linux/tools/testing/selftests/net/tls.c
<<
>>
Prefs
   1// SPDX-License-Identifier: GPL-2.0
   2
   3#define _GNU_SOURCE
   4
   5#include <arpa/inet.h>
   6#include <errno.h>
   7#include <error.h>
   8#include <fcntl.h>
   9#include <poll.h>
  10#include <stdio.h>
  11#include <stdlib.h>
  12#include <unistd.h>
  13
  14#include <linux/tls.h>
  15#include <linux/tcp.h>
  16#include <linux/socket.h>
  17
  18#include <sys/types.h>
  19#include <sys/sendfile.h>
  20#include <sys/socket.h>
  21#include <sys/stat.h>
  22
  23#include "../kselftest_harness.h"
  24
  25#define TLS_PAYLOAD_MAX_LEN 16384
  26#define SOL_TLS 282
  27
  28#ifndef ENOTSUPP
  29#define ENOTSUPP 524
  30#endif
  31
  32FIXTURE(tls_basic)
  33{
  34        int fd, cfd;
  35        bool notls;
  36};
  37
  38FIXTURE_SETUP(tls_basic)
  39{
  40        struct sockaddr_in addr;
  41        socklen_t len;
  42        int sfd, ret;
  43
  44        self->notls = false;
  45        len = sizeof(addr);
  46
  47        addr.sin_family = AF_INET;
  48        addr.sin_addr.s_addr = htonl(INADDR_ANY);
  49        addr.sin_port = 0;
  50
  51        self->fd = socket(AF_INET, SOCK_STREAM, 0);
  52        sfd = socket(AF_INET, SOCK_STREAM, 0);
  53
  54        ret = bind(sfd, &addr, sizeof(addr));
  55        ASSERT_EQ(ret, 0);
  56        ret = listen(sfd, 10);
  57        ASSERT_EQ(ret, 0);
  58
  59        ret = getsockname(sfd, &addr, &len);
  60        ASSERT_EQ(ret, 0);
  61
  62        ret = connect(self->fd, &addr, sizeof(addr));
  63        ASSERT_EQ(ret, 0);
  64
  65        self->cfd = accept(sfd, &addr, &len);
  66        ASSERT_GE(self->cfd, 0);
  67
  68        close(sfd);
  69
  70        ret = setsockopt(self->fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls"));
  71        if (ret != 0) {
  72                ASSERT_EQ(errno, ENOENT);
  73                self->notls = true;
  74                printf("Failure setting TCP_ULP, testing without tls\n");
  75                return;
  76        }
  77
  78        ret = setsockopt(self->cfd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls"));
  79        ASSERT_EQ(ret, 0);
  80}
  81
  82FIXTURE_TEARDOWN(tls_basic)
  83{
  84        close(self->fd);
  85        close(self->cfd);
  86}
  87
  88/* Send some data through with ULP but no keys */
  89TEST_F(tls_basic, base_base)
  90{
  91        char const *test_str = "test_read";
  92        int send_len = 10;
  93        char buf[10];
  94
  95        ASSERT_EQ(strlen(test_str) + 1, send_len);
  96
  97        EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
  98        EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1);
  99        EXPECT_EQ(memcmp(buf, test_str, send_len), 0);
 100};
 101
 102FIXTURE(tls)
 103{
 104        int fd, cfd;
 105        bool notls;
 106};
 107
 108FIXTURE_SETUP(tls)
 109{
 110        struct tls12_crypto_info_aes_gcm_128 tls12;
 111        struct sockaddr_in addr;
 112        socklen_t len;
 113        int sfd, ret;
 114
 115        self->notls = false;
 116        len = sizeof(addr);
 117
 118        memset(&tls12, 0, sizeof(tls12));
 119        tls12.info.version = TLS_1_3_VERSION;
 120        tls12.info.cipher_type = TLS_CIPHER_AES_GCM_128;
 121
 122        addr.sin_family = AF_INET;
 123        addr.sin_addr.s_addr = htonl(INADDR_ANY);
 124        addr.sin_port = 0;
 125
 126        self->fd = socket(AF_INET, SOCK_STREAM, 0);
 127        sfd = socket(AF_INET, SOCK_STREAM, 0);
 128
 129        ret = bind(sfd, &addr, sizeof(addr));
 130        ASSERT_EQ(ret, 0);
 131        ret = listen(sfd, 10);
 132        ASSERT_EQ(ret, 0);
 133
 134        ret = getsockname(sfd, &addr, &len);
 135        ASSERT_EQ(ret, 0);
 136
 137        ret = connect(self->fd, &addr, sizeof(addr));
 138        ASSERT_EQ(ret, 0);
 139
 140        ret = setsockopt(self->fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls"));
 141        if (ret != 0) {
 142                self->notls = true;
 143                printf("Failure setting TCP_ULP, testing without tls\n");
 144        }
 145
 146        if (!self->notls) {
 147                ret = setsockopt(self->fd, SOL_TLS, TLS_TX, &tls12,
 148                                 sizeof(tls12));
 149                ASSERT_EQ(ret, 0);
 150        }
 151
 152        self->cfd = accept(sfd, &addr, &len);
 153        ASSERT_GE(self->cfd, 0);
 154
 155        if (!self->notls) {
 156                ret = setsockopt(self->cfd, IPPROTO_TCP, TCP_ULP, "tls",
 157                                 sizeof("tls"));
 158                ASSERT_EQ(ret, 0);
 159
 160                ret = setsockopt(self->cfd, SOL_TLS, TLS_RX, &tls12,
 161                                 sizeof(tls12));
 162                ASSERT_EQ(ret, 0);
 163        }
 164
 165        close(sfd);
 166}
 167
 168FIXTURE_TEARDOWN(tls)
 169{
 170        close(self->fd);
 171        close(self->cfd);
 172}
 173
 174TEST_F(tls, sendfile)
 175{
 176        int filefd = open("/proc/self/exe", O_RDONLY);
 177        struct stat st;
 178
 179        EXPECT_GE(filefd, 0);
 180        fstat(filefd, &st);
 181        EXPECT_GE(sendfile(self->fd, filefd, 0, st.st_size), 0);
 182}
 183
 184TEST_F(tls, send_then_sendfile)
 185{
 186        int filefd = open("/proc/self/exe", O_RDONLY);
 187        char const *test_str = "test_send";
 188        int to_send = strlen(test_str) + 1;
 189        char recv_buf[10];
 190        struct stat st;
 191        char *buf;
 192
 193        EXPECT_GE(filefd, 0);
 194        fstat(filefd, &st);
 195        buf = (char *)malloc(st.st_size);
 196
 197        EXPECT_EQ(send(self->fd, test_str, to_send, 0), to_send);
 198        EXPECT_EQ(recv(self->cfd, recv_buf, to_send, MSG_WAITALL), to_send);
 199        EXPECT_EQ(memcmp(test_str, recv_buf, to_send), 0);
 200
 201        EXPECT_GE(sendfile(self->fd, filefd, 0, st.st_size), 0);
 202        EXPECT_EQ(recv(self->cfd, buf, st.st_size, MSG_WAITALL), st.st_size);
 203}
 204
 205TEST_F(tls, recv_max)
 206{
 207        unsigned int send_len = TLS_PAYLOAD_MAX_LEN;
 208        char recv_mem[TLS_PAYLOAD_MAX_LEN];
 209        char buf[TLS_PAYLOAD_MAX_LEN];
 210
 211        EXPECT_GE(send(self->fd, buf, send_len, 0), 0);
 212        EXPECT_NE(recv(self->cfd, recv_mem, send_len, 0), -1);
 213        EXPECT_EQ(memcmp(buf, recv_mem, send_len), 0);
 214}
 215
 216TEST_F(tls, recv_small)
 217{
 218        char const *test_str = "test_read";
 219        int send_len = 10;
 220        char buf[10];
 221
 222        send_len = strlen(test_str) + 1;
 223        EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
 224        EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1);
 225        EXPECT_EQ(memcmp(buf, test_str, send_len), 0);
 226}
 227
 228TEST_F(tls, msg_more)
 229{
 230        char const *test_str = "test_read";
 231        int send_len = 10;
 232        char buf[10 * 2];
 233
 234        EXPECT_EQ(send(self->fd, test_str, send_len, MSG_MORE), send_len);
 235        EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_DONTWAIT), -1);
 236        EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
 237        EXPECT_EQ(recv(self->cfd, buf, send_len * 2, MSG_WAITALL),
 238                  send_len * 2);
 239        EXPECT_EQ(memcmp(buf, test_str, send_len), 0);
 240}
 241
 242TEST_F(tls, msg_more_unsent)
 243{
 244        char const *test_str = "test_read";
 245        int send_len = 10;
 246        char buf[10];
 247
 248        EXPECT_EQ(send(self->fd, test_str, send_len, MSG_MORE), send_len);
 249        EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_DONTWAIT), -1);
 250}
 251
 252TEST_F(tls, sendmsg_single)
 253{
 254        struct msghdr msg;
 255
 256        char const *test_str = "test_sendmsg";
 257        size_t send_len = 13;
 258        struct iovec vec;
 259        char buf[13];
 260
 261        vec.iov_base = (char *)test_str;
 262        vec.iov_len = send_len;
 263        memset(&msg, 0, sizeof(struct msghdr));
 264        msg.msg_iov = &vec;
 265        msg.msg_iovlen = 1;
 266        EXPECT_EQ(sendmsg(self->fd, &msg, 0), send_len);
 267        EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_WAITALL), send_len);
 268        EXPECT_EQ(memcmp(buf, test_str, send_len), 0);
 269}
 270
 271TEST_F(tls, sendmsg_large)
 272{
 273        void *mem = malloc(16384);
 274        size_t send_len = 16384;
 275        size_t sends = 128;
 276        struct msghdr msg;
 277        size_t recvs = 0;
 278        size_t sent = 0;
 279
 280        memset(&msg, 0, sizeof(struct msghdr));
 281        while (sent++ < sends) {
 282                struct iovec vec = { (void *)mem, send_len };
 283
 284                msg.msg_iov = &vec;
 285                msg.msg_iovlen = 1;
 286                EXPECT_EQ(sendmsg(self->cfd, &msg, 0), send_len);
 287        }
 288
 289        while (recvs++ < sends)
 290                EXPECT_NE(recv(self->fd, mem, send_len, 0), -1);
 291
 292        free(mem);
 293}
 294
 295TEST_F(tls, sendmsg_multiple)
 296{
 297        char const *test_str = "test_sendmsg_multiple";
 298        struct iovec vec[5];
 299        char *test_strs[5];
 300        struct msghdr msg;
 301        int total_len = 0;
 302        int len_cmp = 0;
 303        int iov_len = 5;
 304        char *buf;
 305        int i;
 306
 307        memset(&msg, 0, sizeof(struct msghdr));
 308        for (i = 0; i < iov_len; i++) {
 309                test_strs[i] = (char *)malloc(strlen(test_str) + 1);
 310                snprintf(test_strs[i], strlen(test_str) + 1, "%s", test_str);
 311                vec[i].iov_base = (void *)test_strs[i];
 312                vec[i].iov_len = strlen(test_strs[i]) + 1;
 313                total_len += vec[i].iov_len;
 314        }
 315        msg.msg_iov = vec;
 316        msg.msg_iovlen = iov_len;
 317
 318        EXPECT_EQ(sendmsg(self->cfd, &msg, 0), total_len);
 319        buf = malloc(total_len);
 320        EXPECT_NE(recv(self->fd, buf, total_len, 0), -1);
 321        for (i = 0; i < iov_len; i++) {
 322                EXPECT_EQ(memcmp(test_strs[i], buf + len_cmp,
 323                                 strlen(test_strs[i])),
 324                          0);
 325                len_cmp += strlen(buf + len_cmp) + 1;
 326        }
 327        for (i = 0; i < iov_len; i++)
 328                free(test_strs[i]);
 329        free(buf);
 330}
 331
 332TEST_F(tls, sendmsg_multiple_stress)
 333{
 334        char const *test_str = "abcdefghijklmno";
 335        struct iovec vec[1024];
 336        char *test_strs[1024];
 337        int iov_len = 1024;
 338        int total_len = 0;
 339        char buf[1 << 14];
 340        struct msghdr msg;
 341        int len_cmp = 0;
 342        int i;
 343
 344        memset(&msg, 0, sizeof(struct msghdr));
 345        for (i = 0; i < iov_len; i++) {
 346                test_strs[i] = (char *)malloc(strlen(test_str) + 1);
 347                snprintf(test_strs[i], strlen(test_str) + 1, "%s", test_str);
 348                vec[i].iov_base = (void *)test_strs[i];
 349                vec[i].iov_len = strlen(test_strs[i]) + 1;
 350                total_len += vec[i].iov_len;
 351        }
 352        msg.msg_iov = vec;
 353        msg.msg_iovlen = iov_len;
 354
 355        EXPECT_EQ(sendmsg(self->fd, &msg, 0), total_len);
 356        EXPECT_NE(recv(self->cfd, buf, total_len, 0), -1);
 357
 358        for (i = 0; i < iov_len; i++)
 359                len_cmp += strlen(buf + len_cmp) + 1;
 360
 361        for (i = 0; i < iov_len; i++)
 362                free(test_strs[i]);
 363}
 364
 365TEST_F(tls, splice_from_pipe)
 366{
 367        int send_len = TLS_PAYLOAD_MAX_LEN;
 368        char mem_send[TLS_PAYLOAD_MAX_LEN];
 369        char mem_recv[TLS_PAYLOAD_MAX_LEN];
 370        int p[2];
 371
 372        ASSERT_GE(pipe(p), 0);
 373        EXPECT_GE(write(p[1], mem_send, send_len), 0);
 374        EXPECT_GE(splice(p[0], NULL, self->fd, NULL, send_len, 0), 0);
 375        EXPECT_EQ(recv(self->cfd, mem_recv, send_len, MSG_WAITALL), send_len);
 376        EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0);
 377}
 378
 379TEST_F(tls, splice_from_pipe2)
 380{
 381        int send_len = 16000;
 382        char mem_send[16000];
 383        char mem_recv[16000];
 384        int p2[2];
 385        int p[2];
 386
 387        ASSERT_GE(pipe(p), 0);
 388        ASSERT_GE(pipe(p2), 0);
 389        EXPECT_GE(write(p[1], mem_send, 8000), 0);
 390        EXPECT_GE(splice(p[0], NULL, self->fd, NULL, 8000, 0), 0);
 391        EXPECT_GE(write(p2[1], mem_send + 8000, 8000), 0);
 392        EXPECT_GE(splice(p2[0], NULL, self->fd, NULL, 8000, 0), 0);
 393        EXPECT_EQ(recv(self->cfd, mem_recv, send_len, MSG_WAITALL), send_len);
 394        EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0);
 395}
 396
 397TEST_F(tls, send_and_splice)
 398{
 399        int send_len = TLS_PAYLOAD_MAX_LEN;
 400        char mem_send[TLS_PAYLOAD_MAX_LEN];
 401        char mem_recv[TLS_PAYLOAD_MAX_LEN];
 402        char const *test_str = "test_read";
 403        int send_len2 = 10;
 404        char buf[10];
 405        int p[2];
 406
 407        ASSERT_GE(pipe(p), 0);
 408        EXPECT_EQ(send(self->fd, test_str, send_len2, 0), send_len2);
 409        EXPECT_EQ(recv(self->cfd, buf, send_len2, MSG_WAITALL), send_len2);
 410        EXPECT_EQ(memcmp(test_str, buf, send_len2), 0);
 411
 412        EXPECT_GE(write(p[1], mem_send, send_len), send_len);
 413        EXPECT_GE(splice(p[0], NULL, self->fd, NULL, send_len, 0), send_len);
 414
 415        EXPECT_EQ(recv(self->cfd, mem_recv, send_len, MSG_WAITALL), send_len);
 416        EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0);
 417}
 418
 419TEST_F(tls, splice_to_pipe)
 420{
 421        int send_len = TLS_PAYLOAD_MAX_LEN;
 422        char mem_send[TLS_PAYLOAD_MAX_LEN];
 423        char mem_recv[TLS_PAYLOAD_MAX_LEN];
 424        int p[2];
 425
 426        ASSERT_GE(pipe(p), 0);
 427        EXPECT_GE(send(self->fd, mem_send, send_len, 0), 0);
 428        EXPECT_GE(splice(self->cfd, NULL, p[1], NULL, send_len, 0), 0);
 429        EXPECT_GE(read(p[0], mem_recv, send_len), 0);
 430        EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0);
 431}
 432
 433TEST_F(tls, recvmsg_single)
 434{
 435        char const *test_str = "test_recvmsg_single";
 436        int send_len = strlen(test_str) + 1;
 437        char buf[20];
 438        struct msghdr hdr;
 439        struct iovec vec;
 440
 441        memset(&hdr, 0, sizeof(hdr));
 442        EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
 443        vec.iov_base = (char *)buf;
 444        vec.iov_len = send_len;
 445        hdr.msg_iovlen = 1;
 446        hdr.msg_iov = &vec;
 447        EXPECT_NE(recvmsg(self->cfd, &hdr, 0), -1);
 448        EXPECT_EQ(memcmp(test_str, buf, send_len), 0);
 449}
 450
 451TEST_F(tls, recvmsg_single_max)
 452{
 453        int send_len = TLS_PAYLOAD_MAX_LEN;
 454        char send_mem[TLS_PAYLOAD_MAX_LEN];
 455        char recv_mem[TLS_PAYLOAD_MAX_LEN];
 456        struct iovec vec;
 457        struct msghdr hdr;
 458
 459        EXPECT_EQ(send(self->fd, send_mem, send_len, 0), send_len);
 460        vec.iov_base = (char *)recv_mem;
 461        vec.iov_len = TLS_PAYLOAD_MAX_LEN;
 462
 463        hdr.msg_iovlen = 1;
 464        hdr.msg_iov = &vec;
 465        EXPECT_NE(recvmsg(self->cfd, &hdr, 0), -1);
 466        EXPECT_EQ(memcmp(send_mem, recv_mem, send_len), 0);
 467}
 468
 469TEST_F(tls, recvmsg_multiple)
 470{
 471        unsigned int msg_iovlen = 1024;
 472        unsigned int len_compared = 0;
 473        struct iovec vec[1024];
 474        char *iov_base[1024];
 475        unsigned int iov_len = 16;
 476        int send_len = 1 << 14;
 477        char buf[1 << 14];
 478        struct msghdr hdr;
 479        int i;
 480
 481        EXPECT_EQ(send(self->fd, buf, send_len, 0), send_len);
 482        for (i = 0; i < msg_iovlen; i++) {
 483                iov_base[i] = (char *)malloc(iov_len);
 484                vec[i].iov_base = iov_base[i];
 485                vec[i].iov_len = iov_len;
 486        }
 487
 488        hdr.msg_iovlen = msg_iovlen;
 489        hdr.msg_iov = vec;
 490        EXPECT_NE(recvmsg(self->cfd, &hdr, 0), -1);
 491        for (i = 0; i < msg_iovlen; i++)
 492                len_compared += iov_len;
 493
 494        for (i = 0; i < msg_iovlen; i++)
 495                free(iov_base[i]);
 496}
 497
 498TEST_F(tls, single_send_multiple_recv)
 499{
 500        unsigned int total_len = TLS_PAYLOAD_MAX_LEN * 2;
 501        unsigned int send_len = TLS_PAYLOAD_MAX_LEN;
 502        char send_mem[TLS_PAYLOAD_MAX_LEN * 2];
 503        char recv_mem[TLS_PAYLOAD_MAX_LEN * 2];
 504
 505        EXPECT_GE(send(self->fd, send_mem, total_len, 0), 0);
 506        memset(recv_mem, 0, total_len);
 507
 508        EXPECT_NE(recv(self->cfd, recv_mem, send_len, 0), -1);
 509        EXPECT_NE(recv(self->cfd, recv_mem + send_len, send_len, 0), -1);
 510        EXPECT_EQ(memcmp(send_mem, recv_mem, total_len), 0);
 511}
 512
 513TEST_F(tls, multiple_send_single_recv)
 514{
 515        unsigned int total_len = 2 * 10;
 516        unsigned int send_len = 10;
 517        char recv_mem[2 * 10];
 518        char send_mem[10];
 519
 520        EXPECT_GE(send(self->fd, send_mem, send_len, 0), 0);
 521        EXPECT_GE(send(self->fd, send_mem, send_len, 0), 0);
 522        memset(recv_mem, 0, total_len);
 523        EXPECT_EQ(recv(self->cfd, recv_mem, total_len, MSG_WAITALL), total_len);
 524
 525        EXPECT_EQ(memcmp(send_mem, recv_mem, send_len), 0);
 526        EXPECT_EQ(memcmp(send_mem, recv_mem + send_len, send_len), 0);
 527}
 528
 529TEST_F(tls, single_send_multiple_recv_non_align)
 530{
 531        const unsigned int total_len = 15;
 532        const unsigned int recv_len = 10;
 533        char recv_mem[recv_len * 2];
 534        char send_mem[total_len];
 535
 536        EXPECT_GE(send(self->fd, send_mem, total_len, 0), 0);
 537        memset(recv_mem, 0, total_len);
 538
 539        EXPECT_EQ(recv(self->cfd, recv_mem, recv_len, 0), recv_len);
 540        EXPECT_EQ(recv(self->cfd, recv_mem + recv_len, recv_len, 0), 5);
 541        EXPECT_EQ(memcmp(send_mem, recv_mem, total_len), 0);
 542}
 543
 544TEST_F(tls, recv_partial)
 545{
 546        char const *test_str = "test_read_partial";
 547        char const *test_str_first = "test_read";
 548        char const *test_str_second = "_partial";
 549        int send_len = strlen(test_str) + 1;
 550        char recv_mem[18];
 551
 552        memset(recv_mem, 0, sizeof(recv_mem));
 553        EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
 554        EXPECT_NE(recv(self->cfd, recv_mem, strlen(test_str_first),
 555                       MSG_WAITALL), -1);
 556        EXPECT_EQ(memcmp(test_str_first, recv_mem, strlen(test_str_first)), 0);
 557        memset(recv_mem, 0, sizeof(recv_mem));
 558        EXPECT_NE(recv(self->cfd, recv_mem, strlen(test_str_second),
 559                       MSG_WAITALL), -1);
 560        EXPECT_EQ(memcmp(test_str_second, recv_mem, strlen(test_str_second)),
 561                  0);
 562}
 563
 564TEST_F(tls, recv_nonblock)
 565{
 566        char buf[4096];
 567        bool err;
 568
 569        EXPECT_EQ(recv(self->cfd, buf, sizeof(buf), MSG_DONTWAIT), -1);
 570        err = (errno == EAGAIN || errno == EWOULDBLOCK);
 571        EXPECT_EQ(err, true);
 572}
 573
 574TEST_F(tls, recv_peek)
 575{
 576        char const *test_str = "test_read_peek";
 577        int send_len = strlen(test_str) + 1;
 578        char buf[15];
 579
 580        EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
 581        EXPECT_NE(recv(self->cfd, buf, send_len, MSG_PEEK), -1);
 582        EXPECT_EQ(memcmp(test_str, buf, send_len), 0);
 583        memset(buf, 0, sizeof(buf));
 584        EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1);
 585        EXPECT_EQ(memcmp(test_str, buf, send_len), 0);
 586}
 587
 588TEST_F(tls, recv_peek_multiple)
 589{
 590        char const *test_str = "test_read_peek";
 591        int send_len = strlen(test_str) + 1;
 592        unsigned int num_peeks = 100;
 593        char buf[15];
 594        int i;
 595
 596        EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
 597        for (i = 0; i < num_peeks; i++) {
 598                EXPECT_NE(recv(self->cfd, buf, send_len, MSG_PEEK), -1);
 599                EXPECT_EQ(memcmp(test_str, buf, send_len), 0);
 600                memset(buf, 0, sizeof(buf));
 601        }
 602        EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1);
 603        EXPECT_EQ(memcmp(test_str, buf, send_len), 0);
 604}
 605
 606TEST_F(tls, recv_peek_multiple_records)
 607{
 608        char const *test_str = "test_read_peek_mult_recs";
 609        char const *test_str_first = "test_read_peek";
 610        char const *test_str_second = "_mult_recs";
 611        int len;
 612        char buf[64];
 613
 614        len = strlen(test_str_first);
 615        EXPECT_EQ(send(self->fd, test_str_first, len, 0), len);
 616
 617        len = strlen(test_str_second) + 1;
 618        EXPECT_EQ(send(self->fd, test_str_second, len, 0), len);
 619
 620        len = strlen(test_str_first);
 621        memset(buf, 0, len);
 622        EXPECT_EQ(recv(self->cfd, buf, len, MSG_PEEK | MSG_WAITALL), len);
 623
 624        /* MSG_PEEK can only peek into the current record. */
 625        len = strlen(test_str_first);
 626        EXPECT_EQ(memcmp(test_str_first, buf, len), 0);
 627
 628        len = strlen(test_str) + 1;
 629        memset(buf, 0, len);
 630        EXPECT_EQ(recv(self->cfd, buf, len, MSG_WAITALL), len);
 631
 632        /* Non-MSG_PEEK will advance strparser (and therefore record)
 633         * however.
 634         */
 635        len = strlen(test_str) + 1;
 636        EXPECT_EQ(memcmp(test_str, buf, len), 0);
 637
 638        /* MSG_MORE will hold current record open, so later MSG_PEEK
 639         * will see everything.
 640         */
 641        len = strlen(test_str_first);
 642        EXPECT_EQ(send(self->fd, test_str_first, len, MSG_MORE), len);
 643
 644        len = strlen(test_str_second) + 1;
 645        EXPECT_EQ(send(self->fd, test_str_second, len, 0), len);
 646
 647        len = strlen(test_str) + 1;
 648        memset(buf, 0, len);
 649        EXPECT_EQ(recv(self->cfd, buf, len, MSG_PEEK | MSG_WAITALL), len);
 650
 651        len = strlen(test_str) + 1;
 652        EXPECT_EQ(memcmp(test_str, buf, len), 0);
 653}
 654
 655TEST_F(tls, recv_peek_large_buf_mult_recs)
 656{
 657        char const *test_str = "test_read_peek_mult_recs";
 658        char const *test_str_first = "test_read_peek";
 659        char const *test_str_second = "_mult_recs";
 660        int len;
 661        char buf[64];
 662
 663        len = strlen(test_str_first);
 664        EXPECT_EQ(send(self->fd, test_str_first, len, 0), len);
 665
 666        len = strlen(test_str_second) + 1;
 667        EXPECT_EQ(send(self->fd, test_str_second, len, 0), len);
 668
 669        len = strlen(test_str) + 1;
 670        memset(buf, 0, len);
 671        EXPECT_NE((len = recv(self->cfd, buf, len,
 672                              MSG_PEEK | MSG_WAITALL)), -1);
 673        len = strlen(test_str) + 1;
 674        EXPECT_EQ(memcmp(test_str, buf, len), 0);
 675}
 676
 677TEST_F(tls, recv_lowat)
 678{
 679        char send_mem[10] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 };
 680        char recv_mem[20];
 681        int lowat = 8;
 682
 683        EXPECT_EQ(send(self->fd, send_mem, 10, 0), 10);
 684        EXPECT_EQ(send(self->fd, send_mem, 5, 0), 5);
 685
 686        memset(recv_mem, 0, 20);
 687        EXPECT_EQ(setsockopt(self->cfd, SOL_SOCKET, SO_RCVLOWAT,
 688                             &lowat, sizeof(lowat)), 0);
 689        EXPECT_EQ(recv(self->cfd, recv_mem, 1, MSG_WAITALL), 1);
 690        EXPECT_EQ(recv(self->cfd, recv_mem + 1, 6, MSG_WAITALL), 6);
 691        EXPECT_EQ(recv(self->cfd, recv_mem + 7, 10, 0), 8);
 692
 693        EXPECT_EQ(memcmp(send_mem, recv_mem, 10), 0);
 694        EXPECT_EQ(memcmp(send_mem, recv_mem + 10, 5), 0);
 695}
 696
 697TEST_F(tls, bidir)
 698{
 699        char const *test_str = "test_read";
 700        int send_len = 10;
 701        char buf[10];
 702        int ret;
 703
 704        if (!self->notls) {
 705                struct tls12_crypto_info_aes_gcm_128 tls12;
 706
 707                memset(&tls12, 0, sizeof(tls12));
 708                tls12.info.version = TLS_1_3_VERSION;
 709                tls12.info.cipher_type = TLS_CIPHER_AES_GCM_128;
 710
 711                ret = setsockopt(self->fd, SOL_TLS, TLS_RX, &tls12,
 712                                 sizeof(tls12));
 713                ASSERT_EQ(ret, 0);
 714
 715                ret = setsockopt(self->cfd, SOL_TLS, TLS_TX, &tls12,
 716                                 sizeof(tls12));
 717                ASSERT_EQ(ret, 0);
 718        }
 719
 720        ASSERT_EQ(strlen(test_str) + 1, send_len);
 721
 722        EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
 723        EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1);
 724        EXPECT_EQ(memcmp(buf, test_str, send_len), 0);
 725
 726        memset(buf, 0, sizeof(buf));
 727
 728        EXPECT_EQ(send(self->cfd, test_str, send_len, 0), send_len);
 729        EXPECT_NE(recv(self->fd, buf, send_len, 0), -1);
 730        EXPECT_EQ(memcmp(buf, test_str, send_len), 0);
 731};
 732
 733TEST_F(tls, pollin)
 734{
 735        char const *test_str = "test_poll";
 736        struct pollfd fd = { 0, 0, 0 };
 737        char buf[10];
 738        int send_len = 10;
 739
 740        EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
 741        fd.fd = self->cfd;
 742        fd.events = POLLIN;
 743
 744        EXPECT_EQ(poll(&fd, 1, 20), 1);
 745        EXPECT_EQ(fd.revents & POLLIN, 1);
 746        EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_WAITALL), send_len);
 747        /* Test timing out */
 748        EXPECT_EQ(poll(&fd, 1, 20), 0);
 749}
 750
 751TEST_F(tls, poll_wait)
 752{
 753        char const *test_str = "test_poll_wait";
 754        int send_len = strlen(test_str) + 1;
 755        struct pollfd fd = { 0, 0, 0 };
 756        char recv_mem[15];
 757
 758        fd.fd = self->cfd;
 759        fd.events = POLLIN;
 760        EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
 761        /* Set timeout to inf. secs */
 762        EXPECT_EQ(poll(&fd, 1, -1), 1);
 763        EXPECT_EQ(fd.revents & POLLIN, 1);
 764        EXPECT_EQ(recv(self->cfd, recv_mem, send_len, MSG_WAITALL), send_len);
 765}
 766
 767TEST_F(tls, poll_wait_split)
 768{
 769        struct pollfd fd = { 0, 0, 0 };
 770        char send_mem[20] = {};
 771        char recv_mem[15];
 772
 773        fd.fd = self->cfd;
 774        fd.events = POLLIN;
 775        /* Send 20 bytes */
 776        EXPECT_EQ(send(self->fd, send_mem, sizeof(send_mem), 0),
 777                  sizeof(send_mem));
 778        /* Poll with inf. timeout */
 779        EXPECT_EQ(poll(&fd, 1, -1), 1);
 780        EXPECT_EQ(fd.revents & POLLIN, 1);
 781        EXPECT_EQ(recv(self->cfd, recv_mem, sizeof(recv_mem), MSG_WAITALL),
 782                  sizeof(recv_mem));
 783
 784        /* Now the remaining 5 bytes of record data are in TLS ULP */
 785        fd.fd = self->cfd;
 786        fd.events = POLLIN;
 787        EXPECT_EQ(poll(&fd, 1, -1), 1);
 788        EXPECT_EQ(fd.revents & POLLIN, 1);
 789        EXPECT_EQ(recv(self->cfd, recv_mem, sizeof(recv_mem), 0),
 790                  sizeof(send_mem) - sizeof(recv_mem));
 791}
 792
 793TEST_F(tls, blocking)
 794{
 795        size_t data = 100000;
 796        int res = fork();
 797
 798        EXPECT_NE(res, -1);
 799
 800        if (res) {
 801                /* parent */
 802                size_t left = data;
 803                char buf[16384];
 804                int status;
 805                int pid2;
 806
 807                while (left) {
 808                        int res = send(self->fd, buf,
 809                                       left > 16384 ? 16384 : left, 0);
 810
 811                        EXPECT_GE(res, 0);
 812                        left -= res;
 813                }
 814
 815                pid2 = wait(&status);
 816                EXPECT_EQ(status, 0);
 817                EXPECT_EQ(res, pid2);
 818        } else {
 819                /* child */
 820                size_t left = data;
 821                char buf[16384];
 822
 823                while (left) {
 824                        int res = recv(self->cfd, buf,
 825                                       left > 16384 ? 16384 : left, 0);
 826
 827                        EXPECT_GE(res, 0);
 828                        left -= res;
 829                }
 830        }
 831}
 832
 833TEST_F(tls, nonblocking)
 834{
 835        size_t data = 100000;
 836        int sendbuf = 100;
 837        int flags;
 838        int res;
 839
 840        flags = fcntl(self->fd, F_GETFL, 0);
 841        fcntl(self->fd, F_SETFL, flags | O_NONBLOCK);
 842        fcntl(self->cfd, F_SETFL, flags | O_NONBLOCK);
 843
 844        /* Ensure nonblocking behavior by imposing a small send
 845         * buffer.
 846         */
 847        EXPECT_EQ(setsockopt(self->fd, SOL_SOCKET, SO_SNDBUF,
 848                             &sendbuf, sizeof(sendbuf)), 0);
 849
 850        res = fork();
 851        EXPECT_NE(res, -1);
 852
 853        if (res) {
 854                /* parent */
 855                bool eagain = false;
 856                size_t left = data;
 857                char buf[16384];
 858                int status;
 859                int pid2;
 860
 861                while (left) {
 862                        int res = send(self->fd, buf,
 863                                       left > 16384 ? 16384 : left, 0);
 864
 865                        if (res == -1 && errno == EAGAIN) {
 866                                eagain = true;
 867                                usleep(10000);
 868                                continue;
 869                        }
 870                        EXPECT_GE(res, 0);
 871                        left -= res;
 872                }
 873
 874                EXPECT_TRUE(eagain);
 875                pid2 = wait(&status);
 876
 877                EXPECT_EQ(status, 0);
 878                EXPECT_EQ(res, pid2);
 879        } else {
 880                /* child */
 881                bool eagain = false;
 882                size_t left = data;
 883                char buf[16384];
 884
 885                while (left) {
 886                        int res = recv(self->cfd, buf,
 887                                       left > 16384 ? 16384 : left, 0);
 888
 889                        if (res == -1 && errno == EAGAIN) {
 890                                eagain = true;
 891                                usleep(10000);
 892                                continue;
 893                        }
 894                        EXPECT_GE(res, 0);
 895                        left -= res;
 896                }
 897                EXPECT_TRUE(eagain);
 898        }
 899}
 900
 901static void
 902test_mutliproc(struct __test_metadata *_metadata, struct _test_data_tls *self,
 903               bool sendpg, unsigned int n_readers, unsigned int n_writers)
 904{
 905        const unsigned int n_children = n_readers + n_writers;
 906        const size_t data = 6 * 1000 * 1000;
 907        const size_t file_sz = data / 100;
 908        size_t read_bias, write_bias;
 909        int i, fd, child_id;
 910        char buf[file_sz];
 911        pid_t pid;
 912
 913        /* Only allow multiples for simplicity */
 914        ASSERT_EQ(!(n_readers % n_writers) || !(n_writers % n_readers), true);
 915        read_bias = n_writers / n_readers ?: 1;
 916        write_bias = n_readers / n_writers ?: 1;
 917
 918        /* prep a file to send */
 919        fd = open("/tmp/", O_TMPFILE | O_RDWR, 0600);
 920        ASSERT_GE(fd, 0);
 921
 922        memset(buf, 0xac, file_sz);
 923        ASSERT_EQ(write(fd, buf, file_sz), file_sz);
 924
 925        /* spawn children */
 926        for (child_id = 0; child_id < n_children; child_id++) {
 927                pid = fork();
 928                ASSERT_NE(pid, -1);
 929                if (!pid)
 930                        break;
 931        }
 932
 933        /* parent waits for all children */
 934        if (pid) {
 935                for (i = 0; i < n_children; i++) {
 936                        int status;
 937
 938                        wait(&status);
 939                        EXPECT_EQ(status, 0);
 940                }
 941
 942                return;
 943        }
 944
 945        /* Split threads for reading and writing */
 946        if (child_id < n_readers) {
 947                size_t left = data * read_bias;
 948                char rb[8001];
 949
 950                while (left) {
 951                        int res;
 952
 953                        res = recv(self->cfd, rb,
 954                                   left > sizeof(rb) ? sizeof(rb) : left, 0);
 955
 956                        EXPECT_GE(res, 0);
 957                        left -= res;
 958                }
 959        } else {
 960                size_t left = data * write_bias;
 961
 962                while (left) {
 963                        int res;
 964
 965                        ASSERT_EQ(lseek(fd, 0, SEEK_SET), 0);
 966                        if (sendpg)
 967                                res = sendfile(self->fd, fd, NULL,
 968                                               left > file_sz ? file_sz : left);
 969                        else
 970                                res = send(self->fd, buf,
 971                                           left > file_sz ? file_sz : left, 0);
 972
 973                        EXPECT_GE(res, 0);
 974                        left -= res;
 975                }
 976        }
 977}
 978
 979TEST_F(tls, mutliproc_even)
 980{
 981        test_mutliproc(_metadata, self, false, 6, 6);
 982}
 983
 984TEST_F(tls, mutliproc_readers)
 985{
 986        test_mutliproc(_metadata, self, false, 4, 12);
 987}
 988
 989TEST_F(tls, mutliproc_writers)
 990{
 991        test_mutliproc(_metadata, self, false, 10, 2);
 992}
 993
 994TEST_F(tls, mutliproc_sendpage_even)
 995{
 996        test_mutliproc(_metadata, self, true, 6, 6);
 997}
 998
 999TEST_F(tls, mutliproc_sendpage_readers)
1000{
1001        test_mutliproc(_metadata, self, true, 4, 12);
1002}
1003
1004TEST_F(tls, mutliproc_sendpage_writers)
1005{
1006        test_mutliproc(_metadata, self, true, 10, 2);
1007}
1008
1009TEST_F(tls, control_msg)
1010{
1011        if (self->notls)
1012                return;
1013
1014        char cbuf[CMSG_SPACE(sizeof(char))];
1015        char const *test_str = "test_read";
1016        int cmsg_len = sizeof(char);
1017        char record_type = 100;
1018        struct cmsghdr *cmsg;
1019        struct msghdr msg;
1020        int send_len = 10;
1021        struct iovec vec;
1022        char buf[10];
1023
1024        vec.iov_base = (char *)test_str;
1025        vec.iov_len = 10;
1026        memset(&msg, 0, sizeof(struct msghdr));
1027        msg.msg_iov = &vec;
1028        msg.msg_iovlen = 1;
1029        msg.msg_control = cbuf;
1030        msg.msg_controllen = sizeof(cbuf);
1031        cmsg = CMSG_FIRSTHDR(&msg);
1032        cmsg->cmsg_level = SOL_TLS;
1033        /* test sending non-record types. */
1034        cmsg->cmsg_type = TLS_SET_RECORD_TYPE;
1035        cmsg->cmsg_len = CMSG_LEN(cmsg_len);
1036        *CMSG_DATA(cmsg) = record_type;
1037        msg.msg_controllen = cmsg->cmsg_len;
1038
1039        EXPECT_EQ(sendmsg(self->fd, &msg, 0), send_len);
1040        /* Should fail because we didn't provide a control message */
1041        EXPECT_EQ(recv(self->cfd, buf, send_len, 0), -1);
1042
1043        vec.iov_base = buf;
1044        EXPECT_EQ(recvmsg(self->cfd, &msg, MSG_WAITALL | MSG_PEEK), send_len);
1045
1046        cmsg = CMSG_FIRSTHDR(&msg);
1047        EXPECT_NE(cmsg, NULL);
1048        EXPECT_EQ(cmsg->cmsg_level, SOL_TLS);
1049        EXPECT_EQ(cmsg->cmsg_type, TLS_GET_RECORD_TYPE);
1050        record_type = *((unsigned char *)CMSG_DATA(cmsg));
1051        EXPECT_EQ(record_type, 100);
1052        EXPECT_EQ(memcmp(buf, test_str, send_len), 0);
1053
1054        /* Recv the message again without MSG_PEEK */
1055        record_type = 0;
1056        memset(buf, 0, sizeof(buf));
1057
1058        EXPECT_EQ(recvmsg(self->cfd, &msg, MSG_WAITALL), send_len);
1059        cmsg = CMSG_FIRSTHDR(&msg);
1060        EXPECT_NE(cmsg, NULL);
1061        EXPECT_EQ(cmsg->cmsg_level, SOL_TLS);
1062        EXPECT_EQ(cmsg->cmsg_type, TLS_GET_RECORD_TYPE);
1063        record_type = *((unsigned char *)CMSG_DATA(cmsg));
1064        EXPECT_EQ(record_type, 100);
1065        EXPECT_EQ(memcmp(buf, test_str, send_len), 0);
1066}
1067
1068TEST_F(tls, shutdown)
1069{
1070        char const *test_str = "test_read";
1071        int send_len = 10;
1072        char buf[10];
1073
1074        ASSERT_EQ(strlen(test_str) + 1, send_len);
1075
1076        EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len);
1077        EXPECT_NE(recv(self->cfd, buf, send_len, 0), -1);
1078        EXPECT_EQ(memcmp(buf, test_str, send_len), 0);
1079
1080        shutdown(self->fd, SHUT_RDWR);
1081        shutdown(self->cfd, SHUT_RDWR);
1082}
1083
1084TEST_F(tls, shutdown_unsent)
1085{
1086        char const *test_str = "test_read";
1087        int send_len = 10;
1088
1089        EXPECT_EQ(send(self->fd, test_str, send_len, MSG_MORE), send_len);
1090
1091        shutdown(self->fd, SHUT_RDWR);
1092        shutdown(self->cfd, SHUT_RDWR);
1093}
1094
1095TEST_F(tls, shutdown_reuse)
1096{
1097        struct sockaddr_in addr;
1098        int ret;
1099
1100        shutdown(self->fd, SHUT_RDWR);
1101        shutdown(self->cfd, SHUT_RDWR);
1102        close(self->cfd);
1103
1104        addr.sin_family = AF_INET;
1105        addr.sin_addr.s_addr = htonl(INADDR_ANY);
1106        addr.sin_port = 0;
1107
1108        ret = bind(self->fd, &addr, sizeof(addr));
1109        EXPECT_EQ(ret, 0);
1110        ret = listen(self->fd, 10);
1111        EXPECT_EQ(ret, -1);
1112        EXPECT_EQ(errno, EINVAL);
1113
1114        ret = connect(self->fd, &addr, sizeof(addr));
1115        EXPECT_EQ(ret, -1);
1116        EXPECT_EQ(errno, EISCONN);
1117}
1118
1119TEST(non_established) {
1120        struct tls12_crypto_info_aes_gcm_256 tls12;
1121        struct sockaddr_in addr;
1122        int sfd, ret, fd;
1123        socklen_t len;
1124
1125        len = sizeof(addr);
1126
1127        memset(&tls12, 0, sizeof(tls12));
1128        tls12.info.version = TLS_1_2_VERSION;
1129        tls12.info.cipher_type = TLS_CIPHER_AES_GCM_256;
1130
1131        addr.sin_family = AF_INET;
1132        addr.sin_addr.s_addr = htonl(INADDR_ANY);
1133        addr.sin_port = 0;
1134
1135        fd = socket(AF_INET, SOCK_STREAM, 0);
1136        sfd = socket(AF_INET, SOCK_STREAM, 0);
1137
1138        ret = bind(sfd, &addr, sizeof(addr));
1139        ASSERT_EQ(ret, 0);
1140        ret = listen(sfd, 10);
1141        ASSERT_EQ(ret, 0);
1142
1143        ret = setsockopt(fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls"));
1144        EXPECT_EQ(ret, -1);
1145        /* TLS ULP not supported */
1146        if (errno == ENOENT)
1147                return;
1148        EXPECT_EQ(errno, ENOTSUPP);
1149
1150        ret = setsockopt(sfd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls"));
1151        EXPECT_EQ(ret, -1);
1152        EXPECT_EQ(errno, ENOTSUPP);
1153
1154        ret = getsockname(sfd, &addr, &len);
1155        ASSERT_EQ(ret, 0);
1156
1157        ret = connect(fd, &addr, sizeof(addr));
1158        ASSERT_EQ(ret, 0);
1159
1160        ret = setsockopt(fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls"));
1161        ASSERT_EQ(ret, 0);
1162
1163        ret = setsockopt(fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls"));
1164        EXPECT_EQ(ret, -1);
1165        EXPECT_EQ(errno, EEXIST);
1166
1167        close(fd);
1168        close(sfd);
1169}
1170
1171TEST(keysizes) {
1172        struct tls12_crypto_info_aes_gcm_256 tls12;
1173        struct sockaddr_in addr;
1174        int sfd, ret, fd, cfd;
1175        socklen_t len;
1176        bool notls;
1177
1178        notls = false;
1179        len = sizeof(addr);
1180
1181        memset(&tls12, 0, sizeof(tls12));
1182        tls12.info.version = TLS_1_2_VERSION;
1183        tls12.info.cipher_type = TLS_CIPHER_AES_GCM_256;
1184
1185        addr.sin_family = AF_INET;
1186        addr.sin_addr.s_addr = htonl(INADDR_ANY);
1187        addr.sin_port = 0;
1188
1189        fd = socket(AF_INET, SOCK_STREAM, 0);
1190        sfd = socket(AF_INET, SOCK_STREAM, 0);
1191
1192        ret = bind(sfd, &addr, sizeof(addr));
1193        ASSERT_EQ(ret, 0);
1194        ret = listen(sfd, 10);
1195        ASSERT_EQ(ret, 0);
1196
1197        ret = getsockname(sfd, &addr, &len);
1198        ASSERT_EQ(ret, 0);
1199
1200        ret = connect(fd, &addr, sizeof(addr));
1201        ASSERT_EQ(ret, 0);
1202
1203        ret = setsockopt(fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls"));
1204        if (ret != 0) {
1205                notls = true;
1206                printf("Failure setting TCP_ULP, testing without tls\n");
1207        }
1208
1209        if (!notls) {
1210                ret = setsockopt(fd, SOL_TLS, TLS_TX, &tls12,
1211                                 sizeof(tls12));
1212                EXPECT_EQ(ret, 0);
1213        }
1214
1215        cfd = accept(sfd, &addr, &len);
1216        ASSERT_GE(cfd, 0);
1217
1218        if (!notls) {
1219                ret = setsockopt(cfd, IPPROTO_TCP, TCP_ULP, "tls",
1220                                 sizeof("tls"));
1221                EXPECT_EQ(ret, 0);
1222
1223                ret = setsockopt(cfd, SOL_TLS, TLS_RX, &tls12,
1224                                 sizeof(tls12));
1225                EXPECT_EQ(ret, 0);
1226        }
1227
1228        close(sfd);
1229        close(fd);
1230        close(cfd);
1231}
1232
1233TEST(tls12) {
1234        int fd, cfd;
1235        bool notls;
1236
1237        struct tls12_crypto_info_aes_gcm_128 tls12;
1238        struct sockaddr_in addr;
1239        socklen_t len;
1240        int sfd, ret;
1241
1242        notls = false;
1243        len = sizeof(addr);
1244
1245        memset(&tls12, 0, sizeof(tls12));
1246        tls12.info.version = TLS_1_2_VERSION;
1247        tls12.info.cipher_type = TLS_CIPHER_AES_GCM_128;
1248
1249        addr.sin_family = AF_INET;
1250        addr.sin_addr.s_addr = htonl(INADDR_ANY);
1251        addr.sin_port = 0;
1252
1253        fd = socket(AF_INET, SOCK_STREAM, 0);
1254        sfd = socket(AF_INET, SOCK_STREAM, 0);
1255
1256        ret = bind(sfd, &addr, sizeof(addr));
1257        ASSERT_EQ(ret, 0);
1258        ret = listen(sfd, 10);
1259        ASSERT_EQ(ret, 0);
1260
1261        ret = getsockname(sfd, &addr, &len);
1262        ASSERT_EQ(ret, 0);
1263
1264        ret = connect(fd, &addr, sizeof(addr));
1265        ASSERT_EQ(ret, 0);
1266
1267        ret = setsockopt(fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls"));
1268        if (ret != 0) {
1269                notls = true;
1270                printf("Failure setting TCP_ULP, testing without tls\n");
1271        }
1272
1273        if (!notls) {
1274                ret = setsockopt(fd, SOL_TLS, TLS_TX, &tls12,
1275                                 sizeof(tls12));
1276                ASSERT_EQ(ret, 0);
1277        }
1278
1279        cfd = accept(sfd, &addr, &len);
1280        ASSERT_GE(cfd, 0);
1281
1282        if (!notls) {
1283                ret = setsockopt(cfd, IPPROTO_TCP, TCP_ULP, "tls",
1284                                 sizeof("tls"));
1285                ASSERT_EQ(ret, 0);
1286
1287                ret = setsockopt(cfd, SOL_TLS, TLS_RX, &tls12,
1288                                 sizeof(tls12));
1289                ASSERT_EQ(ret, 0);
1290        }
1291
1292        close(sfd);
1293
1294        char const *test_str = "test_read";
1295        int send_len = 10;
1296        char buf[10];
1297
1298        send_len = strlen(test_str) + 1;
1299        EXPECT_EQ(send(fd, test_str, send_len, 0), send_len);
1300        EXPECT_NE(recv(cfd, buf, send_len, 0), -1);
1301        EXPECT_EQ(memcmp(buf, test_str, send_len), 0);
1302
1303        close(fd);
1304        close(cfd);
1305}
1306
1307TEST_HARNESS_MAIN
1308