Skip to content

Commit ef0fc0b

Browse files
kuba-mookuba-moo
committed
selftests: tls: add tests for handling of bad records
Test broken records. Signed-off-by: Jakub Kicinski <kuba@kernel.org>
1 parent 31180ad commit ef0fc0b

File tree

1 file changed

+154
-0
lines changed
  • tools/testing/selftests/net

1 file changed

+154
-0
lines changed

tools/testing/selftests/net/tls.c

Lines changed: 154 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1297,6 +1297,160 @@ TEST_F(tls, shutdown_reuse)
12971297
EXPECT_EQ(errno, EISCONN);
12981298
}
12991299

1300+
FIXTURE(tls_err)
1301+
{
1302+
int fd, cfd;
1303+
int fd2, cfd2;
1304+
bool notls;
1305+
};
1306+
1307+
FIXTURE_VARIANT(tls_err)
1308+
{
1309+
uint16_t tls_version;
1310+
};
1311+
1312+
FIXTURE_VARIANT_ADD(tls_err, 12_aes_gcm)
1313+
{
1314+
.tls_version = TLS_1_2_VERSION,
1315+
};
1316+
1317+
FIXTURE_VARIANT_ADD(tls_err, 13_aes_gcm)
1318+
{
1319+
.tls_version = TLS_1_3_VERSION,
1320+
};
1321+
1322+
FIXTURE_SETUP(tls_err)
1323+
{
1324+
struct tls_crypto_info_keys tls12;
1325+
int ret;
1326+
1327+
tls_crypto_info_init(variant->tls_version, TLS_CIPHER_AES_GCM_128,
1328+
&tls12);
1329+
1330+
ulp_sock_pair(_metadata, &self->fd, &self->cfd, &self->notls);
1331+
ulp_sock_pair(_metadata, &self->fd2, &self->cfd2, &self->notls);
1332+
if (self->notls)
1333+
return;
1334+
1335+
ret = setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12, tls12.len);
1336+
ASSERT_EQ(ret, 0);
1337+
1338+
ret = setsockopt(self->cfd2, SOL_TLS, TLS_RX, &tls12, tls12.len);
1339+
ASSERT_EQ(ret, 0);
1340+
}
1341+
1342+
FIXTURE_TEARDOWN(tls_err)
1343+
{
1344+
close(self->fd);
1345+
close(self->cfd);
1346+
close(self->fd2);
1347+
close(self->cfd2);
1348+
}
1349+
1350+
TEST_F(tls_err, bad_rec)
1351+
{
1352+
char buf[64];
1353+
1354+
if (self->notls)
1355+
SKIP(return, "no TLS support");
1356+
1357+
memset(buf, 0x55, sizeof(buf));
1358+
EXPECT_EQ(send(self->fd2, buf, sizeof(buf), 0), sizeof(buf));
1359+
EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1);
1360+
EXPECT_EQ(errno, EMSGSIZE);
1361+
EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), MSG_DONTWAIT), -1);
1362+
EXPECT_EQ(errno, EAGAIN);
1363+
}
1364+
1365+
TEST_F(tls_err, bad_auth)
1366+
{
1367+
char buf[128];
1368+
int n;
1369+
1370+
if (self->notls)
1371+
SKIP(return, "no TLS support");
1372+
1373+
memrnd(buf, sizeof(buf) / 2);
1374+
EXPECT_EQ(send(self->fd, buf, sizeof(buf) / 2, 0), sizeof(buf) / 2);
1375+
n = recv(self->cfd, buf, sizeof(buf), 0);
1376+
EXPECT_GT(n, sizeof(buf) / 2);
1377+
1378+
buf[n - 1]++;
1379+
1380+
EXPECT_EQ(send(self->fd2, buf, n, 0), n);
1381+
EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1);
1382+
EXPECT_EQ(errno, EBADMSG);
1383+
EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1);
1384+
EXPECT_EQ(errno, EBADMSG);
1385+
}
1386+
1387+
TEST_F(tls_err, bad_in_large_read)
1388+
{
1389+
char txt[3][64];
1390+
char cip[3][128];
1391+
char buf[3 * 128];
1392+
int i, n;
1393+
1394+
if (self->notls)
1395+
SKIP(return, "no TLS support");
1396+
1397+
/* Put 3 records in the sockets */
1398+
for (i = 0; i < 3; i++) {
1399+
memrnd(txt[i], sizeof(txt[i]));
1400+
EXPECT_EQ(send(self->fd, txt[i], sizeof(txt[i]), 0),
1401+
sizeof(txt[i]));
1402+
n = recv(self->cfd, cip[i], sizeof(cip[i]), 0);
1403+
EXPECT_GT(n, sizeof(txt[i]));
1404+
/* Break the third message */
1405+
if (i == 2)
1406+
cip[2][n - 1]++;
1407+
EXPECT_EQ(send(self->fd2, cip[i], n, 0), n);
1408+
}
1409+
1410+
/* We should be able to receive the first two messages */
1411+
EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), sizeof(txt[0]) * 2);
1412+
EXPECT_EQ(memcmp(buf, txt[0], sizeof(txt[0])), 0);
1413+
EXPECT_EQ(memcmp(buf + sizeof(txt[0]), txt[1], sizeof(txt[1])), 0);
1414+
/* Third mesasge is bad */
1415+
EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1);
1416+
EXPECT_EQ(errno, EBADMSG);
1417+
EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1);
1418+
EXPECT_EQ(errno, EBADMSG);
1419+
}
1420+
1421+
TEST_F(tls_err, bad_cmsg)
1422+
{
1423+
char *test_str = "test_read";
1424+
int send_len = 10;
1425+
char cip[128];
1426+
char buf[128];
1427+
char txt[64];
1428+
int n;
1429+
1430+
if (self->notls)
1431+
SKIP(return, "no TLS support");
1432+
1433+
/* Queue up one data record */
1434+
memrnd(txt, sizeof(txt));
1435+
EXPECT_EQ(send(self->fd, txt, sizeof(txt), 0), sizeof(txt));
1436+
n = recv(self->cfd, cip, sizeof(cip), 0);
1437+
EXPECT_GT(n, sizeof(txt));
1438+
EXPECT_EQ(send(self->fd2, cip, n, 0), n);
1439+
1440+
EXPECT_EQ(tls_send_cmsg(self->fd, 100, test_str, send_len, 0), 10);
1441+
n = recv(self->cfd, cip, sizeof(cip), 0);
1442+
cip[n - 1]++; /* Break it */
1443+
EXPECT_GT(n, send_len);
1444+
EXPECT_EQ(send(self->fd2, cip, n, 0), n);
1445+
1446+
EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), sizeof(txt));
1447+
EXPECT_EQ(memcmp(buf, txt, sizeof(txt)), 0);
1448+
EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1);
1449+
EXPECT_EQ(errno, EBADMSG);
1450+
EXPECT_EQ(recv(self->cfd2, buf, sizeof(buf), 0), -1);
1451+
EXPECT_EQ(errno, EBADMSG);
1452+
}
1453+
13001454
TEST(non_established) {
13011455
struct tls12_crypto_info_aes_gcm_256 tls12;
13021456
struct sockaddr_in addr;

0 commit comments

Comments
 (0)