lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-Id: <20220923201319.493208-30-dima@arista.com> Date: Fri, 23 Sep 2022 21:13:13 +0100 From: Dmitry Safonov <dima@...sta.com> To: linux-kernel@...r.kernel.org, David Ahern <dsahern@...nel.org>, Eric Dumazet <edumazet@...gle.com> Cc: Dmitry Safonov <dima@...sta.com>, Andy Lutomirski <luto@...capital.net>, Ard Biesheuvel <ardb@...nel.org>, Bob Gilligan <gilligan@...sta.com>, Dan Carpenter <dan.carpenter@...cle.com>, "David S. Miller" <davem@...emloft.net>, Dmitry Safonov <0x7f454c46@...il.com>, Eric Biggers <ebiggers@...nel.org>, "Eric W. Biederman" <ebiederm@...ssion.com>, Francesco Ruggeri <fruggeri@...sta.com>, Herbert Xu <herbert@...dor.apana.org.au>, Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org>, Ivan Delalande <colona@...sta.com>, Jakub Kicinski <kuba@...nel.org>, Leonard Crestez <cdleonard@...il.com>, Paolo Abeni <pabeni@...hat.com>, Salam Noureddine <noureddine@...sta.com>, Shuah Khan <shuah@...nel.org>, netdev@...r.kernel.org, linux-crypto@...r.kernel.org Subject: [PATCH v2 29/35] selftest/tcp-ao: Add test for TCP-AO add setsockopt() command Verify corner-cases for UAPI. Sample output: > # ./setsockopt-closed_ipv6 > 1..16 > # 9508[lib/setup.c:173] rand seed 1643819055 > TAP version 13 > ok 1 minimum size > ok 2 extended size > ok 3 bad algo > ok 4 bad ao flags > ok 5 empty prefix > ok 6 prefix, any addr > ok 7 no prefix, any addr > ok 8 too short prefix > ok 9 too big prefix > ok 10 too big maclen > ok 11 bad key flags > ok 12 too big keylen > not ok 13 duplicate: full copy: setsockopt() was expected to fail with 17 > ok 14 duplicate: any addr key on the socket > ok 15 duplicate: add any addr key > not ok 16 duplicate: add any addr for the same subnet: setsockopt() was expected to fail with 17 Signed-off-by: Dmitry Safonov <dima@...sta.com> --- tools/testing/selftests/net/tcp_ao/Makefile | 3 +- .../selftests/net/tcp_ao/setsockopt-closed.c | 191 ++++++++++++++++++ 2 files changed, 193 insertions(+), 1 deletion(-) create mode 100644 tools/testing/selftests/net/tcp_ao/setsockopt-closed.c diff --git a/tools/testing/selftests/net/tcp_ao/Makefile b/tools/testing/selftests/net/tcp_ao/Makefile index 5064e34ebe38..a001dc2aed4e 100644 --- a/tools/testing/selftests/net/tcp_ao/Makefile +++ b/tools/testing/selftests/net/tcp_ao/Makefile @@ -1,5 +1,6 @@ # SPDX-License-Identifier: GPL-2.0 -TEST_BOTH_AF := connect icmps-discard icmps-accept connect-deny +TEST_BOTH_AF := connect icmps-discard icmps-accept connect-deny \ + setsockopt-closed TEST_IPV4_PROGS := $(TEST_BOTH_AF:%=%_ipv4) TEST_IPV6_PROGS := $(TEST_BOTH_AF:%=%_ipv6) diff --git a/tools/testing/selftests/net/tcp_ao/setsockopt-closed.c b/tools/testing/selftests/net/tcp_ao/setsockopt-closed.c new file mode 100644 index 000000000000..be2cbc407f60 --- /dev/null +++ b/tools/testing/selftests/net/tcp_ao/setsockopt-closed.c @@ -0,0 +1,191 @@ +// SPDX-License-Identifier: GPL-2.0 +/* Author: Dmitry Safonov <dima@...sta.com> */ +#include <inttypes.h> +#include "../../../../include/linux/kernel.h" +#include "aolib.h" + +static void clean_ao(int sk, struct tcp_ao *ao) +{ + struct tcp_ao_del ao_del = {}; + + ao_del.tcpa_sndid = ao->tcpa_sndid; + ao_del.tcpa_rcvid = ao->tcpa_rcvid; + ao_del.tcpa_prefix = ao->tcpa_prefix; + memcpy(&ao_del.tcpa_addr, &ao->tcpa_addr, sizeof(ao->tcpa_addr)); + + if (setsockopt(sk, IPPROTO_TCP, TCP_AO_DEL, &ao_del, sizeof(ao_del))) + test_error("setsockopt(TCP_AO_DEL) failed to clean"); + close(sk); +} + +static void setsockopt_checked(int sk, int optname, struct tcp_ao *ao, + int err, const char *tst) +{ + int ret; + + errno = 0; + ret = setsockopt(sk, IPPROTO_TCP, optname, ao, sizeof(*ao)); + if (ret == -1) { + if (errno == err) { + test_ok("%s", tst); + return; + } + test_fail("%s: setsockopt() returned %d", tst, err); + return; + } + + if (err) { + test_fail("%s: setsockopt() was expected to fail with %d", tst, err); + } else { + test_ok("%s", tst); + test_verify_socket_ao(sk, ao); + } + clean_ao(sk, ao); +} + +static int prepare_defs(struct tcp_ao *ao) +{ + int sk = socket(test_family, SOCK_STREAM, IPPROTO_TCP); + + if (sk < 0) + test_error("socket()"); + + if (test_prepare_def_ao(ao, "password", 0, this_ip_dest, -1, 100, 100)) + test_error("prepare default tcp_ao"); + + return sk; +} + +static void test_extend(void) +{ + struct tcp_ao ao; + struct { + struct tcp_ao ao; + char *extend[100]; + } ao_big = {}; + int ret, sk; + + sk = prepare_defs(&ao); + errno = 0; + ret = setsockopt(sk, IPPROTO_TCP, TCP_AO, + &ao, offsetof(struct tcp_ao, tcpa_key)); + if (!ret) { + test_fail("minminum size: accepted invalid size"); + clean_ao(sk, &ao); + } else if (errno != EINVAL) { + test_fail("minminum size: failed with %d", errno); + } else { + test_ok("minimum size"); + } + + sk = prepare_defs(&ao_big.ao); + errno = 0; + ret = setsockopt(sk, IPPROTO_TCP, TCP_AO, &ao_big.ao, sizeof(ao_big)); + if (ret) { + test_fail("extended size: returned %d", ret); + } else { + test_ok("extended size"); + clean_ao(sk, &ao_big.ao); + } +} + +static void einval_tests(void) +{ + struct tcp_ao ao; + int sk; + + sk = prepare_defs(&ao); + strcpy(ao.tcpa_alg_name, "imaginary hash algo"); + setsockopt_checked(sk, TCP_AO, &ao, ENOENT, "bad algo"); + + sk = prepare_defs(&ao); + ao.tcpa_flags = (uint16_t)(-1); + setsockopt_checked(sk, TCP_AO, &ao, EINVAL, "bad ao flags"); + + sk = prepare_defs(&ao); + ao.tcpa_prefix = 0; + setsockopt_checked(sk, TCP_AO, &ao, EINVAL, "empty prefix"); + + sk = prepare_defs(&ao); + ao.tcpa_prefix = 32; + memcpy(&ao.tcpa_addr, &SOCKADDR_ANY, sizeof(SOCKADDR_ANY)); + setsockopt_checked(sk, TCP_AO, &ao, EINVAL, "prefix, any addr"); + + sk = prepare_defs(&ao); + ao.tcpa_prefix = 0; + memcpy(&ao.tcpa_addr, &SOCKADDR_ANY, sizeof(SOCKADDR_ANY)); + setsockopt_checked(sk, TCP_AO, &ao, 0, "no prefix, any addr"); + + sk = prepare_defs(&ao); + ao.tcpa_prefix = 2; + setsockopt_checked(sk, TCP_AO, &ao, EINVAL, "too short prefix"); + + sk = prepare_defs(&ao); + ao.tcpa_prefix = 129; + setsockopt_checked(sk, TCP_AO, &ao, EINVAL, "too big prefix"); + + sk = prepare_defs(&ao); + ao.tcpa_maclen = 100; + setsockopt_checked(sk, TCP_AO, &ao, EMSGSIZE, "too big maclen"); + + sk = prepare_defs(&ao); + ao.tcpa_keyflags = (uint8_t)(-1); + setsockopt_checked(sk, TCP_AO, &ao, EINVAL, "bad key flags"); + + sk = prepare_defs(&ao); + ao.tcpa_keylen = TCP_AO_MAXKEYLEN + 1; + setsockopt_checked(sk, TCP_AO, &ao, EINVAL, "too big keylen"); +} + +static void duplicate_tests(void) +{ + union tcp_addr network_dup; + struct tcp_ao ao, ao2; + int sk; + + sk = prepare_defs(&ao); + if (setsockopt(sk, IPPROTO_TCP, TCP_AO, &ao, sizeof(ao))) + test_error("setsockopt()"); + setsockopt_checked(sk, TCP_AO, &ao, EEXIST, "duplicate: full copy"); + + sk = prepare_defs(&ao); + ao2 = ao; + memcpy(&ao2.tcpa_addr, &SOCKADDR_ANY, sizeof(SOCKADDR_ANY)); + ao2.tcpa_prefix = 0; + if (setsockopt(sk, IPPROTO_TCP, TCP_AO, &ao2, sizeof(ao))) + test_error("setsockopt()"); + setsockopt_checked(sk, TCP_AO, &ao, EEXIST, "duplicate: any addr key on the socket"); + + sk = prepare_defs(&ao); + if (setsockopt(sk, IPPROTO_TCP, TCP_AO, &ao, sizeof(ao))) + test_error("setsockopt()"); + memcpy(&ao.tcpa_addr, &SOCKADDR_ANY, sizeof(SOCKADDR_ANY)); + ao.tcpa_prefix = 0; + setsockopt_checked(sk, TCP_AO, &ao, EEXIST, "duplicate: add any addr key"); + + + if (inet_pton(TEST_FAMILY, TEST_NETWORK, &network_dup) != 1) + test_error("Can't convert ip address %s", TEST_NETWORK); + sk = prepare_defs(&ao); + if (setsockopt(sk, IPPROTO_TCP, TCP_AO, &ao, sizeof(ao))) + test_error("setsockopt()"); + if (test_prepare_def_ao(&ao, "password", 0, network_dup, 16, 100, 100)) + test_error("prepare default tcp_ao"); + setsockopt_checked(sk, TCP_AO, &ao, EEXIST, "duplicate: add any addr for the same subnet"); +} + + +static void *client_fn(void *arg) +{ + test_extend(); + einval_tests(); + duplicate_tests(); + + return NULL; +} + +int main(int argc, char *argv[]) +{ + test_init(16, client_fn, NULL); + return 0; +} -- 2.37.2
Powered by blists - more mailing lists