diff --git a/build-aux/knet_valgrind_memcheck.supp b/build-aux/knet_valgrind_memcheck.supp
index 9956ca8a..89bb3fd1 100644
--- a/build-aux/knet_valgrind_memcheck.supp
+++ b/build-aux/knet_valgrind_memcheck.supp
@@ -1,275 +1,358 @@
{
lzma internals (spotted on Debian 9 and Ubuntu 18.04 LTS x86-64)
Memcheck:Cond
obj:/lib/x86_64-linux-gnu/liblzma.so.5.2.2
obj:/lib/x86_64-linux-gnu/liblzma.so.5.2.2
obj:/lib/x86_64-linux-gnu/liblzma.so.5.2.2
obj:/lib/x86_64-linux-gnu/liblzma.so.5.2.2
fun:lzma_block_buffer_encode
fun:lzma_stream_buffer_encode
fun:lzma_easy_buffer_encode
fun:lzma_compress
fun:compress_lib_test
fun:compress_cfg
fun:knet_handle_compress
fun:test
}
{
lzma internals (spotted on Ubuntu 18.04 LTS i386)
Memcheck:Cond
obj:/lib/i386-linux-gnu/liblzma.so.5.2.2
obj:/lib/i386-linux-gnu/liblzma.so.5.2.2
obj:/lib/i386-linux-gnu/liblzma.so.5.2.2
obj:/lib/i386-linux-gnu/liblzma.so.5.2.2
obj:/lib/i386-linux-gnu/liblzma.so.5.2.2
obj:/lib/i386-linux-gnu/liblzma.so.5.2.2
fun:lzma_stream_buffer_encode
fun:lzma_easy_buffer_encode
fun:lzma_compress
fun:compress_lib_test
fun:compress_cfg
fun:knet_handle_compress
}
{
openssl internals (spotted on OpenSUSE 15)
Memcheck:Cond
fun:__memcmp_sse4_1
obj:/usr/lib64/libcrypto.so.1.1
fun:FIPS_selftest
obj:/usr/lib64/libcrypto.so.1.1
fun:FIPS_mode_set
obj:/usr/lib64/libcrypto.so.1.1
fun:call_init.part.0
fun:_dl_init
fun:dl_open_worker
fun:_dl_catch_error
fun:_dl_open
fun:dlopen_doit
}
{
openssl internals (spotted on OpenSUSE Tumbleweed)
Memcheck:Cond
obj:/usr/lib64/libcrypto.so.1.1
fun:RAND_DRBG_generate
obj:/usr/lib64/libcrypto.so.1.1
fun:RAND_DRBG_instantiate
obj:/usr/lib64/libcrypto.so.1.1
fun:RAND_DRBG_get0_public
obj:/usr/lib64/libcrypto.so.1.1
fun:encrypt_openssl.isra.0
fun:opensslcrypto_encrypt_and_signv
fun:opensslcrypto_encrypt_and_sign
fun:_handle_check_each
fun:_send_pings
fun:_handle_heartbt_thread
fun:start_thread
}
{
openssl internals (spotted on Ubuntu Devel x86-64 - 2019-10-30)
Memcheck:Cond
obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
fun:RAND_DRBG_generate
obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
fun:RAND_DRBG_instantiate
obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
fun:RAND_DRBG_get0_public
obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
fun:encrypt_openssl.isra.0
fun:opensslcrypto_encrypt_and_signv
fun:opensslcrypto_encrypt_and_sign
fun:_handle_check_each
fun:_send_pings
fun:_handle_heartbt_thread
fun:start_thread
}
{
openssl internals (spotted on OpenSUSE Tumbleweed)
Memcheck:Cond
obj:/usr/lib64/libcrypto.so.1.1
obj:/usr/lib64/libcrypto.so.1.1
fun:RAND_DRBG_generate
obj:/usr/lib64/libcrypto.so.1.1
fun:RAND_DRBG_instantiate
obj:/usr/lib64/libcrypto.so.1.1
fun:RAND_DRBG_get0_public
obj:/usr/lib64/libcrypto.so.1.1
fun:encrypt_openssl.isra.0
fun:opensslcrypto_encrypt_and_signv
fun:opensslcrypto_encrypt_and_sign
fun:_handle_check_each
fun:_send_pings
fun:_handle_heartbt_thread
}
{
openssl internals (spotted on Ubuntu Devel x86-64 - 2019-10-30)
Memcheck:Cond
obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
fun:RAND_DRBG_generate
obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
fun:RAND_DRBG_instantiate
obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
fun:RAND_DRBG_get0_public
obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
fun:encrypt_openssl.isra.0
fun:opensslcrypto_encrypt_and_signv
fun:opensslcrypto_encrypt_and_sign
fun:_handle_check_each
fun:_send_pings
fun:_handle_heartbt_thread
}
{
openssl internals (spotted on OpenSUSE Tumbleweed)
Memcheck:Cond
obj:/usr/lib64/libcrypto.so.1.1
obj:/usr/lib64/libcrypto.so.1.1
fun:RAND_DRBG_generate
fun:RAND_DRBG_bytes
fun:encrypt_openssl.isra.0
fun:opensslcrypto_encrypt_and_signv
fun:opensslcrypto_encrypt_and_sign
fun:_handle_check_each
fun:_send_pings
fun:_handle_heartbt_thread
fun:start_thread
fun:clone
}
{
openssl internals (spotted on Ubuntu Devel x86-64 - 2019-10-30)
Memcheck:Cond
obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
fun:RAND_DRBG_generate
fun:RAND_DRBG_bytes
fun:encrypt_openssl.isra.0
fun:opensslcrypto_encrypt_and_signv
fun:opensslcrypto_encrypt_and_sign
fun:_handle_check_each
fun:_send_pings
fun:_handle_heartbt_thread
fun:start_thread
fun:clone
}
{
openssl internals (spotted on OpenSUSE Tumbleweed)
Memcheck:Cond
obj:/usr/lib64/libcrypto.so.1.1
fun:RAND_DRBG_generate
fun:RAND_DRBG_bytes
fun:encrypt_openssl.isra.0
fun:opensslcrypto_encrypt_and_signv
fun:opensslcrypto_encrypt_and_sign
fun:_handle_check_each
fun:_send_pings
fun:_handle_heartbt_thread
fun:start_thread
fun:clone
}
{
openssl internals (spotted on Ubuntu Devel x86-64 - 2019-10-30)
Memcheck:Cond
obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
fun:RAND_DRBG_generate
fun:RAND_DRBG_bytes
fun:encrypt_openssl.isra.0
fun:opensslcrypto_encrypt_and_signv
fun:opensslcrypto_encrypt_and_sign
fun:_handle_check_each
fun:_send_pings
fun:_handle_heartbt_thread
fun:start_thread
fun:clone
}
{
openssl internals (spotted on OpenSUSE 15)
Memcheck:Cond
obj:/usr/lib64/libcrypto.so.1.1
fun:FIPS_mode_set
obj:/usr/lib64/libcrypto.so.1.1
fun:call_init.part.0
fun:_dl_init
fun:dl_open_worker
fun:_dl_catch_error
fun:_dl_open
fun:dlopen_doit
fun:_dl_catch_error
fun:_dlerror_run
fun:dlopen@@GLIBC_2.2.5
}
{
openssl uninitialised byte(s) (spotted on OpenSUSE Tumbleweed and Ubuntu Devel x86-64 - 2019-10-30)
Memcheck:Param
socketcall.sendto(msg)
fun:sendto
fun:_handle_check_each
fun:_send_pings
fun:_handle_heartbt_thread
fun:start_thread
fun:clone
}
{
openssl uninitialised byte(s) (spotted on OpenSUSE Tumbleweed and Ubuntu Devel x86-64 - 2019-10-30)
Memcheck:Param
socketcall.sendto(msg)
fun:sendto
fun:_parse_recv_from_links
fun:_handle_recv_from_links
fun:_handle_recv_from_links_thread
fun:start_thread
fun:clone
}
{
openssl uninitialised byte(s) (spotted on OpenSUSE Tumbleweed and Ubuntu Devel x86-64 - 2019-10-30)
Memcheck:Param
socketcall.sendto(msg)
fun:sendto
fun:_handle_check_link_pmtud
fun:_handle_check_pmtud
fun:_handle_pmtud_link_thread
fun:start_thread
fun:clone
}
{
openssl uninitialised byte(s) (spotted on OpenSUSE Tumbleweed)
Memcheck:Param
sendmsg(msg.msg_iov[0])
fun:sendmsg
fun:_sendmmsg
fun:_dispatch_to_links
fun:_parse_recv_from_sock
fun:_handle_send_to_links
fun:_handle_send_to_links_thread
fun:start_thread
fun:clone
}
{
openssl internals (spotted on Ubuntu Devel x86-64 - 2019-10-30)
Memcheck:Param
sendmsg(msg.msg_iov[0])
fun:__libc_sendmsg
fun:sendmsg
fun:_sendmmsg
fun:_dispatch_to_links
fun:_parse_recv_from_sock
fun:_handle_send_to_links
fun:_handle_send_to_links_thread
fun:start_thread
fun:clone
}
{
- nss internal leak (3.41) non recurring (spotted on f29)
- Memcheck:Leak
- match-leak-kinds: definite
- fun:malloc
- obj:*
- obj:*
- obj:*
- obj:*
- obj:*
- obj:*
- obj:*
- obj:*
- obj:*
- obj:*
- obj:/usr/lib64/libnss3.so
+ openssl internals (spotted on Ubuntu Devel x86-64 - 2020-07-10)
+ Memcheck:Cond
+ obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
+ obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
+ fun:RAND_DRBG_generate
+ fun:RAND_DRBG_bytes
+ fun:encrypt_openssl
+ fun:opensslcrypto_encrypt_and_signv
+ fun:opensslcrypto_encrypt_and_sign
+ fun:_handle_check_each
+ fun:_send_pings
+ fun:_handle_heartbt_thread
+ fun:start_thread
+ fun:clone
+}
+{
+ openssl internals (spotted on Ubuntu Devel x86-64 - 2020-07-10)
+ Memcheck:Cond
+ obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
+ obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
+ fun:RAND_DRBG_generate
+ obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
+ fun:RAND_DRBG_instantiate
+ obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
+ fun:RAND_DRBG_get0_public
+ obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
+ fun:encrypt_openssl
+ fun:opensslcrypto_encrypt_and_signv
+ fun:opensslcrypto_encrypt_and_sign
+ fun:_handle_check_each
+ fun:_send_pings
+ fun:_handle_heartbt_thread
+}
+{
+ openssl internals (spotted on Ubuntu Devel x86-64 - 2020-07-10)
+ Memcheck:Cond
+ obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
+ fun:RAND_DRBG_generate
+ obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
+ fun:RAND_DRBG_instantiate
+ obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
+ fun:RAND_DRBG_get0_public
+ obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
+ fun:encrypt_openssl
+ fun:opensslcrypto_encrypt_and_signv
+ fun:opensslcrypto_encrypt_and_sign
+ fun:_handle_check_each
+ fun:_send_pings
+ fun:_handle_heartbt_thread
+}
+{
+ openssl internals (spotted on Ubuntu Devel x86-64 - 2020-07-10)
+ Memcheck:Cond
+ obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
+ fun:RAND_DRBG_generate
+ fun:RAND_DRBG_bytes
+ fun:encrypt_openssl
+ fun:opensslcrypto_encrypt_and_signv
+ fun:opensslcrypto_encrypt_and_sign
+ fun:_handle_check_each
+ fun:_send_pings
+ fun:_handle_heartbt_thread
+ fun:start_thread
+ fun:clone
+}
+{
+ nss internal leak (3.41) non recurring (spotted on f29)
+ Memcheck:Leak
+ match-leak-kinds: definite
+ fun:malloc
+ obj:*
+ obj:*
+ obj:*
+ obj:*
+ obj:*
+ obj:*
+ obj:*
+ obj:*
+ obj:*
+ obj:*
+ obj:/usr/lib64/libnss3.so
+}
+{
+ nss internal leak (3.41) non recurring
+ Memcheck:Leak
+ match-leak-kinds: definite
+ fun:calloc
+ obj:*
+ obj:*
+ obj:*
+ obj:*
+ obj:*
+ fun:init_nss
+ fun:nsscrypto_init
+ fun:crypto_init
+ fun:knet_handle_crypto_set_config
+ fun:test
+ fun:main
}
diff --git a/libknet/tests/api_knet_handle_crypto_rx_clear_traffic.c b/libknet/tests/api_knet_handle_crypto_rx_clear_traffic.c
index d62bd776..cbd87e22 100644
--- a/libknet/tests/api_knet_handle_crypto_rx_clear_traffic.c
+++ b/libknet/tests/api_knet_handle_crypto_rx_clear_traffic.c
@@ -1,103 +1,103 @@
/*
- * Copyright (C) 2016-2019 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2020 Red Hat, Inc. All rights reserved.
*
* Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
*
* This software licensed under GPL-2.0+
*/
#include "config.h"
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include "libknet.h"
#include "internals.h"
#include "crypto_model.h"
#include "test-common.h"
static void test()
{
knet_handle_t knet_h;
int logfds[2];
printf("Test knet_handle_crypto_rx_clear_traffic incorrect knet_h\n");
if ((!knet_handle_crypto_rx_clear_traffic(NULL, 1)) || (errno != EINVAL)) {
printf("knet_handle_crypto_rx_clear_traffic accepted invalid knet_h or returned incorrect error: %s\n", strerror(errno));
exit(FAIL);
}
setup_logpipes(logfds);
knet_h = knet_handle_start(logfds, KNET_LOG_DEBUG);
flush_logs(logfds[0], stdout);
printf("Test knet_handle_crypto_rx_clear_traffic with invalid value\n");
if ((!knet_handle_crypto_rx_clear_traffic(knet_h, 2)) || (errno != EINVAL)) {
printf("knet_handle_crypto_rx_clear_traffic accepted invalid value (%u) or returned incorrect error: %s\n", 2, strerror(errno));
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
flush_logs(logfds[0], stdout);
printf("Test knet_handle_crypto_rx_clear_traffic with valid value KNET_CRYPTO_RX_ALLOW_CLEAR_TRAFFIC\n");
if ((knet_handle_crypto_rx_clear_traffic(knet_h, KNET_CRYPTO_RX_ALLOW_CLEAR_TRAFFIC)) < 0) {
printf("knet_handle_crypto_rx_clear_traffic did not accept valid value\n");
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
if (knet_h->crypto_only != KNET_CRYPTO_RX_ALLOW_CLEAR_TRAFFIC) {
printf("knet_handle_crypto_rx_clear_traffic failed to set correct value\n");
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
flush_logs(logfds[0], stdout);
printf("Test knet_handle_crypto_rx_clear_traffic with valid value KNET_CRYPTO_RX_DISALLOW_CLEAR_TRAFFIC\n");
if ((knet_handle_crypto_rx_clear_traffic(knet_h, KNET_CRYPTO_RX_DISALLOW_CLEAR_TRAFFIC)) < 0) {
printf("knet_handle_crypto_rx_clear_traffic did not accept valid value\n");
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
if (knet_h->crypto_only != KNET_CRYPTO_RX_DISALLOW_CLEAR_TRAFFIC) {
printf("knet_handle_crypto_rx_clear_traffic failed to set correct value\n");
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
flush_logs(logfds[0], stdout);
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
}
int main(int argc, char *argv[])
{
test();
return PASS;
}
diff --git a/libknet/tests/api_knet_handle_crypto_set_config.c b/libknet/tests/api_knet_handle_crypto_set_config.c
index 520249f4..b4e398ba 100644
--- a/libknet/tests/api_knet_handle_crypto_set_config.c
+++ b/libknet/tests/api_knet_handle_crypto_set_config.c
@@ -1,432 +1,432 @@
/*
- * Copyright (C) 2016-2019 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2016-2020 Red Hat, Inc. All rights reserved.
*
* Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
*
* This software licensed under GPL-2.0+
*/
#include "config.h"
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include "libknet.h"
#include "internals.h"
#include "crypto_model.h"
#include "test-common.h"
static void test(const char *model, const char *model2)
{
knet_handle_t knet_h;
int logfds[2];
struct knet_handle_crypto_cfg knet_handle_crypto_cfg;
struct crypto_instance *current = NULL;
memset(&knet_handle_crypto_cfg, 0, sizeof(struct knet_handle_crypto_cfg));
printf("Test knet_handle_crypto_set_config incorrect knet_h\n");
if ((!knet_handle_crypto_set_config(NULL, &knet_handle_crypto_cfg, 1)) || (errno != EINVAL)) {
printf("knet_handle_crypto_set_config accepted invalid knet_h or returned incorrect error: %s\n", strerror(errno));
exit(FAIL);
}
setup_logpipes(logfds);
knet_h = knet_handle_start(logfds, KNET_LOG_DEBUG);
flush_logs(logfds[0], stdout);
printf("Test knet_handle_crypto_set_config with invalid cfg\n");
if ((!knet_handle_crypto_set_config(knet_h, NULL, 1)) || (errno != EINVAL)) {
printf("knet_handle_crypto_set_config accepted invalid cfg or returned incorrect error: %s\n", strerror(errno));
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
flush_logs(logfds[0], stdout);
printf("Test knet_handle_crypto_set_config with invalid config num\n");
if ((!knet_handle_crypto_set_config(knet_h, NULL, KNET_MAX_CRYPTO_INSTANCES + 1)) || (errno != EINVAL)) {
printf("knet_handle_crypto_set_config accepted invalid config num (%u) or returned incorrect error: %s\n", KNET_MAX_CRYPTO_INSTANCES + 1, strerror(errno));
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
flush_logs(logfds[0], stdout);
printf("Test knet_handle_crypto_set_config with un-initialized cfg\n");
if ((!knet_handle_crypto_set_config(knet_h, &knet_handle_crypto_cfg, 1)) || (errno != EINVAL)) {
printf("knet_handle_crypto_set_config accepted invalid un-initialized cfg\n");
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
flush_logs(logfds[0], stdout);
printf("Test knet_handle_crypto_set_config with none crypto model (disable crypto)\n");
memset(&knet_handle_crypto_cfg, 0, sizeof(struct knet_handle_crypto_cfg));
strncpy(knet_handle_crypto_cfg.crypto_model, "none", sizeof(knet_handle_crypto_cfg.crypto_model) - 1);
strncpy(knet_handle_crypto_cfg.crypto_cipher_type, "aes128", sizeof(knet_handle_crypto_cfg.crypto_cipher_type) - 1);
strncpy(knet_handle_crypto_cfg.crypto_hash_type, "sha1", sizeof(knet_handle_crypto_cfg.crypto_hash_type) - 1);
if (knet_handle_crypto_set_config(knet_h, &knet_handle_crypto_cfg, 1) != 0) {
printf("knet_handle_crypto_set_config did not accept none crypto mode cfg\n");
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
flush_logs(logfds[0], stdout);
printf("Test knet_handle_crypto_set_config with none crypto cipher and hash (disable crypto)\n");
memset(&knet_handle_crypto_cfg, 0, sizeof(struct knet_handle_crypto_cfg));
strncpy(knet_handle_crypto_cfg.crypto_model, model, sizeof(knet_handle_crypto_cfg.crypto_model) - 1);
strncpy(knet_handle_crypto_cfg.crypto_cipher_type, "none", sizeof(knet_handle_crypto_cfg.crypto_cipher_type) - 1);
strncpy(knet_handle_crypto_cfg.crypto_hash_type, "none", sizeof(knet_handle_crypto_cfg.crypto_hash_type) - 1);
if (knet_handle_crypto_set_config(knet_h, &knet_handle_crypto_cfg, 1) != 0) {
printf("knet_handle_crypto_set_config did not accept none crypto cipher and hash cfg\n");
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
flush_logs(logfds[0], stdout);
printf("Test knet_handle_crypto_set_config with %s/aes128/sha1 and too short key\n", model);
memset(&knet_handle_crypto_cfg, 0, sizeof(struct knet_handle_crypto_cfg));
strncpy(knet_handle_crypto_cfg.crypto_model, model, sizeof(knet_handle_crypto_cfg.crypto_model) - 1);
strncpy(knet_handle_crypto_cfg.crypto_cipher_type, "aes128", sizeof(knet_handle_crypto_cfg.crypto_cipher_type) - 1);
strncpy(knet_handle_crypto_cfg.crypto_hash_type, "sha1", sizeof(knet_handle_crypto_cfg.crypto_hash_type) - 1);
knet_handle_crypto_cfg.private_key_len = 10;
if ((!knet_handle_crypto_set_config(knet_h, &knet_handle_crypto_cfg, 1)) || (errno != EINVAL)) {
printf("knet_handle_crypto_set_config accepted too short private key\n");
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
flush_logs(logfds[0], stdout);
printf("Test knet_handle_crypto_set_config with %s/aes128/sha1 and too long key\n", model);
memset(&knet_handle_crypto_cfg, 0, sizeof(struct knet_handle_crypto_cfg));
strncpy(knet_handle_crypto_cfg.crypto_model, model, sizeof(knet_handle_crypto_cfg.crypto_model) - 1);
strncpy(knet_handle_crypto_cfg.crypto_cipher_type, "aes128", sizeof(knet_handle_crypto_cfg.crypto_cipher_type) - 1);
strncpy(knet_handle_crypto_cfg.crypto_hash_type, "sha1", sizeof(knet_handle_crypto_cfg.crypto_hash_type) - 1);
knet_handle_crypto_cfg.private_key_len = 10000;
if ((!knet_handle_crypto_set_config(knet_h, &knet_handle_crypto_cfg, 1)) || (errno != EINVAL)) {
printf("knet_handle_crypto_set_config accepted too long private key\n");
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
flush_logs(logfds[0], stdout);
printf("Test knet_handle_crypto_set_config with %s/aes128/sha1 and normal key\n", model);
memset(&knet_handle_crypto_cfg, 0, sizeof(struct knet_handle_crypto_cfg));
strncpy(knet_handle_crypto_cfg.crypto_model, model, sizeof(knet_handle_crypto_cfg.crypto_model) - 1);
strncpy(knet_handle_crypto_cfg.crypto_cipher_type, "aes128", sizeof(knet_handle_crypto_cfg.crypto_cipher_type) - 1);
strncpy(knet_handle_crypto_cfg.crypto_hash_type, "sha1", sizeof(knet_handle_crypto_cfg.crypto_hash_type) - 1);
knet_handle_crypto_cfg.private_key_len = 2000;
if (knet_handle_crypto_set_config(knet_h, &knet_handle_crypto_cfg, 1)) {
printf("knet_handle_crypto_set_config failed with correct config: %s\n", strerror(errno));
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
flush_logs(logfds[0], stdout);
printf("Test knet_handle_crypto_set_config reconfig with %s/aes128/sha1 and normal key\n", model2);
current = knet_h->crypto_instance[1];
memset(&knet_handle_crypto_cfg, 0, sizeof(struct knet_handle_crypto_cfg));
strncpy(knet_handle_crypto_cfg.crypto_model, model, sizeof(knet_handle_crypto_cfg.crypto_model) - 1);
strncpy(knet_handle_crypto_cfg.crypto_cipher_type, "aes128", sizeof(knet_handle_crypto_cfg.crypto_cipher_type) - 1);
strncpy(knet_handle_crypto_cfg.crypto_hash_type, "sha1", sizeof(knet_handle_crypto_cfg.crypto_hash_type) - 1);
knet_handle_crypto_cfg.private_key_len = 2000;
if (knet_handle_crypto_set_config(knet_h, &knet_handle_crypto_cfg, 1)) {
printf("knet_handle_crypto_set_config failed with correct config: %s\n", strerror(errno));
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
flush_logs(logfds[0], stdout);
if (current == knet_h->crypto_instance[1]) {
printf("knet_handle_crypto_set_config failed to install new correct config: %s\n", strerror(errno));
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
flush_logs(logfds[0], stdout);
printf("Test knet_handle_crypto_set_config reconfig with %s/aes128/sha1 and normal key\n", model);
current = knet_h->crypto_instance[1];
memset(&knet_handle_crypto_cfg, 0, sizeof(struct knet_handle_crypto_cfg));
strncpy(knet_handle_crypto_cfg.crypto_model, model, sizeof(knet_handle_crypto_cfg.crypto_model) - 1);
strncpy(knet_handle_crypto_cfg.crypto_cipher_type, "aes128", sizeof(knet_handle_crypto_cfg.crypto_cipher_type) - 1);
strncpy(knet_handle_crypto_cfg.crypto_hash_type, "sha1", sizeof(knet_handle_crypto_cfg.crypto_hash_type) - 1);
knet_handle_crypto_cfg.private_key_len = 2000;
if (knet_handle_crypto_set_config(knet_h, &knet_handle_crypto_cfg, 1)) {
printf("knet_handle_crypto_set_config failed with correct config: %s\n", strerror(errno));
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
flush_logs(logfds[0], stdout);
if (current == knet_h->crypto_instance[1]) {
printf("knet_handle_crypto_set_config failed to install new correct config: %s\n", strerror(errno));
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
flush_logs(logfds[0], stdout);
printf("Test knet_handle_crypto_set_config reconfig with %s/aes129/sha1 and normal key\n", model);
current = knet_h->crypto_instance[1];
memset(&knet_handle_crypto_cfg, 0, sizeof(struct knet_handle_crypto_cfg));
strncpy(knet_handle_crypto_cfg.crypto_model, model, sizeof(knet_handle_crypto_cfg.crypto_model) - 1);
strncpy(knet_handle_crypto_cfg.crypto_cipher_type, "aes129", sizeof(knet_handle_crypto_cfg.crypto_cipher_type) - 1);
strncpy(knet_handle_crypto_cfg.crypto_hash_type, "sha1", sizeof(knet_handle_crypto_cfg.crypto_hash_type) - 1);
knet_handle_crypto_cfg.private_key_len = 2000;
if (!knet_handle_crypto_set_config(knet_h, &knet_handle_crypto_cfg, 1)) {
printf("knet_handle_crypto_set_config failed to detect incorrect config: %s\n", strerror(errno));
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
flush_logs(logfds[0], stdout);
if (current != knet_h->crypto_instance[1]) {
printf("knet_handle_crypto_set_config failed to restore correct config: %s\n", strerror(errno));
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
flush_logs(logfds[0], stdout);
printf("Test knet_handle_crypto_set_config with %s/aes128/none and normal key\n", model);
memset(&knet_handle_crypto_cfg, 0, sizeof(struct knet_handle_crypto_cfg));
strncpy(knet_handle_crypto_cfg.crypto_model, model, sizeof(knet_handle_crypto_cfg.crypto_model) - 1);
strncpy(knet_handle_crypto_cfg.crypto_cipher_type, "aes128", sizeof(knet_handle_crypto_cfg.crypto_cipher_type) - 1);
strncpy(knet_handle_crypto_cfg.crypto_hash_type, "none", sizeof(knet_handle_crypto_cfg.crypto_hash_type) - 1);
knet_handle_crypto_cfg.private_key_len = 2000;
if (!knet_handle_crypto_set_config(knet_h, &knet_handle_crypto_cfg, 1)) {
printf("knet_handle_crypto_set_config accepted crypto without hashing\n");
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
flush_logs(logfds[0], stdout);
printf("Test knet_handle_crypto_set_config with %s/aes128/sha1 and key where (key_len %% wrap_key_block_size != 0)\n", model);
memset(&knet_handle_crypto_cfg, 0, sizeof(struct knet_handle_crypto_cfg));
strncpy(knet_handle_crypto_cfg.crypto_model, model, sizeof(knet_handle_crypto_cfg.crypto_model) - 1);
strncpy(knet_handle_crypto_cfg.crypto_cipher_type, "aes128", sizeof(knet_handle_crypto_cfg.crypto_cipher_type) - 1);
strncpy(knet_handle_crypto_cfg.crypto_hash_type, "sha1", sizeof(knet_handle_crypto_cfg.crypto_hash_type) - 1);
/*
* Prime number so chance that (private_key_len % wrap_key_block_size == 0) is minimalized
*/
knet_handle_crypto_cfg.private_key_len = 2003;
if (knet_handle_crypto_set_config(knet_h, &knet_handle_crypto_cfg, 1) < 0) {
printf("knet_handle_crypto_set_config doesn't accept private_ley with len 2003: %s\n", strerror(errno));
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
flush_logs(logfds[0], stdout);
printf("Test knet_handle_crypto_set_config second with %s/aes128/sha1 and normal key\n", model);
memset(&knet_handle_crypto_cfg, 0, sizeof(struct knet_handle_crypto_cfg));
strncpy(knet_handle_crypto_cfg.crypto_model, model, sizeof(knet_handle_crypto_cfg.crypto_model) - 1);
strncpy(knet_handle_crypto_cfg.crypto_cipher_type, "aes128", sizeof(knet_handle_crypto_cfg.crypto_cipher_type) - 1);
strncpy(knet_handle_crypto_cfg.crypto_hash_type, "sha1", sizeof(knet_handle_crypto_cfg.crypto_hash_type) - 1);
knet_handle_crypto_cfg.private_key_len = 2000;
if (knet_handle_crypto_set_config(knet_h, &knet_handle_crypto_cfg, 2) < 0) {
printf("knet_handle_crypto_set_config failed to install second config: %s\n", strerror(errno));
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
flush_logs(logfds[0], stdout);
if (!knet_h->crypto_instance[2]) {
printf("knet_handle_crypto_set_config failed to install second config but reported success\n");
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
if (knet_h->crypto_instance[1] == knet_h->crypto_instance[2]) {
printf("knet_handle_crypto_set_config failed to install second config and assigned to first\n");
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
printf("Test knet_handle_crypto_set_config second config BUSY test\n");
if (knet_handle_crypto_use_config(knet_h, 2) < 0) {
printf("knet_handle_crypto_use_config failed to enable second config: %s\n", strerror(errno));
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
if (!knet_handle_crypto_set_config(knet_h, &knet_handle_crypto_cfg, 2) && (errno != EBUSY)) {
printf("knet_handle_crypto_set_config failed to detect second config in use: %s\n", strerror(errno));
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
if (knet_handle_crypto_use_config(knet_h, 0) < 0) {
printf("knet_handle_crypto_use_config failed to enable second config: %s\n", strerror(errno));
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
flush_logs(logfds[0], stdout);
printf("Shutdown crypto\n");
memset(&knet_handle_crypto_cfg, 0, sizeof(struct knet_handle_crypto_cfg));
strncpy(knet_handle_crypto_cfg.crypto_model, "none", sizeof(knet_handle_crypto_cfg.crypto_model) - 1);
strncpy(knet_handle_crypto_cfg.crypto_cipher_type, "none", sizeof(knet_handle_crypto_cfg.crypto_cipher_type) - 1);
strncpy(knet_handle_crypto_cfg.crypto_hash_type, "none", sizeof(knet_handle_crypto_cfg.crypto_hash_type) - 1);
knet_handle_crypto_cfg.private_key_len = 2000;
if (knet_handle_crypto_set_config(knet_h, &knet_handle_crypto_cfg, 1) < 0) {
printf("Unable to shutdown crypto: %s\n", strerror(errno));
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
flush_logs(logfds[0], stdout);
if (knet_h->crypto_instance[1]) {
printf("knet_handle_crypto_set_config failed to wipe first config but reported success\n");
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
if (knet_handle_crypto_set_config(knet_h, &knet_handle_crypto_cfg, 2) < 0) {
printf("Unable to shutdown crypto: %s\n", strerror(errno));
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
flush_logs(logfds[0], stdout);
if (knet_h->crypto_instance[2]) {
printf("knet_handle_crypto_set_config failed to wipe first config but reported success\n");
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
}
int main(int argc, char *argv[])
{
struct knet_crypto_info crypto_list[16];
size_t crypto_list_entries;
size_t i;
memset(crypto_list, 0, sizeof(crypto_list));
if (knet_get_crypto_list(crypto_list, &crypto_list_entries) < 0) {
printf("knet_get_crypto_list failed: %s\n", strerror(errno));
return FAIL;
}
if (crypto_list_entries == 0) {
printf("no crypto modules detected. Skipping\n");
return SKIP;
}
for (i=0; i < crypto_list_entries; i++) {
test(crypto_list[i].name, crypto_list[0].name);
}
return PASS;
}
diff --git a/libknet/tests/api_knet_handle_crypto_use_config.c b/libknet/tests/api_knet_handle_crypto_use_config.c
index 2f1974dc..d9dd0040 100644
--- a/libknet/tests/api_knet_handle_crypto_use_config.c
+++ b/libknet/tests/api_knet_handle_crypto_use_config.c
@@ -1,248 +1,248 @@
/*
- * Copyright (C) 2016-2019 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2020 Red Hat, Inc. All rights reserved.
*
* Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
*
* This software licensed under GPL-2.0+
*/
#include "config.h"
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include "libknet.h"
#include "internals.h"
#include "crypto_model.h"
#include "test-common.h"
static void test(const char *model, const char *model2)
{
knet_handle_t knet_h;
int logfds[2];
struct knet_handle_crypto_cfg knet_handle_crypto_cfg;
memset(&knet_handle_crypto_cfg, 0, sizeof(struct knet_handle_crypto_cfg));
printf("Test knet_handle_crypto_use_config incorrect knet_h\n");
if ((!knet_handle_crypto_use_config(NULL, 1)) || (errno != EINVAL)) {
printf("knet_handle_crypto_use_config accepted invalid knet_h or returned incorrect error: %s\n", strerror(errno));
exit(FAIL);
}
setup_logpipes(logfds);
knet_h = knet_handle_start(logfds, KNET_LOG_DEBUG);
flush_logs(logfds[0], stdout);
printf("Test knet_handle_crypto_use_config with invalid config num\n");
if ((!knet_handle_crypto_use_config(knet_h, KNET_MAX_CRYPTO_INSTANCES + 1)) || (errno != EINVAL)) {
printf("knet_handle_crypto_use_config accepted invalid config num (%u) or returned incorrect error: %s\n", KNET_MAX_CRYPTO_INSTANCES + 1, strerror(errno));
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
flush_logs(logfds[0], stdout);
printf("Test knet_handle_crypto_use_config with un-initialized cfg\n");
if ((!knet_handle_crypto_use_config(knet_h, 1)) || (errno != EINVAL)) {
printf("knet_handle_crypto_use_config accepted invalid un-initialized cfg (1): %d\n", errno);
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
flush_logs(logfds[0], stdout);
if ((!knet_handle_crypto_use_config(knet_h, 2)) || (errno != EINVAL)) {
printf("knet_handle_crypto_use_config accepted invalid un-initialized cfg (2)\n");
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
flush_logs(logfds[0], stdout);
printf("Test knet_handle_crypto_set_config with %s/aes128/sha1 and normal key\n", model);
memset(&knet_handle_crypto_cfg, 0, sizeof(struct knet_handle_crypto_cfg));
strncpy(knet_handle_crypto_cfg.crypto_model, model, sizeof(knet_handle_crypto_cfg.crypto_model) - 1);
strncpy(knet_handle_crypto_cfg.crypto_cipher_type, "aes128", sizeof(knet_handle_crypto_cfg.crypto_cipher_type) - 1);
strncpy(knet_handle_crypto_cfg.crypto_hash_type, "sha1", sizeof(knet_handle_crypto_cfg.crypto_hash_type) - 1);
knet_handle_crypto_cfg.private_key_len = 2000;
if (knet_handle_crypto_set_config(knet_h, &knet_handle_crypto_cfg, 1)) {
printf("knet_handle_crypto_set_config failed with correct config: %s\n", strerror(errno));
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
flush_logs(logfds[0], stdout);
printf("Test knet_handle_crypto_use_config with un-initialized cfg (part 2)\n");
if ((!knet_handle_crypto_use_config(knet_h, 2)) || (errno != EINVAL)) {
printf("knet_handle_crypto_use_config accepted invalid un-initialized cfg (2)\n");
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
flush_logs(logfds[0], stdout);
if ((knet_handle_crypto_use_config(knet_h, 1)) < 0) {
printf("knet_handle_crypto_use_config did not accept valid config (1)\n");
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
flush_logs(logfds[0], stdout);
printf("Test knet_handle_crypto_set_config for second config with %s/aes128/sha1 and normal key\n", model);
memset(&knet_handle_crypto_cfg, 0, sizeof(struct knet_handle_crypto_cfg));
strncpy(knet_handle_crypto_cfg.crypto_model, model, sizeof(knet_handle_crypto_cfg.crypto_model) - 1);
strncpy(knet_handle_crypto_cfg.crypto_cipher_type, "aes128", sizeof(knet_handle_crypto_cfg.crypto_cipher_type) - 1);
strncpy(knet_handle_crypto_cfg.crypto_hash_type, "sha1", sizeof(knet_handle_crypto_cfg.crypto_hash_type) - 1);
knet_handle_crypto_cfg.private_key_len = 2000;
if (knet_handle_crypto_set_config(knet_h, &knet_handle_crypto_cfg, 2)) {
printf("knet_handle_crypto_set_config failed with correct config: %s\n", strerror(errno));
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
flush_logs(logfds[0], stdout);
printf("Test knet_handle_crypto_use_config with valid data\n");
if ((knet_handle_crypto_use_config(knet_h, 2)) < 0) {
printf("knet_handle_crypto_use_config did not accept valid config (1)\n");
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
flush_logs(logfds[0], stdout);
if (knet_h->crypto_in_use_config != 2) {
printf("knet_handle_crypto_set_config failed to set crypto in-use config to 2\n");
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
printf("Shutdown crypto\n");
printf("Test knet_handle_crypto_use_config with valid data\n");
if ((knet_handle_crypto_use_config(knet_h, 0)) < 0) {
printf("knet_handle_crypto_use_config did not accept valid config (1)\n");
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
flush_logs(logfds[0], stdout);
if (knet_h->crypto_in_use_config != 0) {
printf("knet_handle_crypto_set_config failed to set crypto in-use config to 2\n");
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
memset(&knet_handle_crypto_cfg, 0, sizeof(struct knet_handle_crypto_cfg));
strncpy(knet_handle_crypto_cfg.crypto_model, "none", sizeof(knet_handle_crypto_cfg.crypto_model) - 1);
strncpy(knet_handle_crypto_cfg.crypto_cipher_type, "none", sizeof(knet_handle_crypto_cfg.crypto_cipher_type) - 1);
strncpy(knet_handle_crypto_cfg.crypto_hash_type, "none", sizeof(knet_handle_crypto_cfg.crypto_hash_type) - 1);
knet_handle_crypto_cfg.private_key_len = 2000;
if (knet_handle_crypto_set_config(knet_h, &knet_handle_crypto_cfg, 1) < 0) {
printf("Unable to shutdown crypto: %s\n", strerror(errno));
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
flush_logs(logfds[0], stdout);
if (knet_h->crypto_instance[1]) {
printf("knet_handle_crypto_set_config failed to wipe first config but reported success\n");
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
if (knet_handle_crypto_set_config(knet_h, &knet_handle_crypto_cfg, 2) < 0) {
printf("Unable to shutdown crypto: %s\n", strerror(errno));
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
flush_logs(logfds[0], stdout);
if (knet_h->crypto_instance[2]) {
printf("knet_handle_crypto_set_config failed to wipe first config but reported success\n");
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
knet_handle_free(knet_h);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
}
int main(int argc, char *argv[])
{
struct knet_crypto_info crypto_list[16];
size_t crypto_list_entries;
size_t i;
memset(crypto_list, 0, sizeof(crypto_list));
if (knet_get_crypto_list(crypto_list, &crypto_list_entries) < 0) {
printf("knet_get_crypto_list failed: %s\n", strerror(errno));
return FAIL;
}
if (crypto_list_entries == 0) {
printf("no crypto modules detected. Skipping\n");
return SKIP;
}
for (i=0; i < crypto_list_entries; i++) {
test(crypto_list[i].name, crypto_list[0].name);
}
return PASS;
}
diff --git a/libknet/tests/fun_config_crypto.c b/libknet/tests/fun_config_crypto.c
index 6adb51da..2a4b5df1 100644
--- a/libknet/tests/fun_config_crypto.c
+++ b/libknet/tests/fun_config_crypto.c
@@ -1,281 +1,278 @@
/*
- * Copyright (C) 2016-2019 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2020 Red Hat, Inc. All rights reserved.
*
* Authors: Fabio M. Di Nitto <fabbione@kronosnet.org>
*
* This software licensed under GPL-2.0+
*/
#include "config.h"
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <inttypes.h>
#include "libknet.h"
#include "compress.h"
#include "internals.h"
#include "netutils.h"
#include "test-common.h"
#define TESTNODES 2
static void test(const char *model)
{
knet_handle_t knet_h[TESTNODES + 1];
int logfds[2];
struct knet_handle_crypto_cfg knet_handle_crypto_cfg;
int i,x,j;
- int seconds = 10;
+ int seconds = 5;
if (is_memcheck() || is_helgrind()) {
printf("Test suite is running under valgrind, adjusting wait_for_host timeout\n");
seconds = seconds * 16;
}
setup_logpipes(logfds);
knet_handle_start_nodes(knet_h, TESTNODES, logfds, KNET_LOG_DEBUG);
flush_logs(logfds[0], stdout);
/*
* config1: aes128/sha256 key1 is all 0s (2000 bytes)
*/
memset(&knet_handle_crypto_cfg, 0, sizeof(struct knet_handle_crypto_cfg));
strncpy(knet_handle_crypto_cfg.crypto_model, model, sizeof(knet_handle_crypto_cfg.crypto_model) - 1);
strncpy(knet_handle_crypto_cfg.crypto_cipher_type, "aes128", sizeof(knet_handle_crypto_cfg.crypto_cipher_type) - 1);
strncpy(knet_handle_crypto_cfg.crypto_hash_type, "sha256", sizeof(knet_handle_crypto_cfg.crypto_hash_type) - 1);
memset(knet_handle_crypto_cfg.private_key, 0, KNET_MAX_KEY_LEN);
knet_handle_crypto_cfg.private_key_len = 2000;
for (i = 1; i <= TESTNODES; i++) {
if (knet_handle_crypto_set_config(knet_h[i], &knet_handle_crypto_cfg, 1) < 0) {
printf("knet_handle_crypto_set_config (1) failed with correct config: %s\n", strerror(errno));
knet_handle_stop_nodes(knet_h, TESTNODES);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
if (knet_handle_crypto_use_config(knet_h[i], 1) < 0) {
printf("knet_handle_crypto_use_config (1) failed with correct config: %s\n", strerror(errno));
knet_handle_stop_nodes(knet_h, TESTNODES);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
if (knet_handle_crypto_rx_clear_traffic(knet_h[i], KNET_CRYPTO_RX_DISALLOW_CLEAR_TRAFFIC)) {
printf("knet_handle_crypto_rx_clear_traffic failed: %s\n", strerror(errno));
knet_handle_stop_nodes(knet_h, TESTNODES);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
}
flush_logs(logfds[0], stdout);
knet_handle_join_nodes(knet_h, TESTNODES, 1, AF_INET, KNET_TRANSPORT_UDP);
flush_logs(logfds[0], stdout);
/*
* config2: aes256/sha512 key1 is all 1s (KNET_MAX_KEY_LEN bytes)
*/
memset(&knet_handle_crypto_cfg, 0, sizeof(struct knet_handle_crypto_cfg));
strncpy(knet_handle_crypto_cfg.crypto_model, model, sizeof(knet_handle_crypto_cfg.crypto_model) - 1);
strncpy(knet_handle_crypto_cfg.crypto_cipher_type, "aes256", sizeof(knet_handle_crypto_cfg.crypto_cipher_type) - 1);
strncpy(knet_handle_crypto_cfg.crypto_hash_type, "sha512", sizeof(knet_handle_crypto_cfg.crypto_hash_type) - 1);
memset(knet_handle_crypto_cfg.private_key, 1, KNET_MAX_KEY_LEN);
knet_handle_crypto_cfg.private_key_len = KNET_MAX_KEY_LEN;
for (i = 1; i <= TESTNODES; i++) {
if (knet_handle_crypto_set_config(knet_h[i], &knet_handle_crypto_cfg, 2) < 0) {
printf("knet_handle_crypto_set_config (2) failed with correct config: %s\n", strerror(errno));
knet_handle_stop_nodes(knet_h, TESTNODES);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
}
flush_logs(logfds[0], stdout);
printf("Testing crypto config switch from 1 to 2\n");
for (i = 1; i <= TESTNODES; i++) {
if (knet_handle_crypto_use_config(knet_h[i], 2) < 0) {
printf("knet_handle_crypto_use_config (2) failed with correct config: %s\n", strerror(errno));
knet_handle_stop_nodes(knet_h, TESTNODES);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
for (x = 0; x < seconds; x++){
flush_logs(logfds[0], stdout);
sleep(1);
- x++;
}
for (x = 1; x <= TESTNODES; x++) {
for (j = 1; j <= TESTNODES; j++) {
if (j == x) {
continue;
}
if (knet_h[x]->host_index[j]->status.reachable != 1) {
printf("knet failed to switch config for host %d\n", x);
knet_handle_stop_nodes(knet_h, TESTNODES);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
}
}
}
flush_logs(logfds[0], stdout);
printf("Testing crypto config switch from 2 to 1\n");
for (i = 1; i <= TESTNODES; i++) {
if (knet_handle_crypto_use_config(knet_h[i], 1) < 0) {
printf("knet_handle_crypto_use_config (1) failed with correct config: %s\n", strerror(errno));
knet_handle_stop_nodes(knet_h, TESTNODES);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
for (x = 0; x < seconds; x++){
flush_logs(logfds[0], stdout);
sleep(1);
- x++;
}
for (x = 1; x <= TESTNODES; x++) {
for (j = 1; j <= TESTNODES; j++) {
if (j == x) {
continue;
}
if (knet_h[x]->host_index[j]->status.reachable != 1) {
printf("knet failed to switch config for host %d\n", x);
knet_handle_stop_nodes(knet_h, TESTNODES);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
}
}
}
printf("Testing disable crypto config and allow clear traffic\n");
memset(&knet_handle_crypto_cfg, 0, sizeof(struct knet_handle_crypto_cfg));
strncpy(knet_handle_crypto_cfg.crypto_model, "none", sizeof(knet_handle_crypto_cfg.crypto_model) - 1);
strncpy(knet_handle_crypto_cfg.crypto_cipher_type, "none", sizeof(knet_handle_crypto_cfg.crypto_cipher_type) - 1);
strncpy(knet_handle_crypto_cfg.crypto_hash_type, "none", sizeof(knet_handle_crypto_cfg.crypto_hash_type) - 1);
memset(knet_handle_crypto_cfg.private_key, 0, KNET_MAX_KEY_LEN);
knet_handle_crypto_cfg.private_key_len = KNET_MAX_KEY_LEN;
for (i = 1; i <= TESTNODES; i++) {
/*
* config2 is no longer in use
*/
if (knet_handle_crypto_set_config(knet_h[i], &knet_handle_crypto_cfg, 2) < 0) {
printf("knet_handle_crypto_set_config (2) failed with correct config: %s\n", strerror(errno));
knet_handle_stop_nodes(knet_h, TESTNODES);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
/*
* allow clear traffic on RX on all nodes, before we change config to clear traffic
*/
if (knet_handle_crypto_rx_clear_traffic(knet_h[i], KNET_CRYPTO_RX_ALLOW_CLEAR_TRAFFIC)) {
printf("knet_handle_crypto_rx_clear_traffic failed: %s\n", strerror(errno));
knet_handle_stop_nodes(knet_h, TESTNODES);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
}
for (i = 1; i <= TESTNODES; i++) {
/*
* switch to clear traffic on RX on all nodes
*/
if (knet_handle_crypto_use_config(knet_h[i], 0) < 0) {
printf("knet_handle_crypto_use_config (0) failed with correct config: %s\n", strerror(errno));
knet_handle_stop_nodes(knet_h, TESTNODES);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
}
for (i = 1; i <= TESTNODES; i++) {
/*
* config1 is no longer in use
*/
if (knet_handle_crypto_set_config(knet_h[i], &knet_handle_crypto_cfg, 1) < 0) {
printf("knet_handle_crypto_set_config (2) failed with correct config: %s\n", strerror(errno));
knet_handle_stop_nodes(knet_h, TESTNODES);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
}
for (i = 1; i <= TESTNODES; i++) {
for (x = 0; x < seconds; x++){
flush_logs(logfds[0], stdout);
sleep(1);
- x++;
}
for (x = 1; x <= TESTNODES; x++) {
for (j = 1; j <= TESTNODES; j++) {
if (j == x) {
continue;
}
if (knet_h[x]->host_index[j]->status.reachable != 1) {
printf("knet failed to switch config for host %d\n", x);
knet_handle_stop_nodes(knet_h, TESTNODES);
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
exit(FAIL);
}
}
}
}
flush_logs(logfds[0], stdout);
close_logpipes(logfds);
knet_handle_stop_nodes(knet_h, TESTNODES);
}
int main(int argc, char *argv[])
{
struct knet_crypto_info crypto_list[16];
size_t crypto_list_entries;
size_t i;
memset(crypto_list, 0, sizeof(crypto_list));
if (knet_get_crypto_list(crypto_list, &crypto_list_entries) < 0) {
printf("knet_get_crypto_list failed: %s\n", strerror(errno));
return FAIL;
}
if (crypto_list_entries == 0) {
printf("no crypto modules detected. Skipping\n");
return SKIP;
}
for (i=0; i < crypto_list_entries; i++) {
test(crypto_list[i].name);
}
return PASS;
}