From: Kees Cook <keescook@chromium.org>
To: Jakub Kicinski <kuba@kernel.org>
Cc: shuah@kernel.org, luto@amacapital.net, wad@chromium.org,
linux-kselftest@vger.kernel.org, netdev@vger.kernel.org,
linux-kernel@vger.kernel.org, kernel-team@fb.com
Subject: Re: [PATCH 5/5] selftests: tls: run all tests for TLS 1.2 and TLS 1.3
Date: Fri, 13 Mar 2020 16:26:43 -0700 [thread overview]
Message-ID: <202003131626.9B7EFB607@keescook> (raw)
In-Reply-To: <20200313031752.2332565-6-kuba@kernel.org>
On Thu, Mar 12, 2020 at 08:17:52PM -0700, Jakub Kicinski wrote:
> TLS 1.2 and TLS 1.3 differ in the implementation.
> Use fixture parameters to run all tests for both
> versions, and remove the one-off TLS 1.2 test.
>
> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
I really like the resulting effect here.
Reviewed-by: Kees Cook <keescook@chromium.org>
-Kees
> ---
> tools/testing/selftests/net/tls.c | 93 ++++++-------------------------
> 1 file changed, 17 insertions(+), 76 deletions(-)
>
> diff --git a/tools/testing/selftests/net/tls.c b/tools/testing/selftests/net/tls.c
> index 0ea44d975b6c..63029728ac97 100644
> --- a/tools/testing/selftests/net/tls.c
> +++ b/tools/testing/selftests/net/tls.c
> @@ -101,6 +101,21 @@ FIXTURE(tls)
> bool notls;
> };
>
> +FIXTURE_PARAMS(tls)
> +{
> + unsigned int tls_version;
> +};
> +
> +FIXTURE_PARAMS_ADD(tls, 12)
> +{
> + .tls_version = TLS_1_2_VERSION,
> +};
> +
> +FIXTURE_PARAMS_ADD(tls, 13)
> +{
> + .tls_version = TLS_1_3_VERSION,
> +};
> +
> FIXTURE_SETUP(tls)
> {
> struct tls12_crypto_info_aes_gcm_128 tls12;
> @@ -112,7 +127,7 @@ FIXTURE_SETUP(tls)
> len = sizeof(addr);
>
> memset(&tls12, 0, sizeof(tls12));
> - tls12.info.version = TLS_1_3_VERSION;
> + tls12.info.version = params->tls_version;
> tls12.info.cipher_type = TLS_CIPHER_AES_GCM_128;
>
> addr.sin_family = AF_INET;
> @@ -733,7 +748,7 @@ TEST_F(tls, bidir)
> struct tls12_crypto_info_aes_gcm_128 tls12;
>
> memset(&tls12, 0, sizeof(tls12));
> - tls12.info.version = TLS_1_3_VERSION;
> + tls12.info.version = params->tls_version;
> tls12.info.cipher_type = TLS_CIPHER_AES_GCM_128;
>
> ret = setsockopt(self->fd, SOL_TLS, TLS_RX, &tls12,
> @@ -1258,78 +1273,4 @@ TEST(keysizes) {
> close(cfd);
> }
>
> -TEST(tls12) {
> - int fd, cfd;
> - bool notls;
> -
> - struct tls12_crypto_info_aes_gcm_128 tls12;
> - struct sockaddr_in addr;
> - socklen_t len;
> - int sfd, ret;
> -
> - notls = false;
> - len = sizeof(addr);
> -
> - memset(&tls12, 0, sizeof(tls12));
> - tls12.info.version = TLS_1_2_VERSION;
> - tls12.info.cipher_type = TLS_CIPHER_AES_GCM_128;
> -
> - addr.sin_family = AF_INET;
> - addr.sin_addr.s_addr = htonl(INADDR_ANY);
> - addr.sin_port = 0;
> -
> - fd = socket(AF_INET, SOCK_STREAM, 0);
> - sfd = socket(AF_INET, SOCK_STREAM, 0);
> -
> - ret = bind(sfd, &addr, sizeof(addr));
> - ASSERT_EQ(ret, 0);
> - ret = listen(sfd, 10);
> - ASSERT_EQ(ret, 0);
> -
> - ret = getsockname(sfd, &addr, &len);
> - ASSERT_EQ(ret, 0);
> -
> - ret = connect(fd, &addr, sizeof(addr));
> - ASSERT_EQ(ret, 0);
> -
> - ret = setsockopt(fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls"));
> - if (ret != 0) {
> - notls = true;
> - printf("Failure setting TCP_ULP, testing without tls\n");
> - }
> -
> - if (!notls) {
> - ret = setsockopt(fd, SOL_TLS, TLS_TX, &tls12,
> - sizeof(tls12));
> - ASSERT_EQ(ret, 0);
> - }
> -
> - cfd = accept(sfd, &addr, &len);
> - ASSERT_GE(cfd, 0);
> -
> - if (!notls) {
> - ret = setsockopt(cfd, IPPROTO_TCP, TCP_ULP, "tls",
> - sizeof("tls"));
> - ASSERT_EQ(ret, 0);
> -
> - ret = setsockopt(cfd, SOL_TLS, TLS_RX, &tls12,
> - sizeof(tls12));
> - ASSERT_EQ(ret, 0);
> - }
> -
> - close(sfd);
> -
> - char const *test_str = "test_read";
> - int send_len = 10;
> - char buf[10];
> -
> - send_len = strlen(test_str) + 1;
> - EXPECT_EQ(send(fd, test_str, send_len, 0), send_len);
> - EXPECT_NE(recv(cfd, buf, send_len, 0), -1);
> - EXPECT_EQ(memcmp(buf, test_str, send_len), 0);
> -
> - close(fd);
> - close(cfd);
> -}
> -
> TEST_HARNESS_MAIN
> --
> 2.24.1
>
--
Kees Cook
prev parent reply other threads:[~2020-03-13 23:26 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-13 3:17 [PATCH 0/5] kselftest: add fixture parameters Jakub Kicinski
2020-03-13 3:17 ` [PATCH 1/5] selftests/seccomp: use correct FIXTURE macro Jakub Kicinski
2020-03-13 23:21 ` Kees Cook
2020-03-13 3:17 ` [PATCH 2/5] kselftest: create fixture objects Jakub Kicinski
2020-03-13 23:23 ` Kees Cook
2020-03-13 3:17 ` [PATCH 3/5] kselftest: run tests by fixture Jakub Kicinski
2020-03-13 23:27 ` Kees Cook
2020-03-13 23:54 ` Jakub Kicinski
2020-03-13 3:17 ` [PATCH 4/5] kselftest: add fixture parameters Jakub Kicinski
2020-03-13 23:31 ` Kees Cook
2020-03-13 23:52 ` Jakub Kicinski
2020-03-14 0:05 ` Kees Cook
2020-03-13 3:17 ` [PATCH 5/5] selftests: tls: run all tests for TLS 1.2 and TLS 1.3 Jakub Kicinski
2020-03-13 23:26 ` Kees Cook [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202003131626.9B7EFB607@keescook \
--to=keescook@chromium.org \
--cc=kernel-team@fb.com \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=netdev@vger.kernel.org \
--cc=shuah@kernel.org \
--cc=wad@chromium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).