| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 13 Mar 2020 16:26:43 -0700
From: Kees Cook <keescook@...omium.org>
To: Jakub Kicinski <kuba@...nel.org>
Cc: shuah@...nel.org, luto@...capital.net, wad@...omium.org,
linux-kselftest@...r.kernel.org, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org, kernel-team@...com
Subject: Re: [PATCH 5/5] selftests: tls: run all tests for TLS 1.2 and TLS 1.3
On Thu, Mar 12, 2020 at 08:17:52PM -0700, Jakub Kicinski wrote:
> TLS 1.2 and TLS 1.3 differ in the implementation.
> Use fixture parameters to run all tests for both
> versions, and remove the one-off TLS 1.2 test.
>
> Signed-off-by: Jakub Kicinski <kuba@...nel.org>
I really like the resulting effect here.
Reviewed-by: Kees Cook <keescook@...omium.org>
-Kees
> ---
> tools/testing/selftests/net/tls.c | 93 ++++++-------------------------
> 1 file changed, 17 insertions(+), 76 deletions(-)
>
> diff --git a/tools/testing/selftests/net/tls.c b/tools/testing/selftests/net/tls.c
> index 0ea44d975b6c..63029728ac97 100644
> --- a/tools/testing/selftests/net/tls.c
> +++ b/tools/testing/selftests/net/tls.c
> @@ -101,6 +101,21 @@ FIXTURE(tls)
> bool notls;
> };
>
> +FIXTURE_PARAMS(tls)
> +{
> + unsigned int tls_version;
> +};
> +
> +FIXTURE_PARAMS_ADD(tls, 12)
> +{
> + .tls_version = TLS_1_2_VERSION,
> +};
> +
> +FIXTURE_PARAMS_ADD(tls, 13)
> +{
> + .tls_version = TLS_1_3_VERSION,
> +};
> +
> FIXTURE_SETUP(tls)
> {
> struct tls12_crypto_info_aes_gcm_128 tls12;
> @@ -112,7 +127,7 @@ FIXTURE_SETUP(tls)
> len = sizeof(addr);
>
> memset(&tls12, 0, sizeof(tls12));
> - tls12.info.version = TLS_1_3_VERSION;
> + tls12.info.version = params->tls_version;
> tls12.info.cipher_type = TLS_CIPHER_AES_GCM_128;
>
> addr.sin_family = AF_INET;
> @@ -733,7 +748,7 @@ TEST_F(tls, bidir)
> struct tls12_crypto_info_aes_gcm_128 tls12;
>
> memset(&tls12, 0, sizeof(tls12));
> - tls12.info.version = TLS_1_3_VERSION;
> + tls12.info.version = params->tls_version;
> tls12.info.cipher_type = TLS_CIPHER_AES_GCM_128;
>
> ret = setsockopt(self->fd, SOL_TLS, TLS_RX, &tls12,
> @@ -1258,78 +1273,4 @@ TEST(keysizes) {
> close(cfd);
> }
>
> -TEST(tls12) {
> - int fd, cfd;
> - bool notls;
> -
> - struct tls12_crypto_info_aes_gcm_128 tls12;
> - struct sockaddr_in addr;
> - socklen_t len;
> - int sfd, ret;
> -
> - notls = false;
> - len = sizeof(addr);
> -
> - memset(&tls12, 0, sizeof(tls12));
> - tls12.info.version = TLS_1_2_VERSION;
> - tls12.info.cipher_type = TLS_CIPHER_AES_GCM_128;
> -
> - addr.sin_family = AF_INET;
> - addr.sin_addr.s_addr = htonl(INADDR_ANY);
> - addr.sin_port = 0;
> -
> - fd = socket(AF_INET, SOCK_STREAM, 0);
> - sfd = socket(AF_INET, SOCK_STREAM, 0);
> -
> - ret = bind(sfd, &addr, sizeof(addr));
> - ASSERT_EQ(ret, 0);
> - ret = listen(sfd, 10);
> - ASSERT_EQ(ret, 0);
> -
> - ret = getsockname(sfd, &addr, &len);
> - ASSERT_EQ(ret, 0);
> -
> - ret = connect(fd, &addr, sizeof(addr));
> - ASSERT_EQ(ret, 0);
> -
> - ret = setsockopt(fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls"));
> - if (ret != 0) {
> - notls = true;
> - printf("Failure setting TCP_ULP, testing without tls\n");
> - }
> -
> - if (!notls) {
> - ret = setsockopt(fd, SOL_TLS, TLS_TX, &tls12,
> - sizeof(tls12));
> - ASSERT_EQ(ret, 0);
> - }
> -
> - cfd = accept(sfd, &addr, &len);
> - ASSERT_GE(cfd, 0);
> -
> - if (!notls) {
> - ret = setsockopt(cfd, IPPROTO_TCP, TCP_ULP, "tls",
> - sizeof("tls"));
> - ASSERT_EQ(ret, 0);
> -
> - ret = setsockopt(cfd, SOL_TLS, TLS_RX, &tls12,
> - sizeof(tls12));
> - ASSERT_EQ(ret, 0);
> - }
> -
> - close(sfd);
> -
> - char const *test_str = "test_read";
> - int send_len = 10;
> - char buf[10];
> -
> - send_len = strlen(test_str) + 1;
> - EXPECT_EQ(send(fd, test_str, send_len, 0), send_len);
> - EXPECT_NE(recv(cfd, buf, send_len, 0), -1);
> - EXPECT_EQ(memcmp(buf, test_str, send_len), 0);
> -
> - close(fd);
> - close(cfd);
> -}
> -
> TEST_HARNESS_MAIN
> --
> 2.24.1
>
--
Kees Cook
Powered by blists - more mailing lists