERSION;
2532 tls12.info.cipher_type = TLS_CIPHER_AES_GCM_256;
2534 ulp_sock_pair(_metadata, &fd, &cfd, ¬ls);
2539 ret = setsockopt(fd, SOL_TLS, TLS_TX, &tls12, sizeof(tls12));
2542 ret = setsockopt(cfd, SOL_TLS, TLS_RX, &tls12, sizeof(tls12));
2546 ret = setsockopt(cfd, SOL_TLS, TLS_RX_EXPECT_NO_PAD,
2547 (void *)&val, sizeof(val));
2552 ret = getsockopt(cfd, SOL_TLS, TLS_RX_EXPECT_NO_PAD,
2553 (void *)&val, &len);
2559 ret = setsockopt(cfd, SOL_TLS, TLS_RX_EXPECT_NO_PAD,
2560 (void *)&val, sizeof(val));
2565 ret = getsockopt(cfd, SOL_TLS, TLS_RX_EXPECT_NO_PAD,
2566 (void *)&val, &len);
2576 struct tls_crypto_info_keys tls12;
2577 struct sockaddr_in6 addr, addr2;
2579 socklen_t len, len2;
2581 tls_crypto_info_init(TLS_1_2_VERSION, TLS_CIPHER_AES_GCM_128, &tls12, 0);
2583 addr.sin6_family = AF_INET6;
2584 addr.sin6_addr = in6addr_any;
2587 fd = socket(AF_INET6, SOCK_STREAM, 0);
2588 sfd = socket(AF_INET6, SOCK_STREAM, 0);
2590 ret = bind(sfd, &addr, sizeof(addr));
2592 ret = listen(sfd, 10);
2596 ret = getsockname(sfd, &addr, &len);
2599 ret = connect(fd, &addr, sizeof(addr));
2603 ret = getsockname(fd, &addr, &len);
2606 ret = setsockopt(fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls"));
2608 ASSERT_EQ(errno, ENOENT);
2609 SKIP(return, "no TLS support");
2613 ret = setsockopt(fd, SOL_TLS, TLS_TX, &tls12, tls12.len);
2616 ret = setsockopt(fd, SOL_TLS, TLS_RX, &tls12, tls12.len);
2619 len2 = sizeof(addr2);
2620 ret = getsockname(fd, &addr2, &len2);
2623 EXPECT_EQ(len2, len);
2624 EXPECT_EQ(memcmp(&addr, &addr2, len), 0);
2631 struct tls_crypto_info_keys tls12;
2632 char buf[20000], buf2[20000];
2633 struct sockaddr_in addr;
2634 int sfd, cfd, ret, fd;
2638 memrnd(buf, sizeof(buf));
2640 tls_crypto_info_init(TLS_1_2_VERSION, TLS_CIPHER_AES_GCM_256, &tls12, 0);
2642 addr.sin_family = AF_INET;
2643 addr.sin_addr.s_addr = htonl(INADDR_ANY);
2646 fd = socket(AF_INET, SOCK_STREAM, 0);
2647 sfd = socket(AF_INET, SOCK_STREAM, 0);
2649 ASSERT_EQ(bind(sfd, &addr, sizeof(addr)), 0);
2650 ASSERT_EQ(listen(sfd, 10), 0);
2651 ASSERT_EQ(getsockname(sfd, &addr, &len), 0);
2652 ASSERT_EQ(connect(fd, &addr, sizeof(addr)), 0);
2653 ASSERT_GE(cfd = accept(sfd, &addr, &len), 0);
2656 ret = setsockopt(fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls"));
2658 ASSERT_EQ(errno, ENOENT);
2659 SKIP(return, "no TLS support");
2662 ASSERT_EQ(setsockopt(fd, SOL_TLS, TLS_TX, &tls12, tls12.len), 0);
2663 EXPECT_EQ(send(fd, buf, sizeof(buf), MSG_DONTWAIT), sizeof(buf));
2665 ASSERT_EQ(setsockopt(cfd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")), 0);
2666 ASSERT_EQ(setsockopt(cfd, SOL_TLS, TLS_RX, &tls12, tls12.len), 0);
2667 EXPECT_EQ(recv(cfd, buf2, sizeof(buf2), MSG_WAITALL), sizeof(buf2));
2669 EXPECT_EQ(memcmp(buf, buf2, sizeof(buf)), 0);
2675 static void __attribute__((constructor)) fips_check(void) {
2679 f = fopen("/proc/sys/crypto/fips_enabled", "r");
2681 res = fscanf(f, "%d", &fips_enabled);
2683 ksft_print_msg("ERROR: Couldn't read /proc/sys/crypto/fips_enabled\n");
projects / linux.git / blob