#
dc54b813 |
|
25-Mar-2024 |
Sabrina Dubroca <sd@queasysnail.net> |
selftests: tls: add test with a partially invalid iov Make sure that we don't return more bytes than we actually received if the userspace buffer was bogus. We expect to receive at least the rest of rec1, and possibly some of rec2 (currently, we don't, but that would be ok). Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> Reviewed-by: Simon Horman <horms@kernel.org> Link: https://lore.kernel.org/r/720e61b3d3eab40af198a58ce2cd1ee019f0ceb1.1711120964.git.sd@queasysnail.net Signed-off-by: Jakub Kicinski <kuba@kernel.org>
|
#
69fe8ec4 |
|
28-Feb-2024 |
Jakub Kicinski <kuba@kernel.org> |
selftests: kselftest_harness: save full exit code in metadata Instead of tracking passed = 0/1 rename the field to exit_code and invert the values so that they match the KSFT_* exit codes. This will allow us to fold SKIP / XFAIL into the same value. Signed-off-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
2bf61726 |
|
15-Feb-2024 |
Sabrina Dubroca <sd@queasysnail.net> |
selftests: tls: add test for peeking past a record of a different type If we queue 3 records: - record 1, type DATA - record 2, some other type - record 3, type DATA the current code can look past the 2nd record and merge the 2 data records. Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> Link: https://lore.kernel.org/r/4623550f8617c239581030c13402d3262f2bd14f.1708007371.git.sd@queasysnail.net Signed-off-by: Jakub Kicinski <kuba@kernel.org>
|
#
7b2a4c2a |
|
15-Feb-2024 |
Sabrina Dubroca <sd@queasysnail.net> |
selftests: tls: add test for merging of same-type control messages Two consecutive control messages of the same type should never be merged into one large received blob of data. Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> Link: https://lore.kernel.org/r/018f1633d5471684c65def5fe390de3b15c3d683.1708007371.git.sd@queasysnail.net Signed-off-by: Jakub Kicinski <kuba@kernel.org>
|
#
2ec197fd |
|
13-Feb-2024 |
Jakub Kicinski <kuba@kernel.org> |
selftests: tls: increase the wait in poll_partial_rec_async Test runners on debug kernels occasionally fail with: # # RUN tls_err.13_aes_gcm.poll_partial_rec_async ... # # tls.c:1883:poll_partial_rec_async:Expected poll(&pfd, 1, 5) (0) == 1 (1) # # tls.c:1870:poll_partial_rec_async:Expected status (256) == 0 (0) # # poll_partial_rec_async: Test failed at step #17 # # FAIL tls_err.13_aes_gcm.poll_partial_rec_async # not ok 699 tls_err.13_aes_gcm.poll_partial_rec_async # # FAILED: 698 / 699 tests passed. This points to the second poll() in the test which is expected to wait for the sender to send the rest of the data. Apparently under some conditions that doesn't happen within 5ms, bump the timeout to 20ms. Fixes: 23fcb62bc19c ("selftests: tls: add tests for poll behavior") Link: https://lore.kernel.org/r/20240213142055.395564-1-kuba@kernel.org Signed-off-by: Jakub Kicinski <kuba@kernel.org>
|
#
49d82106 |
|
06-Feb-2024 |
Jakub Kicinski <kuba@kernel.org> |
selftests: tls: use exact comparison in recv_partial This exact case was fail for async crypto and we weren't catching it. Signed-off-by: Jakub Kicinski <kuba@kernel.org> Reviewed-by: Simon Horman <horms@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
034ea130 |
|
12-Jan-2024 |
John Fastabend <john.fastabend@gmail.com> |
net: tls, add test to capture error on large splice syzbot found an error with how splice() is handled with a msg greater than 32. This was fixed in previous patch, but lets add a test for it to ensure it continues to work. Signed-off-by: John Fastabend <john.fastabend@gmail.com> Reviewed-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
c326ca98 |
|
12-Sep-2023 |
Sabrina Dubroca <sd@queasysnail.net> |
selftests: tls: swap the TX and RX sockets in some tests tls.sendmsg_large and tls.sendmsg_multiple are trying to send through the self->cfd socket (only configured with TLS_RX) and to receive through the self->fd socket (only configured with TLS_TX), so they're not using kTLS at all. Swap the sockets. Fixes: 7f657d5bf507 ("selftests: tls: add selftests for TLS sockets") Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
4bfb6224 |
|
25-Aug-2023 |
Sabrina Dubroca <sd@queasysnail.net> |
selftests: tls: test some invalid inputs for setsockopt This test will need to be updated if new ciphers are added. Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> Link: https://lore.kernel.org/r/bfcfa9cffda56d2064296ab7c99a05775dd4c28e.1692977948.git.sd@queasysnail.net Signed-off-by: Jakub Kicinski <kuba@kernel.org>
|
#
f27ad62f |
|
25-Aug-2023 |
Sabrina Dubroca <sd@queasysnail.net> |
selftests: tls: add getsockopt test The kernel accepts fetching either just the version and cipher type, or exactly the per-cipher struct. Also check that getsockopt returns what we just passed to the kernel. Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> Link: https://lore.kernel.org/r/81a007ca13de9a74f4af45635d06682cdb385a54.1692977948.git.sd@queasysnail.net Signed-off-by: Jakub Kicinski <kuba@kernel.org>
|
#
84e306b0 |
|
25-Aug-2023 |
Sabrina Dubroca <sd@queasysnail.net> |
selftests: tls: add test variants for aria-gcm Only supported for TLS1.2. Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> Link: https://lore.kernel.org/r/ccf4a4d3f3820f8ff30431b7629f5210cb33fa89.1692977948.git.sd@queasysnail.net Signed-off-by: Jakub Kicinski <kuba@kernel.org>
|
#
8790c6a4 |
|
26-Jul-2023 |
Hannes Reinecke <hare@suse.de> |
selftests/net/tls: add test for MSG_EOR As the recent patch is modifying the behaviour for TLS re MSG_EOR handling we should be having a test for it. Signed-off-by: Hannes Reinecke <hare@suse.de> Reviewed-by: Sagi Grimberg <sagi@grimberg.me> Reviewed-by: Jakub Kicinski <kuba@kernel.org> Link: https://lore.kernel.org/r/20230726191556.41714-4-hare@suse.de Signed-off-by: Jakub Kicinski <kuba@kernel.org>
|
#
d113c395 |
|
13-Jun-2023 |
Magali Lemes <magali.lemes@canonical.com> |
selftests: net: tls: check if FIPS mode is enabled TLS selftests use the ChaCha20-Poly1305 and SM4 algorithms, which are not FIPS compliant. When fips=1, this set of tests fails. Add a check and only run these tests if not in FIPS mode. Fixes: 4f336e88a870 ("selftests/tls: add CHACHA20-POLY1305 to tls selftests") Fixes: e506342a03c7 ("selftests/tls: add SM4 GCM/CCM to tls selftests") Reviewed-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: Magali Lemes <magali.lemes@canonical.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
|
#
23fcb62b |
|
31-May-2023 |
Jakub Kicinski <kuba@kernel.org> |
selftests: tls: add tests for poll behavior Make sure we don't generate premature POLLIN events. Signed-off-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
a504d246 |
|
24-Mar-2023 |
Jakub Kicinski <kuba@kernel.org> |
selftests: tls: add a test for queuing data before setting the ULP Other tests set up the connection fully on both ends before communicating any data. Add a test which will queue up TLS records to TCP before the TLS ULP is installed. Signed-off-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
86c591fb |
|
26-Jul-2022 |
Jakub Kicinski <kuba@kernel.org> |
selftests: tls: handful of memrnd() and length checks Add a handful of memory randomizations and precise length checks. Nothing is really broken here, I did this to increase confidence when debugging. It does fix a GCC warning, tho. Apparently GCC recognizes that memory needs to be initialized for send() but does not recognize that for write(). Signed-off-by: Jakub Kicinski <kuba@kernel.org>
|
#
842463f2 |
|
20-Jul-2022 |
Jakub Kicinski <kuba@kernel.org> |
selftests: tls: add a test for timeo vs lock Add a test for recv timeout. Place it in the tls_err group, so it only runs for TLS 1.2 and 1.3 but not for every AEAD out there. Link: https://lore.kernel.org/r/20220720203701.2179034-2-kuba@kernel.org Signed-off-by: Jakub Kicinski <kuba@kernel.org>
|
#
1d55f203 |
|
08-Jul-2022 |
Jakub Kicinski <kuba@kernel.org> |
selftests: tls: add test for NoPad getsockopt Make sure setsockopt / getsockopt behave as expected. Signed-off-by: Jakub Kicinski <kuba@kernel.org>
|
#
f36068a2 |
|
05-Jul-2022 |
Jakub Kicinski <kuba@kernel.org> |
selftests: tls: add selftest variant for pad Add a self-test variant with TLS 1.3 nopad set. Signed-off-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
5c7e49be |
|
25-Mar-2022 |
Jakub Kicinski <kuba@kernel.org> |
selftests: tls: skip cmsg_to_pipe tests with TLS=n These are negative tests, testing TLS code rejects certain operations. They won't pass without TLS enabled, pure TCP accepts those operations. Reported-by: Linux Kernel Functional Testing <lkft@linaro.org> Fixes: d87d67fd61ef ("selftests: tls: test splicing cmsgs") Signed-off-by: Jakub Kicinski <kuba@kernel.org> Reviewed-by: Shuah Khan <skhan@linuxfoundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
13bf99ab |
|
06-Dec-2021 |
Vadim Fedorenko <vfedorenko@novek.ru> |
selftests: tls: add missing AES256-GCM cipher Add tests for TLSv1.2 and TLSv1.3 with AES256-GCM cipher Signed-off-by: Vadim Fedorenko <vfedorenko@novek.ru> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
|
#
d76c51f9 |
|
06-Dec-2021 |
Vadim Fedorenko <vfedorenko@novek.ru> |
selftests: tls: add missing AES-CCM cipher tests Add tests for TLSv1.2 and TLSv1.3 with AES-CCM cipher. Signed-off-by: Vadim Fedorenko <vfedorenko@novek.ru> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
|
#
f884a342 |
|
24-Nov-2021 |
Jakub Kicinski <kuba@kernel.org> |
selftests: tls: test for correct proto_ops Previous patch fixes overriding callbacks incorrectly. Triggering the crash in sendpage_locked would be more spectacular but it's hard to get to, so take the easier path of proving this is broken and call getname. We're currently getting IPv4 socket info on an IPv6 socket. Signed-off-by: Jakub Kicinski <kuba@kernel.org>
|
#
274af0f9 |
|
24-Nov-2021 |
Jakub Kicinski <kuba@kernel.org> |
selftests: tls: test splicing decrypted records Add tests for half-received and peeked records. Signed-off-by: Jakub Kicinski <kuba@kernel.org>
|
#
d87d67fd |
|
24-Nov-2021 |
Jakub Kicinski <kuba@kernel.org> |
selftests: tls: test splicing cmsgs Make sure we correctly reject splicing non-data records. Signed-off-by: Jakub Kicinski <kuba@kernel.org>
|
#
ef0fc0b3 |
|
24-Nov-2021 |
Jakub Kicinski <kuba@kernel.org> |
selftests: tls: add tests for handling of bad records Test broken records. Signed-off-by: Jakub Kicinski <kuba@kernel.org>
|
#
31180adb |
|
24-Nov-2021 |
Jakub Kicinski <kuba@kernel.org> |
selftests: tls: factor out cmsg send/receive Add helpers for sending and receiving special record types. Signed-off-by: Jakub Kicinski <kuba@kernel.org>
|
#
a125f91f |
|
24-Nov-2021 |
Jakub Kicinski <kuba@kernel.org> |
selftests: tls: add helper for creating sock pairs We have the same code 3 times, about to add a fourth copy. Signed-off-by: Jakub Kicinski <kuba@kernel.org>
|
#
62b12ab5 |
|
05-Nov-2021 |
Anders Roxell <anders.roxell@linaro.org> |
selftests: net: tls: remove unused variable and code When building selftests/net with clang, the compiler warn about the function abs() see below: tls.c:657:15: warning: variable 'len_compared' set but not used [-Wunused-but-set-variable] unsigned int len_compared = 0; ^ Rework to remove the unused variable and the for-loop where the variable 'len_compared' was assinged. Fixes: 7f657d5bf507 ("selftests: tls: add selftests for TLS sockets") Signed-off-by: Anders Roxell <anders.roxell@linaro.org> Reviewed-by: Nick Desaulniers <ndesaulniers@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
e506342a |
|
08-Oct-2021 |
Tianjia Zhang <tianjia.zhang@linux.alibaba.com> |
selftests/tls: add SM4 GCM/CCM to tls selftests Add new cipher as a variant of standard tls selftests. Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> Link: https://lore.kernel.org/r/20211008091745.42917-1-tianjia.zhang@linux.alibaba.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
|
#
f50688b4 |
|
26-May-2021 |
Kees Cook <keescook@chromium.org> |
selftests/tls: Add {} to avoid static checker warning This silences a static checker warning due to the unusual macro construction of EXPECT_*() by adding explicit {}s around the enclosing while loop. Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Fixes: 7f657d5bf507 ("selftests: tls: add selftests for TLS sockets") Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
|
#
291c53e4 |
|
18-Jun-2021 |
Jakub Kicinski <kuba@kernel.org> |
selftests: tls: fix chacha+bidir tests ChaCha support did not adjust the bidirectional test. We need to set up KTLS in reverse direction correctly, otherwise these two cases will fail: tls.12_chacha.bidir tls.13_chacha.bidir Fixes: 4f336e88a870 ("selftests/tls: add CHACHA20-POLY1305 to tls selftests") Signed-off-by: Jakub Kicinski <kuba@kernel.org> Acked-by: Vadim Fedorenko <vfedorenko@novek.ru> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
baa00119 |
|
18-Jun-2021 |
Jakub Kicinski <kuba@kernel.org> |
selftests: tls: clean up uninitialized warnings A bunch of tests uses uninitialized stack memory as random data to send. This is harmless but generates compiler warnings. Explicitly init the buffers with random data. Signed-off-by: Jakub Kicinski <kuba@kernel.org> Acked-by: Vadim Fedorenko <vfedorenko@novek.ru> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
d795cc02 |
|
03-Feb-2021 |
Vadim Fedorenko <vfedorenko@novek.ru> |
selftests/tls: fix selftest with CHACHA20-POLY1305 TLS selftests were broken also because of use of structure that was not exported to UAPI. Fix by defining the union in tests. Fixes: 4f336e88a870 (selftests/tls: add CHACHA20-POLY1305 to tls selftests) Reported-by: Rong Chen <rong.a.chen@intel.com> Signed-off-by: Vadim Fedorenko <vfedorenko@novek.ru> Link: https://lore.kernel.org/r/1612384634-5377-1-git-send-email-vfedorenko@novek.ru Signed-off-by: Jakub Kicinski <kuba@kernel.org>
|
#
3502bd9b |
|
08-Jan-2021 |
Vadim Fedorenko <vfedorenko@novek.ru> |
selftests/tls: fix selftests after adding ChaCha20-Poly1305 TLS selftests where broken because of wrong variable types used. Fix it by changing u16 -> uint16_t Fixes: 4f336e88a870 ("selftests/tls: add CHACHA20-POLY1305 to tls selftests") Reported-by: kernel test robot <oliver.sang@intel.com> Signed-off-by: Vadim Fedorenko <vfedorenko@novek.ru> Link: https://lore.kernel.org/r/1610141865-7142-1-git-send-email-vfedorenko@novek.ru Signed-off-by: Jakub Kicinski <kuba@kernel.org>
|
#
4f336e88 |
|
24-Nov-2020 |
Vadim Fedorenko <vfedorenko@novek.ru> |
selftests/tls: add CHACHA20-POLY1305 to tls selftests Add new cipher as a variant of standard tls selftests Signed-off-by: Vadim Fedorenko <vfedorenko@novek.ru> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
|
#
0e6fbe39 |
|
05-Jun-2020 |
Pooja Trivedi <poojatrivedi@gmail.com> |
net/tls(TLS_SW): Add selftest for 'chunked' sendfile test This selftest tests for cases where sendfile's 'count' parameter is provided with a size greater than the intended file size. Motivation: When sendfile is provided with 'count' parameter value that is greater than the size of the file, kTLS example fails to send the file correctly. Last chunk of the file is not sent, and the data integrity is compromised. The reason is that the last chunk has MSG_MORE flag set because of which it gets added to pending records, but is not pushed. Note that if user space were to send SSL_shutdown control message, pending records would get flushed and the issue would not happen. So a shutdown control message following sendfile can mask the issue. Signed-off-by: Pooja Trivedi <pooja.trivedi@stackpath.com> Signed-off-by: Mallesham Jatharkonda <mallesham.jatharkonda@oneconvergence.com> Signed-off-by: Josh Tway <josh.tway@stackpath.com> Reviewed-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
0feba221 |
|
27-Apr-2020 |
Jakub Kicinski <kuba@kernel.org> |
selftests: tls: run all tests for TLS 1.2 and TLS 1.3 TLS 1.2 and TLS 1.3 differ in the implementation. Use fixture parameters to run all tests for both versions, and remove the one-off TLS 1.2 test. Signed-off-by: Jakub Kicinski <kuba@kernel.org> Reviewed-by: Kees Cook <keescook@chromium.org> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
6dd504b0 |
|
13-Dec-2019 |
Thadeu Lima de Souza Cascardo <cascardo@canonical.com> |
selftests: net: tls: remove recv_rcvbuf test This test only works when [1] is applied, which was rejected. Basically, the errors are reported and cleared. In this particular case of tls sockets, following reads will block. The test case was originally submitted with the rejected patch, but, then, was included as part of a different patchset, possibly by mistake. [1] https://lore.kernel.org/netdev/20191007035323.4360-2-jakub.kicinski@netronome.com/#t Thanks Paolo Pisati for pointing out the original patchset where this appeared. Fixes: 65190f77424d (selftests/tls: add a test for fragmented messages) Reported-by: Paolo Pisati <paolo.pisati@canonical.com> Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
|
#
4a5cdc60 |
|
04-Dec-2019 |
Valentin Vidic <vvidic@valentin-vidic.from.hr> |
net/tls: Fix return values to avoid ENOTSUPP ENOTSUPP is not available in userspace, for example: setsockopt failed, 524, Unknown error 524 Signed-off-by: Valentin Vidic <vvidic@valentin-vidic.from.hr> Acked-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
65190f77 |
|
27-Nov-2019 |
Jakub Kicinski <kuba@kernel.org> |
selftests/tls: add a test for fragmented messages Add a sendmsg test with very fragmented messages. This should fill up sk_msg and test the boundary conditions. Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: Simon Horman <simon.horman@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
41098af5 |
|
05-Nov-2019 |
Jakub Kicinski <kuba@kernel.org> |
selftests/tls: add test for concurrent recv and send Add a test which spawns 16 threads and performs concurrent send and recv calls on the same socket. Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: Simon Horman <simon.horman@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
cd114d2e |
|
01-Aug-2019 |
Jakub Kicinski <kuba@kernel.org> |
selftests/tls: add a litmus test for the socket reuse through shutdown Make sure that shutdown never works, and at the same time document how I tested to came to the conclusion that currently reuse is not possible. Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
e29903c4 |
|
29-Jul-2019 |
Jakub Kicinski <kuba@kernel.org> |
selftests/tls: fix TLS tests with CONFIG_TLS=n Build bot reports some recent TLS tests are failing with CONFIG_TLS=n. Correct the expected return code and skip TLS installation if not supported. Tested with CONFIG_TLS=n and CONFIG_TLS=m. Reported-by: kernel test robot <rong.a.chen@intel.com> Fixes: cf32526c8842 ("selftests/tls: add a test for ULP but no keys") Fixes: 65d41fb317c6 ("selftests/tls: add a bidirectional test") Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
d4d34185 |
|
19-Jul-2019 |
Jakub Kicinski <kuba@kernel.org> |
selftests/tls: add shutdown tests Add test for killing the connection via shutdown. Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: Dirk van der Merwe <dirk.vandermerwe@netronome.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|
#
8051bb7f |
|
19-Jul-2019 |
Jakub Kicinski <kuba@kernel.org> |
selftests/tls: close the socket with open record Add test which sends some data with MSG_MORE and then closes the socket (never calling send without MSG_MORE). This should make sure we clean up open records correctly. Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: Dirk van der Merwe <dirk.vandermerwe@netronome.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|
#
65d41fb3 |
|
19-Jul-2019 |
Jakub Kicinski <kuba@kernel.org> |
selftests/tls: add a bidirectional test Add a simple test which installs the TLS state for both directions, sends and receives data on both sockets. Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: Dirk van der Merwe <dirk.vandermerwe@netronome.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|
#
78b5dc3d |
|
19-Jul-2019 |
Jakub Kicinski <kuba@kernel.org> |
selftests/tls: test error codes around TLS ULP installation Test the error codes returned when TCP connection is not in ESTABLISHED state. Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: Dirk van der Merwe <dirk.vandermerwe@netronome.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|
#
cf32526c |
|
19-Jul-2019 |
Jakub Kicinski <kuba@kernel.org> |
selftests/tls: add a test for ULP but no keys Make sure we test the TLS_BASE/TLS_BASE case both with data and the tear down/clean up path. Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: Dirk van der Merwe <dirk.vandermerwe@netronome.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|
#
81a89ef6 |
|
04-Jul-2019 |
Jakub Kicinski <kuba@kernel.org> |
selftests/tls: add test for poll() with data in TLS ULP Add a test which checks if leftover record data in TLS layer correctly wakes up poll(). Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: Dirk van der Merwe <dirk.vandermerwe@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
043556d0 |
|
24-May-2019 |
Jakub Kicinski <kuba@kernel.org> |
selftests/tls: add test for sleeping even though there is data Add a test which sends 15 bytes of data, and then tries to read 10 byes twice. Previously the second read would sleep indifinitely, since the record was already decrypted and there is only 5 bytes left, not full 10. Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: Dirk van der Merwe <dirk.vandermerwe@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
7718a855 |
|
24-May-2019 |
Jakub Kicinski <kuba@kernel.org> |
selftests/tls: test for lowat overshoot with multiple records Set SO_RCVLOWAT and test it gets respected when gathering data from multiple records. Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: Dirk van der Merwe <dirk.vandermerwe@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
203ef5f1 |
|
20-Feb-2019 |
Vakul Garg <vakul.garg@nxp.com> |
selftest/tls: Add test to verify received 'type' of non-data record Test case 'control_msg' has been updated to peek non-data record and then verify the type of record received. Subsequently, the same record is retrieved without MSG_PEEK flag in recvmsg(). Signed-off-by: Vakul Garg <vakul.garg@nxp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
8debd67e |
|
30-Jan-2019 |
Dave Watson <davejwatson@fb.com> |
net: tls: Add tests for TLS 1.3 Change most tests to TLS 1.3, while adding tests for previous TLS 1.2 behavior. Signed-off-by: Dave Watson <davejwatson@fb.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
fb99bce7 |
|
30-Jan-2019 |
Dave Watson <davejwatson@fb.com> |
net: tls: Support 256 bit keys Wire up support for 256 bit keys from the setsockopt to the crypto framework Signed-off-by: Dave Watson <davejwatson@fb.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
cea3bfb3 |
|
16-Jan-2019 |
Vakul Garg <vakul.garg@nxp.com> |
selftests/tls: Fix recv partial/large_buff test cases TLS test cases recv_partial & recv_peek_large_buf_mult_recs expect to receive a certain amount of data and then compare it against known strings using memcmp. To prevent recvmsg() from returning lesser than expected number of bytes (compared in memcmp), MSG_WAITALL needs to be passed in recvmsg(). Signed-off-by: Vakul Garg <vakul.garg@nxp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
0ed3015c |
|
28-Sep-2018 |
Vakul Garg <vakul.garg@nxp.com> |
selftests/tls: Fix recv(MSG_PEEK) & splice() test cases TLS test cases splice_from_pipe, send_and_splice & recv_peek_multiple_records expect to receive a given nummber of bytes and then compare them against the number of bytes which were sent. Therefore, system call recv() must not return before receiving the requested number of bytes, otherwise the subsequent memcmp() fails. This patch passes MSG_WAITALL flag to recv() so that it does not return prematurely before requested number of bytes are copied to receive buffer. Signed-off-by: Vakul Garg <vakul.garg@nxp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
0185e2e6 |
|
15-Sep-2018 |
Vakul Garg <vakul.garg@nxp.com> |
selftests/tls: Add MSG_WAITALL in recv() syscall A number of tls selftests rely upon recv() to return an exact number of data bytes. When tls record crypto is done using an async accelerator, it is possible that recv() returns lesser than expected number bytes. This leads to failure of many test cases. To fix it, MSG_WAITALL has been used in flags passed to recv() syscall. Signed-off-by: Vakul Garg <vakul.garg@nxp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
50c6b58a |
|
14-Sep-2018 |
Daniel Borkmann <daniel@iogearbox.net> |
tls: fix currently broken MSG_PEEK behavior In kTLS MSG_PEEK behavior is currently failing, strace example: [pid 2430] socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 3 [pid 2430] socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 4 [pid 2430] bind(4, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("0.0.0.0")}, 16) = 0 [pid 2430] listen(4, 10) = 0 [pid 2430] getsockname(4, {sa_family=AF_INET, sin_port=htons(38855), sin_addr=inet_addr("0.0.0.0")}, [16]) = 0 [pid 2430] connect(3, {sa_family=AF_INET, sin_port=htons(38855), sin_addr=inet_addr("0.0.0.0")}, 16) = 0 [pid 2430] setsockopt(3, SOL_TCP, 0x1f /* TCP_??? */, [7564404], 4) = 0 [pid 2430] setsockopt(3, 0x11a /* SOL_?? */, 1, "\3\0033\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 40) = 0 [pid 2430] accept(4, {sa_family=AF_INET, sin_port=htons(49636), sin_addr=inet_addr("127.0.0.1")}, [16]) = 5 [pid 2430] setsockopt(5, SOL_TCP, 0x1f /* TCP_??? */, [7564404], 4) = 0 [pid 2430] setsockopt(5, 0x11a /* SOL_?? */, 2, "\3\0033\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 40) = 0 [pid 2430] close(4) = 0 [pid 2430] sendto(3, "test_read_peek", 14, 0, NULL, 0) = 14 [pid 2430] sendto(3, "_mult_recs\0", 11, 0, NULL, 0) = 11 [pid 2430] recvfrom(5, "test_read_peektest_read_peektest"..., 64, MSG_PEEK, NULL, NULL) = 64 As can be seen from strace, there are two TLS records sent, i) 'test_read_peek' and ii) '_mult_recs\0' where we end up peeking 'test_read_peektest_read_peektest'. This is clearly wrong, and what happens is that given peek cannot call into tls_sw_advance_skb() to unpause strparser and proceed with the next skb, we end up looping over the current one, copying the 'test_read_peek' over and over into the user provided buffer. Here, we can only peek into the currently held skb (current, full TLS record) as otherwise we would end up having to hold all the original skb(s) (depending on the peek depth) in a separate queue when unpausing strparser to process next records, minimally intrusive is to return only up to the current record's size (which likely was what c46234ebb4d1 ("tls: RX path for ktls") originally intended as well). Thus, after patch we properly peek the first record: [pid 2046] wait4(2075, <unfinished ...> [pid 2075] socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 3 [pid 2075] socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 4 [pid 2075] bind(4, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("0.0.0.0")}, 16) = 0 [pid 2075] listen(4, 10) = 0 [pid 2075] getsockname(4, {sa_family=AF_INET, sin_port=htons(55115), sin_addr=inet_addr("0.0.0.0")}, [16]) = 0 [pid 2075] connect(3, {sa_family=AF_INET, sin_port=htons(55115), sin_addr=inet_addr("0.0.0.0")}, 16) = 0 [pid 2075] setsockopt(3, SOL_TCP, 0x1f /* TCP_??? */, [7564404], 4) = 0 [pid 2075] setsockopt(3, 0x11a /* SOL_?? */, 1, "\3\0033\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 40) = 0 [pid 2075] accept(4, {sa_family=AF_INET, sin_port=htons(45732), sin_addr=inet_addr("127.0.0.1")}, [16]) = 5 [pid 2075] setsockopt(5, SOL_TCP, 0x1f /* TCP_??? */, [7564404], 4) = 0 [pid 2075] setsockopt(5, 0x11a /* SOL_?? */, 2, "\3\0033\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 40) = 0 [pid 2075] close(4) = 0 [pid 2075] sendto(3, "test_read_peek", 14, 0, NULL, 0) = 14 [pid 2075] sendto(3, "_mult_recs\0", 11, 0, NULL, 0) = 11 [pid 2075] recvfrom(5, "test_read_peek", 64, MSG_PEEK, NULL, NULL) = 14 Fixes: c46234ebb4d1 ("tls: RX path for ktls") Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
c2ad647c |
|
29-Aug-2018 |
Vakul Garg <vakul.garg@nxp.com> |
selftests/tls: Add test for recv(PEEK) spanning across multiple records Added test case to receive multiple records with a single recvmsg() operation with a MSG_PEEK set. Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
7f657d5b |
|
12-Jul-2018 |
Dave Watson <davejwatson@fb.com> |
selftests: tls: add selftests for TLS sockets Add selftests for tls socket. Tests various iov and message options, poll blocking and nonblocking behavior, partial message sends / receives, and control message data. Tests should pass regardless of if TLS is enabled in the kernel or not, and print a warning message if not. Signed-off-by: Dave Watson <davejwatson@fb.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|