diff --git a/build-aux/knet_valgrind_memcheck.supp b/build-aux/knet_valgrind_memcheck.supp index 9956ca8a..89bb3fd1 100644 --- a/build-aux/knet_valgrind_memcheck.supp +++ b/build-aux/knet_valgrind_memcheck.supp @@ -1,275 +1,358 @@ { lzma internals (spotted on Debian 9 and Ubuntu 18.04 LTS x86-64) Memcheck:Cond obj:/lib/x86_64-linux-gnu/liblzma.so.5.2.2 obj:/lib/x86_64-linux-gnu/liblzma.so.5.2.2 obj:/lib/x86_64-linux-gnu/liblzma.so.5.2.2 obj:/lib/x86_64-linux-gnu/liblzma.so.5.2.2 fun:lzma_block_buffer_encode fun:lzma_stream_buffer_encode fun:lzma_easy_buffer_encode fun:lzma_compress fun:compress_lib_test fun:compress_cfg fun:knet_handle_compress fun:test } { lzma internals (spotted on Ubuntu 18.04 LTS i386) Memcheck:Cond obj:/lib/i386-linux-gnu/liblzma.so.5.2.2 obj:/lib/i386-linux-gnu/liblzma.so.5.2.2 obj:/lib/i386-linux-gnu/liblzma.so.5.2.2 obj:/lib/i386-linux-gnu/liblzma.so.5.2.2 obj:/lib/i386-linux-gnu/liblzma.so.5.2.2 obj:/lib/i386-linux-gnu/liblzma.so.5.2.2 fun:lzma_stream_buffer_encode fun:lzma_easy_buffer_encode fun:lzma_compress fun:compress_lib_test fun:compress_cfg fun:knet_handle_compress } { openssl internals (spotted on OpenSUSE 15) Memcheck:Cond fun:__memcmp_sse4_1 obj:/usr/lib64/libcrypto.so.1.1 fun:FIPS_selftest obj:/usr/lib64/libcrypto.so.1.1 fun:FIPS_mode_set obj:/usr/lib64/libcrypto.so.1.1 fun:call_init.part.0 fun:_dl_init fun:dl_open_worker fun:_dl_catch_error fun:_dl_open fun:dlopen_doit } { openssl internals (spotted on OpenSUSE Tumbleweed) Memcheck:Cond obj:/usr/lib64/libcrypto.so.1.1 fun:RAND_DRBG_generate obj:/usr/lib64/libcrypto.so.1.1 fun:RAND_DRBG_instantiate obj:/usr/lib64/libcrypto.so.1.1 fun:RAND_DRBG_get0_public obj:/usr/lib64/libcrypto.so.1.1 fun:encrypt_openssl.isra.0 fun:opensslcrypto_encrypt_and_signv fun:opensslcrypto_encrypt_and_sign fun:_handle_check_each fun:_send_pings fun:_handle_heartbt_thread fun:start_thread } { openssl internals (spotted on Ubuntu Devel x86-64 - 2019-10-30) Memcheck:Cond obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1 fun:RAND_DRBG_generate obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1 fun:RAND_DRBG_instantiate obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1 fun:RAND_DRBG_get0_public obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1 fun:encrypt_openssl.isra.0 fun:opensslcrypto_encrypt_and_signv fun:opensslcrypto_encrypt_and_sign fun:_handle_check_each fun:_send_pings fun:_handle_heartbt_thread fun:start_thread } { openssl internals (spotted on OpenSUSE Tumbleweed) Memcheck:Cond obj:/usr/lib64/libcrypto.so.1.1 obj:/usr/lib64/libcrypto.so.1.1 fun:RAND_DRBG_generate obj:/usr/lib64/libcrypto.so.1.1 fun:RAND_DRBG_instantiate obj:/usr/lib64/libcrypto.so.1.1 fun:RAND_DRBG_get0_public obj:/usr/lib64/libcrypto.so.1.1 fun:encrypt_openssl.isra.0 fun:opensslcrypto_encrypt_and_signv fun:opensslcrypto_encrypt_and_sign fun:_handle_check_each fun:_send_pings fun:_handle_heartbt_thread } { openssl internals (spotted on Ubuntu Devel x86-64 - 2019-10-30) Memcheck:Cond obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1 obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1 fun:RAND_DRBG_generate obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1 fun:RAND_DRBG_instantiate obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1 fun:RAND_DRBG_get0_public obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1 fun:encrypt_openssl.isra.0 fun:opensslcrypto_encrypt_and_signv fun:opensslcrypto_encrypt_and_sign fun:_handle_check_each fun:_send_pings fun:_handle_heartbt_thread } { openssl internals (spotted on OpenSUSE Tumbleweed) Memcheck:Cond obj:/usr/lib64/libcrypto.so.1.1 obj:/usr/lib64/libcrypto.so.1.1 fun:RAND_DRBG_generate fun:RAND_DRBG_bytes fun:encrypt_openssl.isra.0 fun:opensslcrypto_encrypt_and_signv fun:opensslcrypto_encrypt_and_sign fun:_handle_check_each fun:_send_pings fun:_handle_heartbt_thread fun:start_thread fun:clone } { openssl internals (spotted on Ubuntu Devel x86-64 - 2019-10-30) Memcheck:Cond obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1 obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1 fun:RAND_DRBG_generate fun:RAND_DRBG_bytes fun:encrypt_openssl.isra.0 fun:opensslcrypto_encrypt_and_signv fun:opensslcrypto_encrypt_and_sign fun:_handle_check_each fun:_send_pings fun:_handle_heartbt_thread fun:start_thread fun:clone } { openssl internals (spotted on OpenSUSE Tumbleweed) Memcheck:Cond obj:/usr/lib64/libcrypto.so.1.1 fun:RAND_DRBG_generate fun:RAND_DRBG_bytes fun:encrypt_openssl.isra.0 fun:opensslcrypto_encrypt_and_signv fun:opensslcrypto_encrypt_and_sign fun:_handle_check_each fun:_send_pings fun:_handle_heartbt_thread fun:start_thread fun:clone } { openssl internals (spotted on Ubuntu Devel x86-64 - 2019-10-30) Memcheck:Cond obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1 fun:RAND_DRBG_generate fun:RAND_DRBG_bytes fun:encrypt_openssl.isra.0 fun:opensslcrypto_encrypt_and_signv fun:opensslcrypto_encrypt_and_sign fun:_handle_check_each fun:_send_pings fun:_handle_heartbt_thread fun:start_thread fun:clone } { openssl internals (spotted on OpenSUSE 15) Memcheck:Cond obj:/usr/lib64/libcrypto.so.1.1 fun:FIPS_mode_set obj:/usr/lib64/libcrypto.so.1.1 fun:call_init.part.0 fun:_dl_init fun:dl_open_worker fun:_dl_catch_error fun:_dl_open fun:dlopen_doit fun:_dl_catch_error fun:_dlerror_run fun:dlopen@@GLIBC_2.2.5 } { openssl uninitialised byte(s) (spotted on OpenSUSE Tumbleweed and Ubuntu Devel x86-64 - 2019-10-30) Memcheck:Param socketcall.sendto(msg) fun:sendto fun:_handle_check_each fun:_send_pings fun:_handle_heartbt_thread fun:start_thread fun:clone } { openssl uninitialised byte(s) (spotted on OpenSUSE Tumbleweed and Ubuntu Devel x86-64 - 2019-10-30) Memcheck:Param socketcall.sendto(msg) fun:sendto fun:_parse_recv_from_links fun:_handle_recv_from_links fun:_handle_recv_from_links_thread fun:start_thread fun:clone } { openssl uninitialised byte(s) (spotted on OpenSUSE Tumbleweed and Ubuntu Devel x86-64 - 2019-10-30) Memcheck:Param socketcall.sendto(msg) fun:sendto fun:_handle_check_link_pmtud fun:_handle_check_pmtud fun:_handle_pmtud_link_thread fun:start_thread fun:clone } { openssl uninitialised byte(s) (spotted on OpenSUSE Tumbleweed) Memcheck:Param sendmsg(msg.msg_iov[0]) fun:sendmsg fun:_sendmmsg fun:_dispatch_to_links fun:_parse_recv_from_sock fun:_handle_send_to_links fun:_handle_send_to_links_thread fun:start_thread fun:clone } { openssl internals (spotted on Ubuntu Devel x86-64 - 2019-10-30) Memcheck:Param sendmsg(msg.msg_iov[0]) fun:__libc_sendmsg fun:sendmsg fun:_sendmmsg fun:_dispatch_to_links fun:_parse_recv_from_sock fun:_handle_send_to_links fun:_handle_send_to_links_thread fun:start_thread fun:clone } { - nss internal leak (3.41) non recurring (spotted on f29) - Memcheck:Leak - match-leak-kinds: definite - fun:malloc - obj:* - obj:* - obj:* - obj:* - obj:* - obj:* - obj:* - obj:* - obj:* - obj:* - obj:/usr/lib64/libnss3.so + openssl internals (spotted on Ubuntu Devel x86-64 - 2020-07-10) + Memcheck:Cond + obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1 + obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1 + fun:RAND_DRBG_generate + fun:RAND_DRBG_bytes + fun:encrypt_openssl + fun:opensslcrypto_encrypt_and_signv + fun:opensslcrypto_encrypt_and_sign + fun:_handle_check_each + fun:_send_pings + fun:_handle_heartbt_thread + fun:start_thread + fun:clone +} +{ + openssl internals (spotted on Ubuntu Devel x86-64 - 2020-07-10) + Memcheck:Cond + obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1 + obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1 + fun:RAND_DRBG_generate + obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1 + fun:RAND_DRBG_instantiate + obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1 + fun:RAND_DRBG_get0_public + obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1 + fun:encrypt_openssl + fun:opensslcrypto_encrypt_and_signv + fun:opensslcrypto_encrypt_and_sign + fun:_handle_check_each + fun:_send_pings + fun:_handle_heartbt_thread +} +{ + openssl internals (spotted on Ubuntu Devel x86-64 - 2020-07-10) + Memcheck:Cond + obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1 + fun:RAND_DRBG_generate + obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1 + fun:RAND_DRBG_instantiate + obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1 + fun:RAND_DRBG_get0_public + obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1 + fun:encrypt_openssl + fun:opensslcrypto_encrypt_and_signv + fun:opensslcrypto_encrypt_and_sign + fun:_handle_check_each + fun:_send_pings + fun:_handle_heartbt_thread +} +{ + openssl internals (spotted on Ubuntu Devel x86-64 - 2020-07-10) + Memcheck:Cond + obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1 + fun:RAND_DRBG_generate + fun:RAND_DRBG_bytes + fun:encrypt_openssl + fun:opensslcrypto_encrypt_and_signv + fun:opensslcrypto_encrypt_and_sign + fun:_handle_check_each + fun:_send_pings + fun:_handle_heartbt_thread + fun:start_thread + fun:clone +} +{ + nss internal leak (3.41) non recurring (spotted on f29) + Memcheck:Leak + match-leak-kinds: definite + fun:malloc + obj:* + obj:* + obj:* + obj:* + obj:* + obj:* + obj:* + obj:* + obj:* + obj:* + obj:/usr/lib64/libnss3.so +} +{ + nss internal leak (3.41) non recurring + Memcheck:Leak + match-leak-kinds: definite + fun:calloc + obj:* + obj:* + obj:* + obj:* + obj:* + fun:init_nss + fun:nsscrypto_init + fun:crypto_init + fun:knet_handle_crypto_set_config + fun:test + fun:main } diff --git a/libknet/tests/api_knet_handle_crypto_rx_clear_traffic.c b/libknet/tests/api_knet_handle_crypto_rx_clear_traffic.c index d62bd776..cbd87e22 100644 --- a/libknet/tests/api_knet_handle_crypto_rx_clear_traffic.c +++ b/libknet/tests/api_knet_handle_crypto_rx_clear_traffic.c @@ -1,103 +1,103 @@ /* - * Copyright (C) 2016-2019 Red Hat, Inc. All rights reserved. + * Copyright (C) 2020 Red Hat, Inc. All rights reserved. * * Authors: Fabio M. Di Nitto * * This software licensed under GPL-2.0+ */ #include "config.h" #include #include #include #include #include #include "libknet.h" #include "internals.h" #include "crypto_model.h" #include "test-common.h" static void test() { knet_handle_t knet_h; int logfds[2]; printf("Test knet_handle_crypto_rx_clear_traffic incorrect knet_h\n"); if ((!knet_handle_crypto_rx_clear_traffic(NULL, 1)) || (errno != EINVAL)) { printf("knet_handle_crypto_rx_clear_traffic accepted invalid knet_h or returned incorrect error: %s\n", strerror(errno)); exit(FAIL); } setup_logpipes(logfds); knet_h = knet_handle_start(logfds, KNET_LOG_DEBUG); flush_logs(logfds[0], stdout); printf("Test knet_handle_crypto_rx_clear_traffic with invalid value\n"); if ((!knet_handle_crypto_rx_clear_traffic(knet_h, 2)) || (errno != EINVAL)) { printf("knet_handle_crypto_rx_clear_traffic accepted invalid value (%u) or returned incorrect error: %s\n", 2, strerror(errno)); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } flush_logs(logfds[0], stdout); printf("Test knet_handle_crypto_rx_clear_traffic with valid value KNET_CRYPTO_RX_ALLOW_CLEAR_TRAFFIC\n"); if ((knet_handle_crypto_rx_clear_traffic(knet_h, KNET_CRYPTO_RX_ALLOW_CLEAR_TRAFFIC)) < 0) { printf("knet_handle_crypto_rx_clear_traffic did not accept valid value\n"); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } if (knet_h->crypto_only != KNET_CRYPTO_RX_ALLOW_CLEAR_TRAFFIC) { printf("knet_handle_crypto_rx_clear_traffic failed to set correct value\n"); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } flush_logs(logfds[0], stdout); printf("Test knet_handle_crypto_rx_clear_traffic with valid value KNET_CRYPTO_RX_DISALLOW_CLEAR_TRAFFIC\n"); if ((knet_handle_crypto_rx_clear_traffic(knet_h, KNET_CRYPTO_RX_DISALLOW_CLEAR_TRAFFIC)) < 0) { printf("knet_handle_crypto_rx_clear_traffic did not accept valid value\n"); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } if (knet_h->crypto_only != KNET_CRYPTO_RX_DISALLOW_CLEAR_TRAFFIC) { printf("knet_handle_crypto_rx_clear_traffic failed to set correct value\n"); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } flush_logs(logfds[0], stdout); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); } int main(int argc, char *argv[]) { test(); return PASS; } diff --git a/libknet/tests/api_knet_handle_crypto_set_config.c b/libknet/tests/api_knet_handle_crypto_set_config.c index 520249f4..b4e398ba 100644 --- a/libknet/tests/api_knet_handle_crypto_set_config.c +++ b/libknet/tests/api_knet_handle_crypto_set_config.c @@ -1,432 +1,432 @@ /* - * Copyright (C) 2016-2019 Red Hat, Inc. All rights reserved. + * Copyright (C) 2016-2020 Red Hat, Inc. All rights reserved. * * Authors: Fabio M. Di Nitto * * This software licensed under GPL-2.0+ */ #include "config.h" #include #include #include #include #include #include "libknet.h" #include "internals.h" #include "crypto_model.h" #include "test-common.h" static void test(const char *model, const char *model2) { knet_handle_t knet_h; int logfds[2]; struct knet_handle_crypto_cfg knet_handle_crypto_cfg; struct crypto_instance *current = NULL; memset(&knet_handle_crypto_cfg, 0, sizeof(struct knet_handle_crypto_cfg)); printf("Test knet_handle_crypto_set_config incorrect knet_h\n"); if ((!knet_handle_crypto_set_config(NULL, &knet_handle_crypto_cfg, 1)) || (errno != EINVAL)) { printf("knet_handle_crypto_set_config accepted invalid knet_h or returned incorrect error: %s\n", strerror(errno)); exit(FAIL); } setup_logpipes(logfds); knet_h = knet_handle_start(logfds, KNET_LOG_DEBUG); flush_logs(logfds[0], stdout); printf("Test knet_handle_crypto_set_config with invalid cfg\n"); if ((!knet_handle_crypto_set_config(knet_h, NULL, 1)) || (errno != EINVAL)) { printf("knet_handle_crypto_set_config accepted invalid cfg or returned incorrect error: %s\n", strerror(errno)); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } flush_logs(logfds[0], stdout); printf("Test knet_handle_crypto_set_config with invalid config num\n"); if ((!knet_handle_crypto_set_config(knet_h, NULL, KNET_MAX_CRYPTO_INSTANCES + 1)) || (errno != EINVAL)) { printf("knet_handle_crypto_set_config accepted invalid config num (%u) or returned incorrect error: %s\n", KNET_MAX_CRYPTO_INSTANCES + 1, strerror(errno)); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } flush_logs(logfds[0], stdout); printf("Test knet_handle_crypto_set_config with un-initialized cfg\n"); if ((!knet_handle_crypto_set_config(knet_h, &knet_handle_crypto_cfg, 1)) || (errno != EINVAL)) { printf("knet_handle_crypto_set_config accepted invalid un-initialized cfg\n"); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } flush_logs(logfds[0], stdout); printf("Test knet_handle_crypto_set_config with none crypto model (disable crypto)\n"); memset(&knet_handle_crypto_cfg, 0, sizeof(struct knet_handle_crypto_cfg)); strncpy(knet_handle_crypto_cfg.crypto_model, "none", sizeof(knet_handle_crypto_cfg.crypto_model) - 1); strncpy(knet_handle_crypto_cfg.crypto_cipher_type, "aes128", sizeof(knet_handle_crypto_cfg.crypto_cipher_type) - 1); strncpy(knet_handle_crypto_cfg.crypto_hash_type, "sha1", sizeof(knet_handle_crypto_cfg.crypto_hash_type) - 1); if (knet_handle_crypto_set_config(knet_h, &knet_handle_crypto_cfg, 1) != 0) { printf("knet_handle_crypto_set_config did not accept none crypto mode cfg\n"); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } flush_logs(logfds[0], stdout); printf("Test knet_handle_crypto_set_config with none crypto cipher and hash (disable crypto)\n"); memset(&knet_handle_crypto_cfg, 0, sizeof(struct knet_handle_crypto_cfg)); strncpy(knet_handle_crypto_cfg.crypto_model, model, sizeof(knet_handle_crypto_cfg.crypto_model) - 1); strncpy(knet_handle_crypto_cfg.crypto_cipher_type, "none", sizeof(knet_handle_crypto_cfg.crypto_cipher_type) - 1); strncpy(knet_handle_crypto_cfg.crypto_hash_type, "none", sizeof(knet_handle_crypto_cfg.crypto_hash_type) - 1); if (knet_handle_crypto_set_config(knet_h, &knet_handle_crypto_cfg, 1) != 0) { printf("knet_handle_crypto_set_config did not accept none crypto cipher and hash cfg\n"); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } flush_logs(logfds[0], stdout); printf("Test knet_handle_crypto_set_config with %s/aes128/sha1 and too short key\n", model); memset(&knet_handle_crypto_cfg, 0, sizeof(struct knet_handle_crypto_cfg)); strncpy(knet_handle_crypto_cfg.crypto_model, model, sizeof(knet_handle_crypto_cfg.crypto_model) - 1); strncpy(knet_handle_crypto_cfg.crypto_cipher_type, "aes128", sizeof(knet_handle_crypto_cfg.crypto_cipher_type) - 1); strncpy(knet_handle_crypto_cfg.crypto_hash_type, "sha1", sizeof(knet_handle_crypto_cfg.crypto_hash_type) - 1); knet_handle_crypto_cfg.private_key_len = 10; if ((!knet_handle_crypto_set_config(knet_h, &knet_handle_crypto_cfg, 1)) || (errno != EINVAL)) { printf("knet_handle_crypto_set_config accepted too short private key\n"); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } flush_logs(logfds[0], stdout); printf("Test knet_handle_crypto_set_config with %s/aes128/sha1 and too long key\n", model); memset(&knet_handle_crypto_cfg, 0, sizeof(struct knet_handle_crypto_cfg)); strncpy(knet_handle_crypto_cfg.crypto_model, model, sizeof(knet_handle_crypto_cfg.crypto_model) - 1); strncpy(knet_handle_crypto_cfg.crypto_cipher_type, "aes128", sizeof(knet_handle_crypto_cfg.crypto_cipher_type) - 1); strncpy(knet_handle_crypto_cfg.crypto_hash_type, "sha1", sizeof(knet_handle_crypto_cfg.crypto_hash_type) - 1); knet_handle_crypto_cfg.private_key_len = 10000; if ((!knet_handle_crypto_set_config(knet_h, &knet_handle_crypto_cfg, 1)) || (errno != EINVAL)) { printf("knet_handle_crypto_set_config accepted too long private key\n"); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } flush_logs(logfds[0], stdout); printf("Test knet_handle_crypto_set_config with %s/aes128/sha1 and normal key\n", model); memset(&knet_handle_crypto_cfg, 0, sizeof(struct knet_handle_crypto_cfg)); strncpy(knet_handle_crypto_cfg.crypto_model, model, sizeof(knet_handle_crypto_cfg.crypto_model) - 1); strncpy(knet_handle_crypto_cfg.crypto_cipher_type, "aes128", sizeof(knet_handle_crypto_cfg.crypto_cipher_type) - 1); strncpy(knet_handle_crypto_cfg.crypto_hash_type, "sha1", sizeof(knet_handle_crypto_cfg.crypto_hash_type) - 1); knet_handle_crypto_cfg.private_key_len = 2000; if (knet_handle_crypto_set_config(knet_h, &knet_handle_crypto_cfg, 1)) { printf("knet_handle_crypto_set_config failed with correct config: %s\n", strerror(errno)); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } flush_logs(logfds[0], stdout); printf("Test knet_handle_crypto_set_config reconfig with %s/aes128/sha1 and normal key\n", model2); current = knet_h->crypto_instance[1]; memset(&knet_handle_crypto_cfg, 0, sizeof(struct knet_handle_crypto_cfg)); strncpy(knet_handle_crypto_cfg.crypto_model, model, sizeof(knet_handle_crypto_cfg.crypto_model) - 1); strncpy(knet_handle_crypto_cfg.crypto_cipher_type, "aes128", sizeof(knet_handle_crypto_cfg.crypto_cipher_type) - 1); strncpy(knet_handle_crypto_cfg.crypto_hash_type, "sha1", sizeof(knet_handle_crypto_cfg.crypto_hash_type) - 1); knet_handle_crypto_cfg.private_key_len = 2000; if (knet_handle_crypto_set_config(knet_h, &knet_handle_crypto_cfg, 1)) { printf("knet_handle_crypto_set_config failed with correct config: %s\n", strerror(errno)); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } flush_logs(logfds[0], stdout); if (current == knet_h->crypto_instance[1]) { printf("knet_handle_crypto_set_config failed to install new correct config: %s\n", strerror(errno)); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } flush_logs(logfds[0], stdout); printf("Test knet_handle_crypto_set_config reconfig with %s/aes128/sha1 and normal key\n", model); current = knet_h->crypto_instance[1]; memset(&knet_handle_crypto_cfg, 0, sizeof(struct knet_handle_crypto_cfg)); strncpy(knet_handle_crypto_cfg.crypto_model, model, sizeof(knet_handle_crypto_cfg.crypto_model) - 1); strncpy(knet_handle_crypto_cfg.crypto_cipher_type, "aes128", sizeof(knet_handle_crypto_cfg.crypto_cipher_type) - 1); strncpy(knet_handle_crypto_cfg.crypto_hash_type, "sha1", sizeof(knet_handle_crypto_cfg.crypto_hash_type) - 1); knet_handle_crypto_cfg.private_key_len = 2000; if (knet_handle_crypto_set_config(knet_h, &knet_handle_crypto_cfg, 1)) { printf("knet_handle_crypto_set_config failed with correct config: %s\n", strerror(errno)); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } flush_logs(logfds[0], stdout); if (current == knet_h->crypto_instance[1]) { printf("knet_handle_crypto_set_config failed to install new correct config: %s\n", strerror(errno)); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } flush_logs(logfds[0], stdout); printf("Test knet_handle_crypto_set_config reconfig with %s/aes129/sha1 and normal key\n", model); current = knet_h->crypto_instance[1]; memset(&knet_handle_crypto_cfg, 0, sizeof(struct knet_handle_crypto_cfg)); strncpy(knet_handle_crypto_cfg.crypto_model, model, sizeof(knet_handle_crypto_cfg.crypto_model) - 1); strncpy(knet_handle_crypto_cfg.crypto_cipher_type, "aes129", sizeof(knet_handle_crypto_cfg.crypto_cipher_type) - 1); strncpy(knet_handle_crypto_cfg.crypto_hash_type, "sha1", sizeof(knet_handle_crypto_cfg.crypto_hash_type) - 1); knet_handle_crypto_cfg.private_key_len = 2000; if (!knet_handle_crypto_set_config(knet_h, &knet_handle_crypto_cfg, 1)) { printf("knet_handle_crypto_set_config failed to detect incorrect config: %s\n", strerror(errno)); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } flush_logs(logfds[0], stdout); if (current != knet_h->crypto_instance[1]) { printf("knet_handle_crypto_set_config failed to restore correct config: %s\n", strerror(errno)); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } flush_logs(logfds[0], stdout); printf("Test knet_handle_crypto_set_config with %s/aes128/none and normal key\n", model); memset(&knet_handle_crypto_cfg, 0, sizeof(struct knet_handle_crypto_cfg)); strncpy(knet_handle_crypto_cfg.crypto_model, model, sizeof(knet_handle_crypto_cfg.crypto_model) - 1); strncpy(knet_handle_crypto_cfg.crypto_cipher_type, "aes128", sizeof(knet_handle_crypto_cfg.crypto_cipher_type) - 1); strncpy(knet_handle_crypto_cfg.crypto_hash_type, "none", sizeof(knet_handle_crypto_cfg.crypto_hash_type) - 1); knet_handle_crypto_cfg.private_key_len = 2000; if (!knet_handle_crypto_set_config(knet_h, &knet_handle_crypto_cfg, 1)) { printf("knet_handle_crypto_set_config accepted crypto without hashing\n"); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } flush_logs(logfds[0], stdout); printf("Test knet_handle_crypto_set_config with %s/aes128/sha1 and key where (key_len %% wrap_key_block_size != 0)\n", model); memset(&knet_handle_crypto_cfg, 0, sizeof(struct knet_handle_crypto_cfg)); strncpy(knet_handle_crypto_cfg.crypto_model, model, sizeof(knet_handle_crypto_cfg.crypto_model) - 1); strncpy(knet_handle_crypto_cfg.crypto_cipher_type, "aes128", sizeof(knet_handle_crypto_cfg.crypto_cipher_type) - 1); strncpy(knet_handle_crypto_cfg.crypto_hash_type, "sha1", sizeof(knet_handle_crypto_cfg.crypto_hash_type) - 1); /* * Prime number so chance that (private_key_len % wrap_key_block_size == 0) is minimalized */ knet_handle_crypto_cfg.private_key_len = 2003; if (knet_handle_crypto_set_config(knet_h, &knet_handle_crypto_cfg, 1) < 0) { printf("knet_handle_crypto_set_config doesn't accept private_ley with len 2003: %s\n", strerror(errno)); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } flush_logs(logfds[0], stdout); printf("Test knet_handle_crypto_set_config second with %s/aes128/sha1 and normal key\n", model); memset(&knet_handle_crypto_cfg, 0, sizeof(struct knet_handle_crypto_cfg)); strncpy(knet_handle_crypto_cfg.crypto_model, model, sizeof(knet_handle_crypto_cfg.crypto_model) - 1); strncpy(knet_handle_crypto_cfg.crypto_cipher_type, "aes128", sizeof(knet_handle_crypto_cfg.crypto_cipher_type) - 1); strncpy(knet_handle_crypto_cfg.crypto_hash_type, "sha1", sizeof(knet_handle_crypto_cfg.crypto_hash_type) - 1); knet_handle_crypto_cfg.private_key_len = 2000; if (knet_handle_crypto_set_config(knet_h, &knet_handle_crypto_cfg, 2) < 0) { printf("knet_handle_crypto_set_config failed to install second config: %s\n", strerror(errno)); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } flush_logs(logfds[0], stdout); if (!knet_h->crypto_instance[2]) { printf("knet_handle_crypto_set_config failed to install second config but reported success\n"); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } if (knet_h->crypto_instance[1] == knet_h->crypto_instance[2]) { printf("knet_handle_crypto_set_config failed to install second config and assigned to first\n"); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } printf("Test knet_handle_crypto_set_config second config BUSY test\n"); if (knet_handle_crypto_use_config(knet_h, 2) < 0) { printf("knet_handle_crypto_use_config failed to enable second config: %s\n", strerror(errno)); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } if (!knet_handle_crypto_set_config(knet_h, &knet_handle_crypto_cfg, 2) && (errno != EBUSY)) { printf("knet_handle_crypto_set_config failed to detect second config in use: %s\n", strerror(errno)); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } if (knet_handle_crypto_use_config(knet_h, 0) < 0) { printf("knet_handle_crypto_use_config failed to enable second config: %s\n", strerror(errno)); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } flush_logs(logfds[0], stdout); printf("Shutdown crypto\n"); memset(&knet_handle_crypto_cfg, 0, sizeof(struct knet_handle_crypto_cfg)); strncpy(knet_handle_crypto_cfg.crypto_model, "none", sizeof(knet_handle_crypto_cfg.crypto_model) - 1); strncpy(knet_handle_crypto_cfg.crypto_cipher_type, "none", sizeof(knet_handle_crypto_cfg.crypto_cipher_type) - 1); strncpy(knet_handle_crypto_cfg.crypto_hash_type, "none", sizeof(knet_handle_crypto_cfg.crypto_hash_type) - 1); knet_handle_crypto_cfg.private_key_len = 2000; if (knet_handle_crypto_set_config(knet_h, &knet_handle_crypto_cfg, 1) < 0) { printf("Unable to shutdown crypto: %s\n", strerror(errno)); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } flush_logs(logfds[0], stdout); if (knet_h->crypto_instance[1]) { printf("knet_handle_crypto_set_config failed to wipe first config but reported success\n"); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } if (knet_handle_crypto_set_config(knet_h, &knet_handle_crypto_cfg, 2) < 0) { printf("Unable to shutdown crypto: %s\n", strerror(errno)); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } flush_logs(logfds[0], stdout); if (knet_h->crypto_instance[2]) { printf("knet_handle_crypto_set_config failed to wipe first config but reported success\n"); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); } int main(int argc, char *argv[]) { struct knet_crypto_info crypto_list[16]; size_t crypto_list_entries; size_t i; memset(crypto_list, 0, sizeof(crypto_list)); if (knet_get_crypto_list(crypto_list, &crypto_list_entries) < 0) { printf("knet_get_crypto_list failed: %s\n", strerror(errno)); return FAIL; } if (crypto_list_entries == 0) { printf("no crypto modules detected. Skipping\n"); return SKIP; } for (i=0; i < crypto_list_entries; i++) { test(crypto_list[i].name, crypto_list[0].name); } return PASS; } diff --git a/libknet/tests/api_knet_handle_crypto_use_config.c b/libknet/tests/api_knet_handle_crypto_use_config.c index 2f1974dc..d9dd0040 100644 --- a/libknet/tests/api_knet_handle_crypto_use_config.c +++ b/libknet/tests/api_knet_handle_crypto_use_config.c @@ -1,248 +1,248 @@ /* - * Copyright (C) 2016-2019 Red Hat, Inc. All rights reserved. + * Copyright (C) 2020 Red Hat, Inc. All rights reserved. * * Authors: Fabio M. Di Nitto * * This software licensed under GPL-2.0+ */ #include "config.h" #include #include #include #include #include #include "libknet.h" #include "internals.h" #include "crypto_model.h" #include "test-common.h" static void test(const char *model, const char *model2) { knet_handle_t knet_h; int logfds[2]; struct knet_handle_crypto_cfg knet_handle_crypto_cfg; memset(&knet_handle_crypto_cfg, 0, sizeof(struct knet_handle_crypto_cfg)); printf("Test knet_handle_crypto_use_config incorrect knet_h\n"); if ((!knet_handle_crypto_use_config(NULL, 1)) || (errno != EINVAL)) { printf("knet_handle_crypto_use_config accepted invalid knet_h or returned incorrect error: %s\n", strerror(errno)); exit(FAIL); } setup_logpipes(logfds); knet_h = knet_handle_start(logfds, KNET_LOG_DEBUG); flush_logs(logfds[0], stdout); printf("Test knet_handle_crypto_use_config with invalid config num\n"); if ((!knet_handle_crypto_use_config(knet_h, KNET_MAX_CRYPTO_INSTANCES + 1)) || (errno != EINVAL)) { printf("knet_handle_crypto_use_config accepted invalid config num (%u) or returned incorrect error: %s\n", KNET_MAX_CRYPTO_INSTANCES + 1, strerror(errno)); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } flush_logs(logfds[0], stdout); printf("Test knet_handle_crypto_use_config with un-initialized cfg\n"); if ((!knet_handle_crypto_use_config(knet_h, 1)) || (errno != EINVAL)) { printf("knet_handle_crypto_use_config accepted invalid un-initialized cfg (1): %d\n", errno); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } flush_logs(logfds[0], stdout); if ((!knet_handle_crypto_use_config(knet_h, 2)) || (errno != EINVAL)) { printf("knet_handle_crypto_use_config accepted invalid un-initialized cfg (2)\n"); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } flush_logs(logfds[0], stdout); printf("Test knet_handle_crypto_set_config with %s/aes128/sha1 and normal key\n", model); memset(&knet_handle_crypto_cfg, 0, sizeof(struct knet_handle_crypto_cfg)); strncpy(knet_handle_crypto_cfg.crypto_model, model, sizeof(knet_handle_crypto_cfg.crypto_model) - 1); strncpy(knet_handle_crypto_cfg.crypto_cipher_type, "aes128", sizeof(knet_handle_crypto_cfg.crypto_cipher_type) - 1); strncpy(knet_handle_crypto_cfg.crypto_hash_type, "sha1", sizeof(knet_handle_crypto_cfg.crypto_hash_type) - 1); knet_handle_crypto_cfg.private_key_len = 2000; if (knet_handle_crypto_set_config(knet_h, &knet_handle_crypto_cfg, 1)) { printf("knet_handle_crypto_set_config failed with correct config: %s\n", strerror(errno)); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } flush_logs(logfds[0], stdout); printf("Test knet_handle_crypto_use_config with un-initialized cfg (part 2)\n"); if ((!knet_handle_crypto_use_config(knet_h, 2)) || (errno != EINVAL)) { printf("knet_handle_crypto_use_config accepted invalid un-initialized cfg (2)\n"); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } flush_logs(logfds[0], stdout); if ((knet_handle_crypto_use_config(knet_h, 1)) < 0) { printf("knet_handle_crypto_use_config did not accept valid config (1)\n"); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } flush_logs(logfds[0], stdout); printf("Test knet_handle_crypto_set_config for second config with %s/aes128/sha1 and normal key\n", model); memset(&knet_handle_crypto_cfg, 0, sizeof(struct knet_handle_crypto_cfg)); strncpy(knet_handle_crypto_cfg.crypto_model, model, sizeof(knet_handle_crypto_cfg.crypto_model) - 1); strncpy(knet_handle_crypto_cfg.crypto_cipher_type, "aes128", sizeof(knet_handle_crypto_cfg.crypto_cipher_type) - 1); strncpy(knet_handle_crypto_cfg.crypto_hash_type, "sha1", sizeof(knet_handle_crypto_cfg.crypto_hash_type) - 1); knet_handle_crypto_cfg.private_key_len = 2000; if (knet_handle_crypto_set_config(knet_h, &knet_handle_crypto_cfg, 2)) { printf("knet_handle_crypto_set_config failed with correct config: %s\n", strerror(errno)); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } flush_logs(logfds[0], stdout); printf("Test knet_handle_crypto_use_config with valid data\n"); if ((knet_handle_crypto_use_config(knet_h, 2)) < 0) { printf("knet_handle_crypto_use_config did not accept valid config (1)\n"); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } flush_logs(logfds[0], stdout); if (knet_h->crypto_in_use_config != 2) { printf("knet_handle_crypto_set_config failed to set crypto in-use config to 2\n"); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } printf("Shutdown crypto\n"); printf("Test knet_handle_crypto_use_config with valid data\n"); if ((knet_handle_crypto_use_config(knet_h, 0)) < 0) { printf("knet_handle_crypto_use_config did not accept valid config (1)\n"); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } flush_logs(logfds[0], stdout); if (knet_h->crypto_in_use_config != 0) { printf("knet_handle_crypto_set_config failed to set crypto in-use config to 2\n"); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } memset(&knet_handle_crypto_cfg, 0, sizeof(struct knet_handle_crypto_cfg)); strncpy(knet_handle_crypto_cfg.crypto_model, "none", sizeof(knet_handle_crypto_cfg.crypto_model) - 1); strncpy(knet_handle_crypto_cfg.crypto_cipher_type, "none", sizeof(knet_handle_crypto_cfg.crypto_cipher_type) - 1); strncpy(knet_handle_crypto_cfg.crypto_hash_type, "none", sizeof(knet_handle_crypto_cfg.crypto_hash_type) - 1); knet_handle_crypto_cfg.private_key_len = 2000; if (knet_handle_crypto_set_config(knet_h, &knet_handle_crypto_cfg, 1) < 0) { printf("Unable to shutdown crypto: %s\n", strerror(errno)); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } flush_logs(logfds[0], stdout); if (knet_h->crypto_instance[1]) { printf("knet_handle_crypto_set_config failed to wipe first config but reported success\n"); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } if (knet_handle_crypto_set_config(knet_h, &knet_handle_crypto_cfg, 2) < 0) { printf("Unable to shutdown crypto: %s\n", strerror(errno)); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } flush_logs(logfds[0], stdout); if (knet_h->crypto_instance[2]) { printf("knet_handle_crypto_set_config failed to wipe first config but reported success\n"); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); } int main(int argc, char *argv[]) { struct knet_crypto_info crypto_list[16]; size_t crypto_list_entries; size_t i; memset(crypto_list, 0, sizeof(crypto_list)); if (knet_get_crypto_list(crypto_list, &crypto_list_entries) < 0) { printf("knet_get_crypto_list failed: %s\n", strerror(errno)); return FAIL; } if (crypto_list_entries == 0) { printf("no crypto modules detected. Skipping\n"); return SKIP; } for (i=0; i < crypto_list_entries; i++) { test(crypto_list[i].name, crypto_list[0].name); } return PASS; } diff --git a/libknet/tests/fun_config_crypto.c b/libknet/tests/fun_config_crypto.c index 6adb51da..2a4b5df1 100644 --- a/libknet/tests/fun_config_crypto.c +++ b/libknet/tests/fun_config_crypto.c @@ -1,281 +1,278 @@ /* - * Copyright (C) 2016-2019 Red Hat, Inc. All rights reserved. + * Copyright (C) 2020 Red Hat, Inc. All rights reserved. * * Authors: Fabio M. Di Nitto * * This software licensed under GPL-2.0+ */ #include "config.h" #include #include #include #include #include #include #include "libknet.h" #include "compress.h" #include "internals.h" #include "netutils.h" #include "test-common.h" #define TESTNODES 2 static void test(const char *model) { knet_handle_t knet_h[TESTNODES + 1]; int logfds[2]; struct knet_handle_crypto_cfg knet_handle_crypto_cfg; int i,x,j; - int seconds = 10; + int seconds = 5; if (is_memcheck() || is_helgrind()) { printf("Test suite is running under valgrind, adjusting wait_for_host timeout\n"); seconds = seconds * 16; } setup_logpipes(logfds); knet_handle_start_nodes(knet_h, TESTNODES, logfds, KNET_LOG_DEBUG); flush_logs(logfds[0], stdout); /* * config1: aes128/sha256 key1 is all 0s (2000 bytes) */ memset(&knet_handle_crypto_cfg, 0, sizeof(struct knet_handle_crypto_cfg)); strncpy(knet_handle_crypto_cfg.crypto_model, model, sizeof(knet_handle_crypto_cfg.crypto_model) - 1); strncpy(knet_handle_crypto_cfg.crypto_cipher_type, "aes128", sizeof(knet_handle_crypto_cfg.crypto_cipher_type) - 1); strncpy(knet_handle_crypto_cfg.crypto_hash_type, "sha256", sizeof(knet_handle_crypto_cfg.crypto_hash_type) - 1); memset(knet_handle_crypto_cfg.private_key, 0, KNET_MAX_KEY_LEN); knet_handle_crypto_cfg.private_key_len = 2000; for (i = 1; i <= TESTNODES; i++) { if (knet_handle_crypto_set_config(knet_h[i], &knet_handle_crypto_cfg, 1) < 0) { printf("knet_handle_crypto_set_config (1) failed with correct config: %s\n", strerror(errno)); knet_handle_stop_nodes(knet_h, TESTNODES); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } if (knet_handle_crypto_use_config(knet_h[i], 1) < 0) { printf("knet_handle_crypto_use_config (1) failed with correct config: %s\n", strerror(errno)); knet_handle_stop_nodes(knet_h, TESTNODES); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } if (knet_handle_crypto_rx_clear_traffic(knet_h[i], KNET_CRYPTO_RX_DISALLOW_CLEAR_TRAFFIC)) { printf("knet_handle_crypto_rx_clear_traffic failed: %s\n", strerror(errno)); knet_handle_stop_nodes(knet_h, TESTNODES); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } } flush_logs(logfds[0], stdout); knet_handle_join_nodes(knet_h, TESTNODES, 1, AF_INET, KNET_TRANSPORT_UDP); flush_logs(logfds[0], stdout); /* * config2: aes256/sha512 key1 is all 1s (KNET_MAX_KEY_LEN bytes) */ memset(&knet_handle_crypto_cfg, 0, sizeof(struct knet_handle_crypto_cfg)); strncpy(knet_handle_crypto_cfg.crypto_model, model, sizeof(knet_handle_crypto_cfg.crypto_model) - 1); strncpy(knet_handle_crypto_cfg.crypto_cipher_type, "aes256", sizeof(knet_handle_crypto_cfg.crypto_cipher_type) - 1); strncpy(knet_handle_crypto_cfg.crypto_hash_type, "sha512", sizeof(knet_handle_crypto_cfg.crypto_hash_type) - 1); memset(knet_handle_crypto_cfg.private_key, 1, KNET_MAX_KEY_LEN); knet_handle_crypto_cfg.private_key_len = KNET_MAX_KEY_LEN; for (i = 1; i <= TESTNODES; i++) { if (knet_handle_crypto_set_config(knet_h[i], &knet_handle_crypto_cfg, 2) < 0) { printf("knet_handle_crypto_set_config (2) failed with correct config: %s\n", strerror(errno)); knet_handle_stop_nodes(knet_h, TESTNODES); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } } flush_logs(logfds[0], stdout); printf("Testing crypto config switch from 1 to 2\n"); for (i = 1; i <= TESTNODES; i++) { if (knet_handle_crypto_use_config(knet_h[i], 2) < 0) { printf("knet_handle_crypto_use_config (2) failed with correct config: %s\n", strerror(errno)); knet_handle_stop_nodes(knet_h, TESTNODES); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } for (x = 0; x < seconds; x++){ flush_logs(logfds[0], stdout); sleep(1); - x++; } for (x = 1; x <= TESTNODES; x++) { for (j = 1; j <= TESTNODES; j++) { if (j == x) { continue; } if (knet_h[x]->host_index[j]->status.reachable != 1) { printf("knet failed to switch config for host %d\n", x); knet_handle_stop_nodes(knet_h, TESTNODES); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } } } } flush_logs(logfds[0], stdout); printf("Testing crypto config switch from 2 to 1\n"); for (i = 1; i <= TESTNODES; i++) { if (knet_handle_crypto_use_config(knet_h[i], 1) < 0) { printf("knet_handle_crypto_use_config (1) failed with correct config: %s\n", strerror(errno)); knet_handle_stop_nodes(knet_h, TESTNODES); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } for (x = 0; x < seconds; x++){ flush_logs(logfds[0], stdout); sleep(1); - x++; } for (x = 1; x <= TESTNODES; x++) { for (j = 1; j <= TESTNODES; j++) { if (j == x) { continue; } if (knet_h[x]->host_index[j]->status.reachable != 1) { printf("knet failed to switch config for host %d\n", x); knet_handle_stop_nodes(knet_h, TESTNODES); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } } } } printf("Testing disable crypto config and allow clear traffic\n"); memset(&knet_handle_crypto_cfg, 0, sizeof(struct knet_handle_crypto_cfg)); strncpy(knet_handle_crypto_cfg.crypto_model, "none", sizeof(knet_handle_crypto_cfg.crypto_model) - 1); strncpy(knet_handle_crypto_cfg.crypto_cipher_type, "none", sizeof(knet_handle_crypto_cfg.crypto_cipher_type) - 1); strncpy(knet_handle_crypto_cfg.crypto_hash_type, "none", sizeof(knet_handle_crypto_cfg.crypto_hash_type) - 1); memset(knet_handle_crypto_cfg.private_key, 0, KNET_MAX_KEY_LEN); knet_handle_crypto_cfg.private_key_len = KNET_MAX_KEY_LEN; for (i = 1; i <= TESTNODES; i++) { /* * config2 is no longer in use */ if (knet_handle_crypto_set_config(knet_h[i], &knet_handle_crypto_cfg, 2) < 0) { printf("knet_handle_crypto_set_config (2) failed with correct config: %s\n", strerror(errno)); knet_handle_stop_nodes(knet_h, TESTNODES); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } /* * allow clear traffic on RX on all nodes, before we change config to clear traffic */ if (knet_handle_crypto_rx_clear_traffic(knet_h[i], KNET_CRYPTO_RX_ALLOW_CLEAR_TRAFFIC)) { printf("knet_handle_crypto_rx_clear_traffic failed: %s\n", strerror(errno)); knet_handle_stop_nodes(knet_h, TESTNODES); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } } for (i = 1; i <= TESTNODES; i++) { /* * switch to clear traffic on RX on all nodes */ if (knet_handle_crypto_use_config(knet_h[i], 0) < 0) { printf("knet_handle_crypto_use_config (0) failed with correct config: %s\n", strerror(errno)); knet_handle_stop_nodes(knet_h, TESTNODES); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } } for (i = 1; i <= TESTNODES; i++) { /* * config1 is no longer in use */ if (knet_handle_crypto_set_config(knet_h[i], &knet_handle_crypto_cfg, 1) < 0) { printf("knet_handle_crypto_set_config (2) failed with correct config: %s\n", strerror(errno)); knet_handle_stop_nodes(knet_h, TESTNODES); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } } for (i = 1; i <= TESTNODES; i++) { for (x = 0; x < seconds; x++){ flush_logs(logfds[0], stdout); sleep(1); - x++; } for (x = 1; x <= TESTNODES; x++) { for (j = 1; j <= TESTNODES; j++) { if (j == x) { continue; } if (knet_h[x]->host_index[j]->status.reachable != 1) { printf("knet failed to switch config for host %d\n", x); knet_handle_stop_nodes(knet_h, TESTNODES); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } } } } flush_logs(logfds[0], stdout); close_logpipes(logfds); knet_handle_stop_nodes(knet_h, TESTNODES); } int main(int argc, char *argv[]) { struct knet_crypto_info crypto_list[16]; size_t crypto_list_entries; size_t i; memset(crypto_list, 0, sizeof(crypto_list)); if (knet_get_crypto_list(crypto_list, &crypto_list_entries) < 0) { printf("knet_get_crypto_list failed: %s\n", strerror(errno)); return FAIL; } if (crypto_list_entries == 0) { printf("no crypto modules detected. Skipping\n"); return SKIP; } for (i=0; i < crypto_list_entries; i++) { test(crypto_list[i].name); } return PASS; }