From: Kees Cook <keescook@chromium.org>
To: Jakub Kicinski <kuba@kernel.org>
Cc: shuah@kernel.org, luto@amacapital.net, wad@chromium.org,
linux-kselftest@vger.kernel.org, netdev@vger.kernel.org,
linux-kernel@vger.kernel.org, kernel-team@fb.com,
Tim.Bird@sony.com
Subject: Re: [PATCH v3 6/6] selftests: tls: run all tests for TLS 1.2 and TLS 1.3
Date: Tue, 17 Mar 2020 13:46:07 -0700 [thread overview]
Message-ID: <202003171345.CA27652B@keescook> (raw)
In-Reply-To: <20200316225647.3129354-8-kuba@kernel.org>
On Mon, Mar 16, 2020 at 03:56:47PM -0700, Jakub Kicinski wrote:
> TLS 1.2 and TLS 1.3 differ in the implementation.
> Use fixture parameters to run all tests for both
> versions, and remove the one-off TLS 1.2 test.
>
> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
> ---
> tools/testing/selftests/net/tls.c | 93 ++++++-------------------------
> 1 file changed, 17 insertions(+), 76 deletions(-)
The diffstat alone justifies the variants feature! :) Thanks for this!
Acked-by: Kees Cook <keescook@chromium.org>
-Kees
>
> diff --git a/tools/testing/selftests/net/tls.c b/tools/testing/selftests/net/tls.c
> index 0ea44d975b6c..c5282e62df75 100644
> --- a/tools/testing/selftests/net/tls.c
> +++ b/tools/testing/selftests/net/tls.c
> @@ -101,6 +101,21 @@ FIXTURE(tls)
> bool notls;
> };
>
> +FIXTURE_VARIANT(tls)
> +{
> + unsigned int tls_version;
> +};
> +
> +FIXTURE_VARIANT_ADD(tls, 12)
> +{
> + .tls_version = TLS_1_2_VERSION,
> +};
> +
> +FIXTURE_VARIANT_ADD(tls, 13)
> +{
> + .tls_version = TLS_1_3_VERSION,
> +};
> +
> FIXTURE_SETUP(tls)
> {
> struct tls12_crypto_info_aes_gcm_128 tls12;
> @@ -112,7 +127,7 @@ FIXTURE_SETUP(tls)
> len = sizeof(addr);
>
> memset(&tls12, 0, sizeof(tls12));
> - tls12.info.version = TLS_1_3_VERSION;
> + tls12.info.version = variant->tls_version;
> tls12.info.cipher_type = TLS_CIPHER_AES_GCM_128;
>
> addr.sin_family = AF_INET;
> @@ -733,7 +748,7 @@ TEST_F(tls, bidir)
> struct tls12_crypto_info_aes_gcm_128 tls12;
>
> memset(&tls12, 0, sizeof(tls12));
> - tls12.info.version = TLS_1_3_VERSION;
> + tls12.info.version = variant->tls_version;
> tls12.info.cipher_type = TLS_CIPHER_AES_GCM_128;
>
> ret = setsockopt(self->fd, SOL_TLS, TLS_RX, &tls12,
> @@ -1258,78 +1273,4 @@ TEST(keysizes) {
> close(cfd);
> }
>
> -TEST(tls12) {
> - int fd, cfd;
> - bool notls;
> -
> - struct tls12_crypto_info_aes_gcm_128 tls12;
> - struct sockaddr_in addr;
> - socklen_t len;
> - int sfd, ret;
> -
> - notls = false;
> - len = sizeof(addr);
> -
> - memset(&tls12, 0, sizeof(tls12));
> - tls12.info.version = TLS_1_2_VERSION;
> - tls12.info.cipher_type = TLS_CIPHER_AES_GCM_128;
> -
> - addr.sin_family = AF_INET;
> - addr.sin_addr.s_addr = htonl(INADDR_ANY);
> - addr.sin_port = 0;
> -
> - fd = socket(AF_INET, SOCK_STREAM, 0);
> - sfd = socket(AF_INET, SOCK_STREAM, 0);
> -
> - ret = bind(sfd, &addr, sizeof(addr));
> - ASSERT_EQ(ret, 0);
> - ret = listen(sfd, 10);
> - ASSERT_EQ(ret, 0);
> -
> - ret = getsockname(sfd, &addr, &len);
> - ASSERT_EQ(ret, 0);
> -
> - ret = connect(fd, &addr, sizeof(addr));
> - ASSERT_EQ(ret, 0);
> -
> - ret = setsockopt(fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls"));
> - if (ret != 0) {
> - notls = true;
> - printf("Failure setting TCP_ULP, testing without tls\n");
> - }
> -
> - if (!notls) {
> - ret = setsockopt(fd, SOL_TLS, TLS_TX, &tls12,
> - sizeof(tls12));
> - ASSERT_EQ(ret, 0);
> - }
> -
> - cfd = accept(sfd, &addr, &len);
> - ASSERT_GE(cfd, 0);
> -
> - if (!notls) {
> - ret = setsockopt(cfd, IPPROTO_TCP, TCP_ULP, "tls",
> - sizeof("tls"));
> - ASSERT_EQ(ret, 0);
> -
> - ret = setsockopt(cfd, SOL_TLS, TLS_RX, &tls12,
> - sizeof(tls12));
> - ASSERT_EQ(ret, 0);
> - }
> -
> - close(sfd);
> -
> - char const *test_str = "test_read";
> - int send_len = 10;
> - char buf[10];
> -
> - send_len = strlen(test_str) + 1;
> - EXPECT_EQ(send(fd, test_str, send_len, 0), send_len);
> - EXPECT_NE(recv(cfd, buf, send_len, 0), -1);
> - EXPECT_EQ(memcmp(buf, test_str, send_len), 0);
> -
> - close(fd);
> - close(cfd);
> -}
> -
> TEST_HARNESS_MAIN
> --
> 2.24.1
>
--
Kees Cook
next prev parent reply other threads:[~2020-03-17 20:46 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-16 22:56 [PATCH v3 0/6] kselftest: add fixture parameters Jakub Kicinski
2020-03-16 22:56 ` [PATCH v3 1/6] selftests/seccomp: use correct FIXTURE macro Jakub Kicinski
2020-03-17 20:22 ` Kees Cook
2020-03-16 22:56 ` [PATCH v3 2/6] kselftest: factor out list manipulation to a helper Jakub Kicinski
2020-03-17 20:22 ` Kees Cook
2020-03-16 22:56 ` [PATCH v3 3/6] kselftest: create fixture objects Jakub Kicinski
2020-03-17 20:23 ` Kees Cook
2020-03-16 22:56 ` [PATCH v3 4/6] kselftest: run tests by fixture Jakub Kicinski
2020-03-17 20:25 ` Kees Cook
2020-03-16 22:56 ` [PATCH v3 5/6] kselftest: add fixture parameters Jakub Kicinski
2020-03-17 20:36 ` Kees Cook
2020-03-16 22:56 ` [PATCH v3 5/6] kselftest: add fixture variants Jakub Kicinski
2020-03-17 20:37 ` Kees Cook
2020-03-16 22:56 ` [PATCH v3 6/6] selftests: tls: run all tests for TLS 1.2 and TLS 1.3 Jakub Kicinski
2020-03-17 20:46 ` Kees Cook [this message]
2020-03-16 22:59 ` [PATCH v3 0/6] kselftest: add fixture parameters Jakub Kicinski
2020-03-17 20:47 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202003171345.CA27652B@keescook \
--to=keescook@chromium.org \
--cc=Tim.Bird@sony.com \
--cc=kernel-team@fb.com \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=netdev@vger.kernel.org \
--cc=shuah@kernel.org \
--cc=wad@chromium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).