git: 233ce578a424 - main - ktls: Add tests ensuring invalid receive cipher suites are rejected.

John Baldwin Mon, 15 Nov 2021 12:05:55 -0800

The branch main has been updated by jhb:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=233ce578a424a7a3e5cf21ea6ba2b2036950d54f


commit 233ce578a424a7a3e5cf21ea6ba2b2036950d54f
Author:     John Baldwin <j...@freebsd.org>
AuthorDate: 2021-11-15 19:32:15 +0000
Commit:     John Baldwin <j...@freebsd.org>
CommitDate: 2021-11-15 19:32:15 +0000

    ktls: Add tests ensuring invalid receive cipher suites are rejected.
    
    Reviewed by:    markj
    Sponsored by:   Netflix
    Differential Revision:  https://reviews.freebsd.org/D32981
---
 tests/sys/kern/ktls_test.c | 47 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 47 insertions(+)

diff --git a/tests/sys/kern/ktls_test.c b/tests/sys/kern/ktls_test.c
index bdd2e62a546c..5aea56baa91f 100644
--- a/tests/sys/kern/ktls_test.c
+++ b/tests/sys/kern/ktls_test.c
@@ -1567,6 +1567,51 @@ ATF_TC_BODY(ktls_receive_##cipher_name##_##name, tc)     
                \
  */
 TLS_12_TESTS(GEN_RECEIVE_TESTS);
 
+static void
+test_ktls_invalid_receive_cipher_suite(struct tls_enable *en)
+{
+       int sockets[2];
+
+       ATF_REQUIRE_MSG(socketpair_tcp(sockets), "failed to create sockets");
+
+       ATF_REQUIRE(setsockopt(sockets[1], IPPROTO_TCP, TCP_RXTLS_ENABLE, en,
+           sizeof(*en)) == -1);
+
+       /*
+        * XXX: TLS 1.3 fails with ENOTSUP before checking for invalid
+        * ciphers.
+        */
+       ATF_REQUIRE(errno == EINVAL || errno == ENOTSUP);
+
+       close(sockets[1]);
+       close(sockets[0]);
+}
+
+#define GEN_INVALID_RECEIVE_TEST(name, cipher_alg, key_size, auth_alg, \
+           minor)                                                      \
+ATF_TC_WITHOUT_HEAD(ktls_receive_invalid_##name);                      \
+ATF_TC_BODY(ktls_receive_invalid_##name, tc)                           \
+{                                                                      \
+       struct tls_enable en;                                           \
+       uint64_t seqno;                                                 \
+                                                                       \
+       ATF_REQUIRE_KTLS();                                             \
+       seqno = random();                                               \
+       build_tls_enable(cipher_alg, key_size, auth_alg, minor, seqno,  \
+           &en);                                                       \
+       test_ktls_invalid_receive_cipher_suite(&en);                    \
+       free_tls_enable(&en);                                           \
+}
+
+#define ADD_INVALID_RECEIVE_TEST(name, cipher_alg, key_size, auth_alg, \
+           minor)                                                      \
+       ATF_TP_ADD_TC(tp, ktls_receive_invalid_##name);
+
+/*
+ * Ensure that invalid cipher suites are rejected for receive.
+ */
+INVALID_CIPHER_SUITES(GEN_INVALID_RECEIVE_TEST);
+
 ATF_TP_ADD_TCS(tp)
 {
        /* Transmit tests */
@@ -1579,5 +1624,7 @@ ATF_TP_ADD_TCS(tp)
 
        /* Receive tests */
        TLS_12_TESTS(ADD_RECEIVE_TESTS);
+       INVALID_CIPHER_SUITES(ADD_INVALID_RECEIVE_TEST);
+
        return (atf_no_error());
 }

git: 233ce578a424 - main - ktls: Add tests ensuring invalid receive cipher suites are rejected.

Reply via email to