tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
1// SPDX-License-Identifier: GPL-2.0
2
3#define _GNU_SOURCE
4
5#include <arpa/inet.h>
6#include <errno.h>
7#include <error.h>
8#include <fcntl.h>
9#include <poll.h>
10#include <stdio.h>
11#include <stdlib.h>
12#include <unistd.h>
13
14#include <linux/tls.h>
15#include <linux/tcp.h>
16#include <linux/socket.h>
17
18#include <sys/types.h>
19#include <sys/sendfile.h>
20#include <sys/socket.h>
21#include <sys/stat.h>
22
23#include "../kselftest_harness.h"
24
25#define TLS_PAYLOAD_MAX_LEN 16384
26#define SOL_TLS 282
27
28#ifndef ENOTSUPP
29#define ENOTSUPP 524
30#endif
31
32FIXTURE(tls_basic)
33{
34 int fd, cfd;
35 bool notls;
36};
37
38FIXTURE_SETUP(tls_basic)
39{
40 struct sockaddr_in addr;
41 socklen_t len;
42 int sfd, ret;
43
44 self->notls = false;
45 len = sizeof(addr);
46
47 addr.sin_family = AF_INET;
48 addr.sin_addr.s_addr = htonl(INADDR_ANY);
49 addr.sin_port = 0;
50
51 self->fd = socket(AF_INET, SOCK_STREAM, 0);
52 sfd = socket(AF_INET, SOCK_STREAM, 0);
53
54 ret = bind(sfd, &addr, sizeof(addr));
55 ASSERT_EQ(ret, 0);
56 ret = listen(sfd, 10);
57 ASSERT_EQ(ret, 0);
58
59 ret = getsockname(sfd, &addr, &len);
60 ASSERT_EQ(ret, 0);
61
62 ret = connect(self->fd, &addr, sizeof(addr));
63 ASSERT_EQ(ret, 0);
64
65 self->cfd = accept(sfd, &addr, &len);
66 ASSERT_GE(self->cfd, 0);
67
68 close(sfd);
69
70 ret = setsockopt(self->fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls"));
71 if (ret != 0) {
72 ASSERT_EQ(errno, ENOENT);
73 self->notls = true;
74 printf("Failure setting TCP_ULP, testing without tls\n");
75 return;
76 }
77
78 ret = setsockopt(self->cfd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls"));
79 ASSERT_EQ(ret, 0);
80}
81
82FIXTURE_TEARDOWN(tls_basic)
83{
84 close(self->fd);
85 close(self->cfd);
86}
87
88/* Send some data through with ULP but no keys */
89TEST_F(tls_basic, base_base)
90{
91 char const *test_str = "test_read";
92 int send_len = 10;
93 char buf[10];
94
95 ASSERT_EQ(strlen(test_str) + 1, send_len);
96
97 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
98 EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1);
99 EXPECT_EQ(memcmp(buf, test_str, send_len), 0);
100};
101
102FIXTURE(tls)
103{
104 int fd, cfd;
105 bool notls;
106};
107
108FIXTURE_SETUP(tls)
109{
110 struct tls12_crypto_info_aes_gcm_128 tls12;
111 struct sockaddr_in addr;
112 socklen_t len;
113 int sfd, ret;
114
115 self->notls = false;
116 len = sizeof(addr);
117
118 memset(&tls12, 0, sizeof(tls12));
119 tls12.info.version = TLS_1_3_VERSION;
120 tls12.info.cipher_type = TLS_CIPHER_AES_GCM_128;
121
122 addr.sin_family = AF_INET;
123 addr.sin_addr.s_addr = htonl(INADDR_ANY);
124 addr.sin_port = 0;
125
126 self->fd = socket(AF_INET, SOCK_STREAM, 0);
127 sfd = socket(AF_INET, SOCK_STREAM, 0);
128
129 ret = bind(sfd, &addr, sizeof(addr));
130 ASSERT_EQ(ret, 0);
131 ret = listen(sfd, 10);
132 ASSERT_EQ(ret, 0);
133
134 ret = getsockname(sfd, &addr, &len);
135 ASSERT_EQ(ret, 0);
136
137 ret = connect(self->fd, &addr, sizeof(addr));
138 ASSERT_EQ(ret, 0);
139
140 ret = setsockopt(self->fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls"));
141 if (ret != 0) {
142 self->notls = true;
143 printf("Failure setting TCP_ULP, testing without tls\n");
144 }
145
146 if (!self->notls) {
147 ret = setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12,
148 sizeof(tls12));
149 ASSERT_EQ(ret, 0);
150 }
151
152 self->cfd = accept(sfd, &addr, &len);
153 ASSERT_GE(self->cfd, 0);
154
155 if (!self->notls) {
156 ret = setsockopt(self->cfd, IPPROTO_TCP, TCP_ULP, "tls",
157 sizeof("tls"));
158 ASSERT_EQ(ret, 0);
159
160 ret = setsockopt(self->cfd, SOL_TLS, TLS_RX, &tls12,
161 sizeof(tls12));
162 ASSERT_EQ(ret, 0);
163 }
164
165 close(sfd);
166}
167
168FIXTURE_TEARDOWN(tls)
169{
170 close(self->fd);
171 close(self->cfd);
172}
173
174TEST_F(tls, sendfile)
175{
176 int filefd = open("/proc/self/exe", O_RDONLY);
177 struct stat st;
178
179 EXPECT_GE(filefd, 0);
180 fstat(filefd, &st);
181 EXPECT_GE(sendfile(self->fd, filefd, 0, st.st_size), 0);
182}
183
184TEST_F(tls, send_then_sendfile)
185{
186 int filefd = open("/proc/self/exe", O_RDONLY);
187 char const *test_str = "test_send";
188 int to_send = strlen(test_str) + 1;
189 char recv_buf[10];
190 struct stat st;
191 char *buf;
192
193 EXPECT_GE(filefd, 0);
194 fstat(filefd, &st);
195 buf = (char *)malloc(st.st_size);
196
197 EXPECT_EQ(send(self->fd, test_str, to_send, 0), to_send);
198 EXPECT_EQ(recv(self->cfd, recv_buf, to_send, MSG_WAITALL), to_send);
199 EXPECT_EQ(memcmp(test_str, recv_buf, to_send), 0);
200
201 EXPECT_GE(sendfile(self->fd, filefd, 0, st.st_size), 0);
202 EXPECT_EQ(recv(self->cfd, buf, st.st_size, MSG_WAITALL), st.st_size);
203}
204
205TEST_F(tls, recv_max)
206{
207 unsigned int send_len = TLS_PAYLOAD_MAX_LEN;
208 char recv_mem[TLS_PAYLOAD_MAX_LEN];
209 char buf[TLS_PAYLOAD_MAX_LEN];
210
211 EXPECT_GE(send(self->fd, buf, send_len, 0), 0);
212 EXPECT_NE(recv(self->cfd, recv_mem, send_len, 0), -1);
213 EXPECT_EQ(memcmp(buf, recv_mem, send_len), 0);
214}
215
216TEST_F(tls, recv_small)
217{
218 char const *test_str = "test_read";
219 int send_len = 10;
220 char buf[10];
221
222 send_len = strlen(test_str) + 1;
223 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
224 EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1);
225 EXPECT_EQ(memcmp(buf, test_str, send_len), 0);
226}
227
228TEST_F(tls, msg_more)
229{
230 char const *test_str = "test_read";
231 int send_len = 10;
232 char buf[10 * 2];
233
234 EXPECT_EQ(send(self->fd, test_str, send_len, MSG_MORE), send_len);
235 EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_DONTWAIT), -1);
236 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
237 EXPECT_EQ(recv(self->cfd, buf, send_len * 2, MSG_WAITALL),
238 send_len * 2);
239 EXPECT_EQ(memcmp(buf, test_str, send_len), 0);
240}
241
242TEST_F(tls, msg_more_unsent)
243{
244 char const *test_str = "test_read";
245 int send_len = 10;
246 char buf[10];
247
248 EXPECT_EQ(send(self->fd, test_str, send_len, MSG_MORE), send_len);
249 EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_DONTWAIT), -1);
250}
251
252TEST_F(tls, sendmsg_single)
253{
254 struct msghdr msg;
255
256 char const *test_str = "test_sendmsg";
257 size_t send_len = 13;
258 struct iovec vec;
259 char buf[13];
260
261 vec.iov_base = (char *)test_str;
262 vec.iov_len = send_len;
263 memset(&msg, 0, sizeof(struct msghdr));
264 msg.msg_iov = &vec;
265 msg.msg_iovlen = 1;
266 EXPECT_EQ(sendmsg(self->fd, &msg, 0), send_len);
267 EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_WAITALL), send_len);
268 EXPECT_EQ(memcmp(buf, test_str, send_len), 0);
269}
270
271TEST_F(tls, sendmsg_large)
272{
273 void *mem = malloc(16384);
274 size_t send_len = 16384;
275 size_t sends = 128;
276 struct msghdr msg;
277 size_t recvs = 0;
278 size_t sent = 0;
279
280 memset(&msg, 0, sizeof(struct msghdr));
281 while (sent++ < sends) {
282 struct iovec vec = { (void *)mem, send_len };
283
284 msg.msg_iov = &vec;
285 msg.msg_iovlen = 1;
286 EXPECT_EQ(sendmsg(self->cfd, &msg, 0), send_len);
287 }
288
289 while (recvs++ < sends)
290 EXPECT_NE(recv(self->fd, mem, send_len, 0), -1);
291
292 free(mem);
293}
294
295TEST_F(tls, sendmsg_multiple)
296{
297 char const *test_str = "test_sendmsg_multiple";
298 struct iovec vec[5];
299 char *test_strs[5];
300 struct msghdr msg;
301 int total_len = 0;
302 int len_cmp = 0;
303 int iov_len = 5;
304 char *buf;
305 int i;
306
307 memset(&msg, 0, sizeof(struct msghdr));
308 for (i = 0; i < iov_len; i++) {
309 test_strs[i] = (char *)malloc(strlen(test_str) + 1);
310 snprintf(test_strs[i], strlen(test_str) + 1, "%s", test_str);
311 vec[i].iov_base = (void *)test_strs[i];
312 vec[i].iov_len = strlen(test_strs[i]) + 1;
313 total_len += vec[i].iov_len;
314 }
315 msg.msg_iov = vec;
316 msg.msg_iovlen = iov_len;
317
318 EXPECT_EQ(sendmsg(self->cfd, &msg, 0), total_len);
319 buf = malloc(total_len);
320 EXPECT_NE(recv(self->fd, buf, total_len, 0), -1);
321 for (i = 0; i < iov_len; i++) {
322 EXPECT_EQ(memcmp(test_strs[i], buf + len_cmp,
323 strlen(test_strs[i])),
324 0);
325 len_cmp += strlen(buf + len_cmp) + 1;
326 }
327 for (i = 0; i < iov_len; i++)
328 free(test_strs[i]);
329 free(buf);
330}
331
332TEST_F(tls, sendmsg_multiple_stress)
333{
334 char const *test_str = "abcdefghijklmno";
335 struct iovec vec[1024];
336 char *test_strs[1024];
337 int iov_len = 1024;
338 int total_len = 0;
339 char buf[1 << 14];
340 struct msghdr msg;
341 int len_cmp = 0;
342 int i;
343
344 memset(&msg, 0, sizeof(struct msghdr));
345 for (i = 0; i < iov_len; i++) {
346 test_strs[i] = (char *)malloc(strlen(test_str) + 1);
347 snprintf(test_strs[i], strlen(test_str) + 1, "%s", test_str);
348 vec[i].iov_base = (void *)test_strs[i];
349 vec[i].iov_len = strlen(test_strs[i]) + 1;
350 total_len += vec[i].iov_len;
351 }
352 msg.msg_iov = vec;
353 msg.msg_iovlen = iov_len;
354
355 EXPECT_EQ(sendmsg(self->fd, &msg, 0), total_len);
356 EXPECT_NE(recv(self->cfd, buf, total_len, 0), -1);
357
358 for (i = 0; i < iov_len; i++)
359 len_cmp += strlen(buf + len_cmp) + 1;
360
361 for (i = 0; i < iov_len; i++)
362 free(test_strs[i]);
363}
364
365TEST_F(tls, splice_from_pipe)
366{
367 int send_len = TLS_PAYLOAD_MAX_LEN;
368 char mem_send[TLS_PAYLOAD_MAX_LEN];
369 char mem_recv[TLS_PAYLOAD_MAX_LEN];
370 int p[2];
371
372 ASSERT_GE(pipe(p), 0);
373 EXPECT_GE(write(p[1], mem_send, send_len), 0);
374 EXPECT_GE(splice(p[0], NULL, self->fd, NULL, send_len, 0), 0);
375 EXPECT_EQ(recv(self->cfd, mem_recv, send_len, MSG_WAITALL), send_len);
376 EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0);
377}
378
379TEST_F(tls, splice_from_pipe2)
380{
381 int send_len = 16000;
382 char mem_send[16000];
383 char mem_recv[16000];
384 int p2[2];
385 int p[2];
386
387 ASSERT_GE(pipe(p), 0);
388 ASSERT_GE(pipe(p2), 0);
389 EXPECT_GE(write(p[1], mem_send, 8000), 0);
390 EXPECT_GE(splice(p[0], NULL, self->fd, NULL, 8000, 0), 0);
391 EXPECT_GE(write(p2[1], mem_send + 8000, 8000), 0);
392 EXPECT_GE(splice(p2[0], NULL, self->fd, NULL, 8000, 0), 0);
393 EXPECT_EQ(recv(self->cfd, mem_recv, send_len, MSG_WAITALL), send_len);
394 EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0);
395}
396
397TEST_F(tls, send_and_splice)
398{
399 int send_len = TLS_PAYLOAD_MAX_LEN;
400 char mem_send[TLS_PAYLOAD_MAX_LEN];
401 char mem_recv[TLS_PAYLOAD_MAX_LEN];
402 char const *test_str = "test_read";
403 int send_len2 = 10;
404 char buf[10];
405 int p[2];
406
407 ASSERT_GE(pipe(p), 0);
408 EXPECT_EQ(send(self->fd, test_str, send_len2, 0), send_len2);
409 EXPECT_EQ(recv(self->cfd, buf, send_len2, MSG_WAITALL), send_len2);
410 EXPECT_EQ(memcmp(test_str, buf, send_len2), 0);
411
412 EXPECT_GE(write(p[1], mem_send, send_len), send_len);
413 EXPECT_GE(splice(p[0], NULL, self->fd, NULL, send_len, 0), send_len);
414
415 EXPECT_EQ(recv(self->cfd, mem_recv, send_len, MSG_WAITALL), send_len);
416 EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0);
417}
418
419TEST_F(tls, splice_to_pipe)
420{
421 int send_len = TLS_PAYLOAD_MAX_LEN;
422 char mem_send[TLS_PAYLOAD_MAX_LEN];
423 char mem_recv[TLS_PAYLOAD_MAX_LEN];
424 int p[2];
425
426 ASSERT_GE(pipe(p), 0);
427 EXPECT_GE(send(self->fd, mem_send, send_len, 0), 0);
428 EXPECT_GE(splice(self->cfd, NULL, p[1], NULL, send_len, 0), 0);
429 EXPECT_GE(read(p[0], mem_recv, send_len), 0);
430 EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0);
431}
432
433TEST_F(tls, recvmsg_single)
434{
435 char const *test_str = "test_recvmsg_single";
436 int send_len = strlen(test_str) + 1;
437 char buf[20];
438 struct msghdr hdr;
439 struct iovec vec;
440
441 memset(&hdr, 0, sizeof(hdr));
442 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
443 vec.iov_base = (char *)buf;
444 vec.iov_len = send_len;
445 hdr.msg_iovlen = 1;
446 hdr.msg_iov = &vec;
447 EXPECT_NE(recvmsg(self->cfd, &hdr, 0), -1);
448 EXPECT_EQ(memcmp(test_str, buf, send_len), 0);
449}
450
451TEST_F(tls, recvmsg_single_max)
452{
453 int send_len = TLS_PAYLOAD_MAX_LEN;
454 char send_mem[TLS_PAYLOAD_MAX_LEN];
455 char recv_mem[TLS_PAYLOAD_MAX_LEN];
456 struct iovec vec;
457 struct msghdr hdr;
458
459 EXPECT_EQ(send(self->fd, send_mem, send_len, 0), send_len);
460 vec.iov_base = (char *)recv_mem;
461 vec.iov_len = TLS_PAYLOAD_MAX_LEN;
462
463 hdr.msg_iovlen = 1;
464 hdr.msg_iov = &vec;
465 EXPECT_NE(recvmsg(self->cfd, &hdr, 0), -1);
466 EXPECT_EQ(memcmp(send_mem, recv_mem, send_len), 0);
467}
468
469TEST_F(tls, recvmsg_multiple)
470{
471 unsigned int msg_iovlen = 1024;
472 unsigned int len_compared = 0;
473 struct iovec vec[1024];
474 char *iov_base[1024];
475 unsigned int iov_len = 16;
476 int send_len = 1 << 14;
477 char buf[1 << 14];
478 struct msghdr hdr;
479 int i;
480
481 EXPECT_EQ(send(self->fd, buf, send_len, 0), send_len);
482 for (i = 0; i < msg_iovlen; i++) {
483 iov_base[i] = (char *)malloc(iov_len);
484 vec[i].iov_base = iov_base[i];
485 vec[i].iov_len = iov_len;
486 }
487
488 hdr.msg_iovlen = msg_iovlen;
489 hdr.msg_iov = vec;
490 EXPECT_NE(recvmsg(self->cfd, &hdr, 0), -1);
491 for (i = 0; i < msg_iovlen; i++)
492 len_compared += iov_len;
493
494 for (i = 0; i < msg_iovlen; i++)
495 free(iov_base[i]);
496}
497
498TEST_F(tls, single_send_multiple_recv)
499{
500 unsigned int total_len = TLS_PAYLOAD_MAX_LEN * 2;
501 unsigned int send_len = TLS_PAYLOAD_MAX_LEN;
502 char send_mem[TLS_PAYLOAD_MAX_LEN * 2];
503 char recv_mem[TLS_PAYLOAD_MAX_LEN * 2];
504
505 EXPECT_GE(send(self->fd, send_mem, total_len, 0), 0);
506 memset(recv_mem, 0, total_len);
507
508 EXPECT_NE(recv(self->cfd, recv_mem, send_len, 0), -1);
509 EXPECT_NE(recv(self->cfd, recv_mem + send_len, send_len, 0), -1);
510 EXPECT_EQ(memcmp(send_mem, recv_mem, total_len), 0);
511}
512
513TEST_F(tls, multiple_send_single_recv)
514{
515 unsigned int total_len = 2 * 10;
516 unsigned int send_len = 10;
517 char recv_mem[2 * 10];
518 char send_mem[10];
519
520 EXPECT_GE(send(self->fd, send_mem, send_len, 0), 0);
521 EXPECT_GE(send(self->fd, send_mem, send_len, 0), 0);
522 memset(recv_mem, 0, total_len);
523 EXPECT_EQ(recv(self->cfd, recv_mem, total_len, MSG_WAITALL), total_len);
524
525 EXPECT_EQ(memcmp(send_mem, recv_mem, send_len), 0);
526 EXPECT_EQ(memcmp(send_mem, recv_mem + send_len, send_len), 0);
527}
528
529TEST_F(tls, single_send_multiple_recv_non_align)
530{
531 const unsigned int total_len = 15;
532 const unsigned int recv_len = 10;
533 char recv_mem[recv_len * 2];
534 char send_mem[total_len];
535
536 EXPECT_GE(send(self->fd, send_mem, total_len, 0), 0);
537 memset(recv_mem, 0, total_len);
538
539 EXPECT_EQ(recv(self->cfd, recv_mem, recv_len, 0), recv_len);
540 EXPECT_EQ(recv(self->cfd, recv_mem + recv_len, recv_len, 0), 5);
541 EXPECT_EQ(memcmp(send_mem, recv_mem, total_len), 0);
542}
543
544TEST_F(tls, recv_partial)
545{
546 char const *test_str = "test_read_partial";
547 char const *test_str_first = "test_read";
548 char const *test_str_second = "_partial";
549 int send_len = strlen(test_str) + 1;
550 char recv_mem[18];
551
552 memset(recv_mem, 0, sizeof(recv_mem));
553 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
554 EXPECT_NE(recv(self->cfd, recv_mem, strlen(test_str_first),
555 MSG_WAITALL), -1);
556 EXPECT_EQ(memcmp(test_str_first, recv_mem, strlen(test_str_first)), 0);
557 memset(recv_mem, 0, sizeof(recv_mem));
558 EXPECT_NE(recv(self->cfd, recv_mem, strlen(test_str_second),
559 MSG_WAITALL), -1);
560 EXPECT_EQ(memcmp(test_str_second, recv_mem, strlen(test_str_second)),
561 0);
562}
563
564TEST_F(tls, recv_nonblock)
565{
566 char buf[4096];
567 bool err;
568
569 EXPECT_EQ(recv(self->cfd, buf, sizeof(buf), MSG_DONTWAIT), -1);
570 err = (errno == EAGAIN || errno == EWOULDBLOCK);
571 EXPECT_EQ(err, true);
572}
573
574TEST_F(tls, recv_peek)
575{
576 char const *test_str = "test_read_peek";
577 int send_len = strlen(test_str) + 1;
578 char buf[15];
579
580 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
581 EXPECT_NE(recv(self->cfd, buf, send_len, MSG_PEEK), -1);
582 EXPECT_EQ(memcmp(test_str, buf, send_len), 0);
583 memset(buf, 0, sizeof(buf));
584 EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1);
585 EXPECT_EQ(memcmp(test_str, buf, send_len), 0);
586}
587
588TEST_F(tls, recv_peek_multiple)
589{
590 char const *test_str = "test_read_peek";
591 int send_len = strlen(test_str) + 1;
592 unsigned int num_peeks = 100;
593 char buf[15];
594 int i;
595
596 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
597 for (i = 0; i < num_peeks; i++) {
598 EXPECT_NE(recv(self->cfd, buf, send_len, MSG_PEEK), -1);
599 EXPECT_EQ(memcmp(test_str, buf, send_len), 0);
600 memset(buf, 0, sizeof(buf));
601 }
602 EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1);
603 EXPECT_EQ(memcmp(test_str, buf, send_len), 0);
604}
605
606TEST_F(tls, recv_peek_multiple_records)
607{
608 char const *test_str = "test_read_peek_mult_recs";
609 char const *test_str_first = "test_read_peek";
610 char const *test_str_second = "_mult_recs";
611 int len;
612 char buf[64];
613
614 len = strlen(test_str_first);
615 EXPECT_EQ(send(self->fd, test_str_first, len, 0), len);
616
617 len = strlen(test_str_second) + 1;
618 EXPECT_EQ(send(self->fd, test_str_second, len, 0), len);
619
620 len = strlen(test_str_first);
621 memset(buf, 0, len);
622 EXPECT_EQ(recv(self->cfd, buf, len, MSG_PEEK | MSG_WAITALL), len);
623
624 /* MSG_PEEK can only peek into the current record. */
625 len = strlen(test_str_first);
626 EXPECT_EQ(memcmp(test_str_first, buf, len), 0);
627
628 len = strlen(test_str) + 1;
629 memset(buf, 0, len);
630 EXPECT_EQ(recv(self->cfd, buf, len, MSG_WAITALL), len);
631
632 /* Non-MSG_PEEK will advance strparser (and therefore record)
633 * however.
634 */
635 len = strlen(test_str) + 1;
636 EXPECT_EQ(memcmp(test_str, buf, len), 0);
637
638 /* MSG_MORE will hold current record open, so later MSG_PEEK
639 * will see everything.
640 */
641 len = strlen(test_str_first);
642 EXPECT_EQ(send(self->fd, test_str_first, len, MSG_MORE), len);
643
644 len = strlen(test_str_second) + 1;
645 EXPECT_EQ(send(self->fd, test_str_second, len, 0), len);
646
647 len = strlen(test_str) + 1;
648 memset(buf, 0, len);
649 EXPECT_EQ(recv(self->cfd, buf, len, MSG_PEEK | MSG_WAITALL), len);
650
651 len = strlen(test_str) + 1;
652 EXPECT_EQ(memcmp(test_str, buf, len), 0);
653}
654
655TEST_F(tls, recv_peek_large_buf_mult_recs)
656{
657 char const *test_str = "test_read_peek_mult_recs";
658 char const *test_str_first = "test_read_peek";
659 char const *test_str_second = "_mult_recs";
660 int len;
661 char buf[64];
662
663 len = strlen(test_str_first);
664 EXPECT_EQ(send(self->fd, test_str_first, len, 0), len);
665
666 len = strlen(test_str_second) + 1;
667 EXPECT_EQ(send(self->fd, test_str_second, len, 0), len);
668
669 len = strlen(test_str) + 1;
670 memset(buf, 0, len);
671 EXPECT_NE((len = recv(self->cfd, buf, len,
672 MSG_PEEK | MSG_WAITALL)), -1);
673 len = strlen(test_str) + 1;
674 EXPECT_EQ(memcmp(test_str, buf, len), 0);
675}
676
677TEST_F(tls, recv_lowat)
678{
679 char send_mem[10] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 };
680 char recv_mem[20];
681 int lowat = 8;
682
683 EXPECT_EQ(send(self->fd, send_mem, 10, 0), 10);
684 EXPECT_EQ(send(self->fd, send_mem, 5, 0), 5);
685
686 memset(recv_mem, 0, 20);
687 EXPECT_EQ(setsockopt(self->cfd, SOL_SOCKET, SO_RCVLOWAT,
688 &lowat, sizeof(lowat)), 0);
689 EXPECT_EQ(recv(self->cfd, recv_mem, 1, MSG_WAITALL), 1);
690 EXPECT_EQ(recv(self->cfd, recv_mem + 1, 6, MSG_WAITALL), 6);
691 EXPECT_EQ(recv(self->cfd, recv_mem + 7, 10, 0), 8);
692
693 EXPECT_EQ(memcmp(send_mem, recv_mem, 10), 0);
694 EXPECT_EQ(memcmp(send_mem, recv_mem + 10, 5), 0);
695}
696
697TEST_F(tls, bidir)
698{
699 char const *test_str = "test_read";
700 int send_len = 10;
701 char buf[10];
702 int ret;
703
704 if (!self->notls) {
705 struct tls12_crypto_info_aes_gcm_128 tls12;
706
707 memset(&tls12, 0, sizeof(tls12));
708 tls12.info.version = TLS_1_3_VERSION;
709 tls12.info.cipher_type = TLS_CIPHER_AES_GCM_128;
710
711 ret = setsockopt(self->fd, SOL_TLS, TLS_RX, &tls12,
712 sizeof(tls12));
713 ASSERT_EQ(ret, 0);
714
715 ret = setsockopt(self->cfd, SOL_TLS, TLS_TX, &tls12,
716 sizeof(tls12));
717 ASSERT_EQ(ret, 0);
718 }
719
720 ASSERT_EQ(strlen(test_str) + 1, send_len);
721
722 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
723 EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1);
724 EXPECT_EQ(memcmp(buf, test_str, send_len), 0);
725
726 memset(buf, 0, sizeof(buf));
727
728 EXPECT_EQ(send(self->cfd, test_str, send_len, 0), send_len);
729 EXPECT_NE(recv(self->fd, buf, send_len, 0), -1);
730 EXPECT_EQ(memcmp(buf, test_str, send_len), 0);
731};
732
733TEST_F(tls, pollin)
734{
735 char const *test_str = "test_poll";
736 struct pollfd fd = { 0, 0, 0 };
737 char buf[10];
738 int send_len = 10;
739
740 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
741 fd.fd = self->cfd;
742 fd.events = POLLIN;
743
744 EXPECT_EQ(poll(&fd, 1, 20), 1);
745 EXPECT_EQ(fd.revents & POLLIN, 1);
746 EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_WAITALL), send_len);
747 /* Test timing out */
748 EXPECT_EQ(poll(&fd, 1, 20), 0);
749}
750
751TEST_F(tls, poll_wait)
752{
753 char const *test_str = "test_poll_wait";
754 int send_len = strlen(test_str) + 1;
755 struct pollfd fd = { 0, 0, 0 };
756 char recv_mem[15];
757
758 fd.fd = self->cfd;
759 fd.events = POLLIN;
760 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
761 /* Set timeout to inf. secs */
762 EXPECT_EQ(poll(&fd, 1, -1), 1);
763 EXPECT_EQ(fd.revents & POLLIN, 1);
764 EXPECT_EQ(recv(self->cfd, recv_mem, send_len, MSG_WAITALL), send_len);
765}
766
767TEST_F(tls, poll_wait_split)
768{
769 struct pollfd fd = { 0, 0, 0 };
770 char send_mem[20] = {};
771 char recv_mem[15];
772
773 fd.fd = self->cfd;
774 fd.events = POLLIN;
775 /* Send 20 bytes */
776 EXPECT_EQ(send(self->fd, send_mem, sizeof(send_mem), 0),
777 sizeof(send_mem));
778 /* Poll with inf. timeout */
779 EXPECT_EQ(poll(&fd, 1, -1), 1);
780 EXPECT_EQ(fd.revents & POLLIN, 1);
781 EXPECT_EQ(recv(self->cfd, recv_mem, sizeof(recv_mem), MSG_WAITALL),
782 sizeof(recv_mem));
783
784 /* Now the remaining 5 bytes of record data are in TLS ULP */
785 fd.fd = self->cfd;
786 fd.events = POLLIN;
787 EXPECT_EQ(poll(&fd, 1, -1), 1);
788 EXPECT_EQ(fd.revents & POLLIN, 1);
789 EXPECT_EQ(recv(self->cfd, recv_mem, sizeof(recv_mem), 0),
790 sizeof(send_mem) - sizeof(recv_mem));
791}
792
793TEST_F(tls, blocking)
794{
795 size_t data = 100000;
796 int res = fork();
797
798 EXPECT_NE(res, -1);
799
800 if (res) {
801 /* parent */
802 size_t left = data;
803 char buf[16384];
804 int status;
805 int pid2;
806
807 while (left) {
808 int res = send(self->fd, buf,
809 left > 16384 ? 16384 : left, 0);
810
811 EXPECT_GE(res, 0);
812 left -= res;
813 }
814
815 pid2 = wait(&status);
816 EXPECT_EQ(status, 0);
817 EXPECT_EQ(res, pid2);
818 } else {
819 /* child */
820 size_t left = data;
821 char buf[16384];
822
823 while (left) {
824 int res = recv(self->cfd, buf,
825 left > 16384 ? 16384 : left, 0);
826
827 EXPECT_GE(res, 0);
828 left -= res;
829 }
830 }
831}
832
833TEST_F(tls, nonblocking)
834{
835 size_t data = 100000;
836 int sendbuf = 100;
837 int flags;
838 int res;
839
840 flags = fcntl(self->fd, F_GETFL, 0);
841 fcntl(self->fd, F_SETFL, flags | O_NONBLOCK);
842 fcntl(self->cfd, F_SETFL, flags | O_NONBLOCK);
843
844 /* Ensure nonblocking behavior by imposing a small send
845 * buffer.
846 */
847 EXPECT_EQ(setsockopt(self->fd, SOL_SOCKET, SO_SNDBUF,
848 &sendbuf, sizeof(sendbuf)), 0);
849
850 res = fork();
851 EXPECT_NE(res, -1);
852
853 if (res) {
854 /* parent */
855 bool eagain = false;
856 size_t left = data;
857 char buf[16384];
858 int status;
859 int pid2;
860
861 while (left) {
862 int res = send(self->fd, buf,
863 left > 16384 ? 16384 : left, 0);
864
865 if (res == -1 && errno == EAGAIN) {
866 eagain = true;
867 usleep(10000);
868 continue;
869 }
870 EXPECT_GE(res, 0);
871 left -= res;
872 }
873
874 EXPECT_TRUE(eagain);
875 pid2 = wait(&status);
876
877 EXPECT_EQ(status, 0);
878 EXPECT_EQ(res, pid2);
879 } else {
880 /* child */
881 bool eagain = false;
882 size_t left = data;
883 char buf[16384];
884
885 while (left) {
886 int res = recv(self->cfd, buf,
887 left > 16384 ? 16384 : left, 0);
888
889 if (res == -1 && errno == EAGAIN) {
890 eagain = true;
891 usleep(10000);
892 continue;
893 }
894 EXPECT_GE(res, 0);
895 left -= res;
896 }
897 EXPECT_TRUE(eagain);
898 }
899}
900
901TEST_F(tls, control_msg)
902{
903 if (self->notls)
904 return;
905
906 char cbuf[CMSG_SPACE(sizeof(char))];
907 char const *test_str = "test_read";
908 int cmsg_len = sizeof(char);
909 char record_type = 100;
910 struct cmsghdr *cmsg;
911 struct msghdr msg;
912 int send_len = 10;
913 struct iovec vec;
914 char buf[10];
915
916 vec.iov_base = (char *)test_str;
917 vec.iov_len = 10;
918 memset(&msg, 0, sizeof(struct msghdr));
919 msg.msg_iov = &vec;
920 msg.msg_iovlen = 1;
921 msg.msg_control = cbuf;
922 msg.msg_controllen = sizeof(cbuf);
923 cmsg = CMSG_FIRSTHDR(&msg);
924 cmsg->cmsg_level = SOL_TLS;
925 /* test sending non-record types. */
926 cmsg->cmsg_type = TLS_SET_RECORD_TYPE;
927 cmsg->cmsg_len = CMSG_LEN(cmsg_len);
928 *CMSG_DATA(cmsg) = record_type;
929 msg.msg_controllen = cmsg->cmsg_len;
930
931 EXPECT_EQ(sendmsg(self->fd, &msg, 0), send_len);
932 /* Should fail because we didn't provide a control message */
933 EXPECT_EQ(recv(self->cfd, buf, send_len, 0), -1);
934
935 vec.iov_base = buf;
936 EXPECT_EQ(recvmsg(self->cfd, &msg, MSG_WAITALL | MSG_PEEK), send_len);
937
938 cmsg = CMSG_FIRSTHDR(&msg);
939 EXPECT_NE(cmsg, NULL);
940 EXPECT_EQ(cmsg->cmsg_level, SOL_TLS);
941 EXPECT_EQ(cmsg->cmsg_type, TLS_GET_RECORD_TYPE);
942 record_type = *((unsigned char *)CMSG_DATA(cmsg));
943 EXPECT_EQ(record_type, 100);
944 EXPECT_EQ(memcmp(buf, test_str, send_len), 0);
945
946 /* Recv the message again without MSG_PEEK */
947 record_type = 0;
948 memset(buf, 0, sizeof(buf));
949
950 EXPECT_EQ(recvmsg(self->cfd, &msg, MSG_WAITALL), send_len);
951 cmsg = CMSG_FIRSTHDR(&msg);
952 EXPECT_NE(cmsg, NULL);
953 EXPECT_EQ(cmsg->cmsg_level, SOL_TLS);
954 EXPECT_EQ(cmsg->cmsg_type, TLS_GET_RECORD_TYPE);
955 record_type = *((unsigned char *)CMSG_DATA(cmsg));
956 EXPECT_EQ(record_type, 100);
957 EXPECT_EQ(memcmp(buf, test_str, send_len), 0);
958}
959
960TEST_F(tls, shutdown)
961{
962 char const *test_str = "test_read";
963 int send_len = 10;
964 char buf[10];
965
966 ASSERT_EQ(strlen(test_str) + 1, send_len);
967
968 EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
969 EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1);
970 EXPECT_EQ(memcmp(buf, test_str, send_len), 0);
971
972 shutdown(self->fd, SHUT_RDWR);
973 shutdown(self->cfd, SHUT_RDWR);
974}
975
976TEST_F(tls, shutdown_unsent)
977{
978 char const *test_str = "test_read";
979 int send_len = 10;
980
981 EXPECT_EQ(send(self->fd, test_str, send_len, MSG_MORE), send_len);
982
983 shutdown(self->fd, SHUT_RDWR);
984 shutdown(self->cfd, SHUT_RDWR);
985}
986
987TEST_F(tls, shutdown_reuse)
988{
989 struct sockaddr_in addr;
990 int ret;
991
992 shutdown(self->fd, SHUT_RDWR);
993 shutdown(self->cfd, SHUT_RDWR);
994 close(self->cfd);
995
996 addr.sin_family = AF_INET;
997 addr.sin_addr.s_addr = htonl(INADDR_ANY);
998 addr.sin_port = 0;
999
1000 ret = bind(self->fd, &addr, sizeof(addr));
1001 EXPECT_EQ(ret, 0);
1002 ret = listen(self->fd, 10);
1003 EXPECT_EQ(ret, -1);
1004 EXPECT_EQ(errno, EINVAL);
1005
1006 ret = connect(self->fd, &addr, sizeof(addr));
1007 EXPECT_EQ(ret, -1);
1008 EXPECT_EQ(errno, EISCONN);
1009}
1010
1011TEST(non_established) {
1012 struct tls12_crypto_info_aes_gcm_256 tls12;
1013 struct sockaddr_in addr;
1014 int sfd, ret, fd;
1015 socklen_t len;
1016
1017 len = sizeof(addr);
1018
1019 memset(&tls12, 0, sizeof(tls12));
1020 tls12.info.version = TLS_1_2_VERSION;
1021 tls12.info.cipher_type = TLS_CIPHER_AES_GCM_256;
1022
1023 addr.sin_family = AF_INET;
1024 addr.sin_addr.s_addr = htonl(INADDR_ANY);
1025 addr.sin_port = 0;
1026
1027 fd = socket(AF_INET, SOCK_STREAM, 0);
1028 sfd = socket(AF_INET, SOCK_STREAM, 0);
1029
1030 ret = bind(sfd, &addr, sizeof(addr));
1031 ASSERT_EQ(ret, 0);
1032 ret = listen(sfd, 10);
1033 ASSERT_EQ(ret, 0);
1034
1035 ret = setsockopt(fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls"));
1036 EXPECT_EQ(ret, -1);
1037 /* TLS ULP not supported */
1038 if (errno == ENOENT)
1039 return;
1040 EXPECT_EQ(errno, ENOTSUPP);
1041
1042 ret = setsockopt(sfd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls"));
1043 EXPECT_EQ(ret, -1);
1044 EXPECT_EQ(errno, ENOTSUPP);
1045
1046 ret = getsockname(sfd, &addr, &len);
1047 ASSERT_EQ(ret, 0);
1048
1049 ret = connect(fd, &addr, sizeof(addr));
1050 ASSERT_EQ(ret, 0);
1051
1052 ret = setsockopt(fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls"));
1053 ASSERT_EQ(ret, 0);
1054
1055 ret = setsockopt(fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls"));
1056 EXPECT_EQ(ret, -1);
1057 EXPECT_EQ(errno, EEXIST);
1058
1059 close(fd);
1060 close(sfd);
1061}
1062
1063TEST(keysizes) {
1064 struct tls12_crypto_info_aes_gcm_256 tls12;
1065 struct sockaddr_in addr;
1066 int sfd, ret, fd, cfd;
1067 socklen_t len;
1068 bool notls;
1069
1070 notls = false;
1071 len = sizeof(addr);
1072
1073 memset(&tls12, 0, sizeof(tls12));
1074 tls12.info.version = TLS_1_2_VERSION;
1075 tls12.info.cipher_type = TLS_CIPHER_AES_GCM_256;
1076
1077 addr.sin_family = AF_INET;
1078 addr.sin_addr.s_addr = htonl(INADDR_ANY);
1079 addr.sin_port = 0;
1080
1081 fd = socket(AF_INET, SOCK_STREAM, 0);
1082 sfd = socket(AF_INET, SOCK_STREAM, 0);
1083
1084 ret = bind(sfd, &addr, sizeof(addr));
1085 ASSERT_EQ(ret, 0);
1086 ret = listen(sfd, 10);
1087 ASSERT_EQ(ret, 0);
1088
1089 ret = getsockname(sfd, &addr, &len);
1090 ASSERT_EQ(ret, 0);
1091
1092 ret = connect(fd, &addr, sizeof(addr));
1093 ASSERT_EQ(ret, 0);
1094
1095 ret = setsockopt(fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls"));
1096 if (ret != 0) {
1097 notls = true;
1098 printf("Failure setting TCP_ULP, testing without tls\n");
1099 }
1100
1101 if (!notls) {
1102 ret = setsockopt(fd, SOL_TLS, TLS_TX, &tls12,
1103 sizeof(tls12));
1104 EXPECT_EQ(ret, 0);
1105 }
1106
1107 cfd = accept(sfd, &addr, &len);
1108 ASSERT_GE(cfd, 0);
1109
1110 if (!notls) {
1111 ret = setsockopt(cfd, IPPROTO_TCP, TCP_ULP, "tls",
1112 sizeof("tls"));
1113 EXPECT_EQ(ret, 0);
1114
1115 ret = setsockopt(cfd, SOL_TLS, TLS_RX, &tls12,
1116 sizeof(tls12));
1117 EXPECT_EQ(ret, 0);
1118 }
1119
1120 close(sfd);
1121 close(fd);
1122 close(cfd);
1123}
1124
1125TEST(tls12) {
1126 int fd, cfd;
1127 bool notls;
1128
1129 struct tls12_crypto_info_aes_gcm_128 tls12;
1130 struct sockaddr_in addr;
1131 socklen_t len;
1132 int sfd, ret;
1133
1134 notls = false;
1135 len = sizeof(addr);
1136
1137 memset(&tls12, 0, sizeof(tls12));
1138 tls12.info.version = TLS_1_2_VERSION;
1139 tls12.info.cipher_type = TLS_CIPHER_AES_GCM_128;
1140
1141 addr.sin_family = AF_INET;
1142 addr.sin_addr.s_addr = htonl(INADDR_ANY);
1143 addr.sin_port = 0;
1144
1145 fd = socket(AF_INET, SOCK_STREAM, 0);
1146 sfd = socket(AF_INET, SOCK_STREAM, 0);
1147
1148 ret = bind(sfd, &addr, sizeof(addr));
1149 ASSERT_EQ(ret, 0);
1150 ret = listen(sfd, 10);
1151 ASSERT_EQ(ret, 0);
1152
1153 ret = getsockname(sfd, &addr, &len);
1154 ASSERT_EQ(ret, 0);
1155
1156 ret = connect(fd, &addr, sizeof(addr));
1157 ASSERT_EQ(ret, 0);
1158
1159 ret = setsockopt(fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls"));
1160 if (ret != 0) {
1161 notls = true;
1162 printf("Failure setting TCP_ULP, testing without tls\n");
1163 }
1164
1165 if (!notls) {
1166 ret = setsockopt(fd, SOL_TLS, TLS_TX, &tls12,
1167 sizeof(tls12));
1168 ASSERT_EQ(ret, 0);
1169 }
1170
1171 cfd = accept(sfd, &addr, &len);
1172 ASSERT_GE(cfd, 0);
1173
1174 if (!notls) {
1175 ret = setsockopt(cfd, IPPROTO_TCP, TCP_ULP, "tls",
1176 sizeof("tls"));
1177 ASSERT_EQ(ret, 0);
1178
1179 ret = setsockopt(cfd, SOL_TLS, TLS_RX, &tls12,
1180 sizeof(tls12));
1181 ASSERT_EQ(ret, 0);
1182 }
1183
1184 close(sfd);
1185
1186 char const *test_str = "test_read";
1187 int send_len = 10;
1188 char buf[10];
1189
1190 send_len = strlen(test_str) + 1;
1191 EXPECT_EQ(send(fd, test_str, send_len, 0), send_len);
1192 EXPECT_NE(recv(cfd, buf, send_len, 0), -1);
1193 EXPECT_EQ(memcmp(buf, test_str, send_len), 0);
1194
1195 close(fd);
1196 close(cfd);
1197}
1198
1199TEST_HARNESS_MAIN