diff --git a/libknet/tests/api_knet_handle_crypto_rx_clear_traffic.c b/libknet/tests/api_knet_handle_crypto_rx_clear_traffic.c index d62bd776..cbd87e22 100644 --- a/libknet/tests/api_knet_handle_crypto_rx_clear_traffic.c +++ b/libknet/tests/api_knet_handle_crypto_rx_clear_traffic.c @@ -1,103 +1,103 @@ /* - * Copyright (C) 2016-2019 Red Hat, Inc. All rights reserved. + * Copyright (C) 2020 Red Hat, Inc. All rights reserved. * * Authors: Fabio M. Di Nitto * * This software licensed under GPL-2.0+ */ #include "config.h" #include #include #include #include #include #include "libknet.h" #include "internals.h" #include "crypto_model.h" #include "test-common.h" static void test() { knet_handle_t knet_h; int logfds[2]; printf("Test knet_handle_crypto_rx_clear_traffic incorrect knet_h\n"); if ((!knet_handle_crypto_rx_clear_traffic(NULL, 1)) || (errno != EINVAL)) { printf("knet_handle_crypto_rx_clear_traffic accepted invalid knet_h or returned incorrect error: %s\n", strerror(errno)); exit(FAIL); } setup_logpipes(logfds); knet_h = knet_handle_start(logfds, KNET_LOG_DEBUG); flush_logs(logfds[0], stdout); printf("Test knet_handle_crypto_rx_clear_traffic with invalid value\n"); if ((!knet_handle_crypto_rx_clear_traffic(knet_h, 2)) || (errno != EINVAL)) { printf("knet_handle_crypto_rx_clear_traffic accepted invalid value (%u) or returned incorrect error: %s\n", 2, strerror(errno)); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } flush_logs(logfds[0], stdout); printf("Test knet_handle_crypto_rx_clear_traffic with valid value KNET_CRYPTO_RX_ALLOW_CLEAR_TRAFFIC\n"); if ((knet_handle_crypto_rx_clear_traffic(knet_h, KNET_CRYPTO_RX_ALLOW_CLEAR_TRAFFIC)) < 0) { printf("knet_handle_crypto_rx_clear_traffic did not accept valid value\n"); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } if (knet_h->crypto_only != KNET_CRYPTO_RX_ALLOW_CLEAR_TRAFFIC) { printf("knet_handle_crypto_rx_clear_traffic failed to set correct value\n"); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } flush_logs(logfds[0], stdout); printf("Test knet_handle_crypto_rx_clear_traffic with valid value KNET_CRYPTO_RX_DISALLOW_CLEAR_TRAFFIC\n"); if ((knet_handle_crypto_rx_clear_traffic(knet_h, KNET_CRYPTO_RX_DISALLOW_CLEAR_TRAFFIC)) < 0) { printf("knet_handle_crypto_rx_clear_traffic did not accept valid value\n"); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } if (knet_h->crypto_only != KNET_CRYPTO_RX_DISALLOW_CLEAR_TRAFFIC) { printf("knet_handle_crypto_rx_clear_traffic failed to set correct value\n"); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } flush_logs(logfds[0], stdout); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); } int main(int argc, char *argv[]) { test(); return PASS; } diff --git a/libknet/tests/api_knet_handle_crypto_set_config.c b/libknet/tests/api_knet_handle_crypto_set_config.c index 520249f4..b4e398ba 100644 --- a/libknet/tests/api_knet_handle_crypto_set_config.c +++ b/libknet/tests/api_knet_handle_crypto_set_config.c @@ -1,432 +1,432 @@ /* - * Copyright (C) 2016-2019 Red Hat, Inc. All rights reserved. + * Copyright (C) 2016-2020 Red Hat, Inc. All rights reserved. * * Authors: Fabio M. Di Nitto * * This software licensed under GPL-2.0+ */ #include "config.h" #include #include #include #include #include #include "libknet.h" #include "internals.h" #include "crypto_model.h" #include "test-common.h" static void test(const char *model, const char *model2) { knet_handle_t knet_h; int logfds[2]; struct knet_handle_crypto_cfg knet_handle_crypto_cfg; struct crypto_instance *current = NULL; memset(&knet_handle_crypto_cfg, 0, sizeof(struct knet_handle_crypto_cfg)); printf("Test knet_handle_crypto_set_config incorrect knet_h\n"); if ((!knet_handle_crypto_set_config(NULL, &knet_handle_crypto_cfg, 1)) || (errno != EINVAL)) { printf("knet_handle_crypto_set_config accepted invalid knet_h or returned incorrect error: %s\n", strerror(errno)); exit(FAIL); } setup_logpipes(logfds); knet_h = knet_handle_start(logfds, KNET_LOG_DEBUG); flush_logs(logfds[0], stdout); printf("Test knet_handle_crypto_set_config with invalid cfg\n"); if ((!knet_handle_crypto_set_config(knet_h, NULL, 1)) || (errno != EINVAL)) { printf("knet_handle_crypto_set_config accepted invalid cfg or returned incorrect error: %s\n", strerror(errno)); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } flush_logs(logfds[0], stdout); printf("Test knet_handle_crypto_set_config with invalid config num\n"); if ((!knet_handle_crypto_set_config(knet_h, NULL, KNET_MAX_CRYPTO_INSTANCES + 1)) || (errno != EINVAL)) { printf("knet_handle_crypto_set_config accepted invalid config num (%u) or returned incorrect error: %s\n", KNET_MAX_CRYPTO_INSTANCES + 1, strerror(errno)); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } flush_logs(logfds[0], stdout); printf("Test knet_handle_crypto_set_config with un-initialized cfg\n"); if ((!knet_handle_crypto_set_config(knet_h, &knet_handle_crypto_cfg, 1)) || (errno != EINVAL)) { printf("knet_handle_crypto_set_config accepted invalid un-initialized cfg\n"); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } flush_logs(logfds[0], stdout); printf("Test knet_handle_crypto_set_config with none crypto model (disable crypto)\n"); memset(&knet_handle_crypto_cfg, 0, sizeof(struct knet_handle_crypto_cfg)); strncpy(knet_handle_crypto_cfg.crypto_model, "none", sizeof(knet_handle_crypto_cfg.crypto_model) - 1); strncpy(knet_handle_crypto_cfg.crypto_cipher_type, "aes128", sizeof(knet_handle_crypto_cfg.crypto_cipher_type) - 1); strncpy(knet_handle_crypto_cfg.crypto_hash_type, "sha1", sizeof(knet_handle_crypto_cfg.crypto_hash_type) - 1); if (knet_handle_crypto_set_config(knet_h, &knet_handle_crypto_cfg, 1) != 0) { printf("knet_handle_crypto_set_config did not accept none crypto mode cfg\n"); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } flush_logs(logfds[0], stdout); printf("Test knet_handle_crypto_set_config with none crypto cipher and hash (disable crypto)\n"); memset(&knet_handle_crypto_cfg, 0, sizeof(struct knet_handle_crypto_cfg)); strncpy(knet_handle_crypto_cfg.crypto_model, model, sizeof(knet_handle_crypto_cfg.crypto_model) - 1); strncpy(knet_handle_crypto_cfg.crypto_cipher_type, "none", sizeof(knet_handle_crypto_cfg.crypto_cipher_type) - 1); strncpy(knet_handle_crypto_cfg.crypto_hash_type, "none", sizeof(knet_handle_crypto_cfg.crypto_hash_type) - 1); if (knet_handle_crypto_set_config(knet_h, &knet_handle_crypto_cfg, 1) != 0) { printf("knet_handle_crypto_set_config did not accept none crypto cipher and hash cfg\n"); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } flush_logs(logfds[0], stdout); printf("Test knet_handle_crypto_set_config with %s/aes128/sha1 and too short key\n", model); memset(&knet_handle_crypto_cfg, 0, sizeof(struct knet_handle_crypto_cfg)); strncpy(knet_handle_crypto_cfg.crypto_model, model, sizeof(knet_handle_crypto_cfg.crypto_model) - 1); strncpy(knet_handle_crypto_cfg.crypto_cipher_type, "aes128", sizeof(knet_handle_crypto_cfg.crypto_cipher_type) - 1); strncpy(knet_handle_crypto_cfg.crypto_hash_type, "sha1", sizeof(knet_handle_crypto_cfg.crypto_hash_type) - 1); knet_handle_crypto_cfg.private_key_len = 10; if ((!knet_handle_crypto_set_config(knet_h, &knet_handle_crypto_cfg, 1)) || (errno != EINVAL)) { printf("knet_handle_crypto_set_config accepted too short private key\n"); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } flush_logs(logfds[0], stdout); printf("Test knet_handle_crypto_set_config with %s/aes128/sha1 and too long key\n", model); memset(&knet_handle_crypto_cfg, 0, sizeof(struct knet_handle_crypto_cfg)); strncpy(knet_handle_crypto_cfg.crypto_model, model, sizeof(knet_handle_crypto_cfg.crypto_model) - 1); strncpy(knet_handle_crypto_cfg.crypto_cipher_type, "aes128", sizeof(knet_handle_crypto_cfg.crypto_cipher_type) - 1); strncpy(knet_handle_crypto_cfg.crypto_hash_type, "sha1", sizeof(knet_handle_crypto_cfg.crypto_hash_type) - 1); knet_handle_crypto_cfg.private_key_len = 10000; if ((!knet_handle_crypto_set_config(knet_h, &knet_handle_crypto_cfg, 1)) || (errno != EINVAL)) { printf("knet_handle_crypto_set_config accepted too long private key\n"); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } flush_logs(logfds[0], stdout); printf("Test knet_handle_crypto_set_config with %s/aes128/sha1 and normal key\n", model); memset(&knet_handle_crypto_cfg, 0, sizeof(struct knet_handle_crypto_cfg)); strncpy(knet_handle_crypto_cfg.crypto_model, model, sizeof(knet_handle_crypto_cfg.crypto_model) - 1); strncpy(knet_handle_crypto_cfg.crypto_cipher_type, "aes128", sizeof(knet_handle_crypto_cfg.crypto_cipher_type) - 1); strncpy(knet_handle_crypto_cfg.crypto_hash_type, "sha1", sizeof(knet_handle_crypto_cfg.crypto_hash_type) - 1); knet_handle_crypto_cfg.private_key_len = 2000; if (knet_handle_crypto_set_config(knet_h, &knet_handle_crypto_cfg, 1)) { printf("knet_handle_crypto_set_config failed with correct config: %s\n", strerror(errno)); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } flush_logs(logfds[0], stdout); printf("Test knet_handle_crypto_set_config reconfig with %s/aes128/sha1 and normal key\n", model2); current = knet_h->crypto_instance[1]; memset(&knet_handle_crypto_cfg, 0, sizeof(struct knet_handle_crypto_cfg)); strncpy(knet_handle_crypto_cfg.crypto_model, model, sizeof(knet_handle_crypto_cfg.crypto_model) - 1); strncpy(knet_handle_crypto_cfg.crypto_cipher_type, "aes128", sizeof(knet_handle_crypto_cfg.crypto_cipher_type) - 1); strncpy(knet_handle_crypto_cfg.crypto_hash_type, "sha1", sizeof(knet_handle_crypto_cfg.crypto_hash_type) - 1); knet_handle_crypto_cfg.private_key_len = 2000; if (knet_handle_crypto_set_config(knet_h, &knet_handle_crypto_cfg, 1)) { printf("knet_handle_crypto_set_config failed with correct config: %s\n", strerror(errno)); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } flush_logs(logfds[0], stdout); if (current == knet_h->crypto_instance[1]) { printf("knet_handle_crypto_set_config failed to install new correct config: %s\n", strerror(errno)); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } flush_logs(logfds[0], stdout); printf("Test knet_handle_crypto_set_config reconfig with %s/aes128/sha1 and normal key\n", model); current = knet_h->crypto_instance[1]; memset(&knet_handle_crypto_cfg, 0, sizeof(struct knet_handle_crypto_cfg)); strncpy(knet_handle_crypto_cfg.crypto_model, model, sizeof(knet_handle_crypto_cfg.crypto_model) - 1); strncpy(knet_handle_crypto_cfg.crypto_cipher_type, "aes128", sizeof(knet_handle_crypto_cfg.crypto_cipher_type) - 1); strncpy(knet_handle_crypto_cfg.crypto_hash_type, "sha1", sizeof(knet_handle_crypto_cfg.crypto_hash_type) - 1); knet_handle_crypto_cfg.private_key_len = 2000; if (knet_handle_crypto_set_config(knet_h, &knet_handle_crypto_cfg, 1)) { printf("knet_handle_crypto_set_config failed with correct config: %s\n", strerror(errno)); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } flush_logs(logfds[0], stdout); if (current == knet_h->crypto_instance[1]) { printf("knet_handle_crypto_set_config failed to install new correct config: %s\n", strerror(errno)); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } flush_logs(logfds[0], stdout); printf("Test knet_handle_crypto_set_config reconfig with %s/aes129/sha1 and normal key\n", model); current = knet_h->crypto_instance[1]; memset(&knet_handle_crypto_cfg, 0, sizeof(struct knet_handle_crypto_cfg)); strncpy(knet_handle_crypto_cfg.crypto_model, model, sizeof(knet_handle_crypto_cfg.crypto_model) - 1); strncpy(knet_handle_crypto_cfg.crypto_cipher_type, "aes129", sizeof(knet_handle_crypto_cfg.crypto_cipher_type) - 1); strncpy(knet_handle_crypto_cfg.crypto_hash_type, "sha1", sizeof(knet_handle_crypto_cfg.crypto_hash_type) - 1); knet_handle_crypto_cfg.private_key_len = 2000; if (!knet_handle_crypto_set_config(knet_h, &knet_handle_crypto_cfg, 1)) { printf("knet_handle_crypto_set_config failed to detect incorrect config: %s\n", strerror(errno)); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } flush_logs(logfds[0], stdout); if (current != knet_h->crypto_instance[1]) { printf("knet_handle_crypto_set_config failed to restore correct config: %s\n", strerror(errno)); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } flush_logs(logfds[0], stdout); printf("Test knet_handle_crypto_set_config with %s/aes128/none and normal key\n", model); memset(&knet_handle_crypto_cfg, 0, sizeof(struct knet_handle_crypto_cfg)); strncpy(knet_handle_crypto_cfg.crypto_model, model, sizeof(knet_handle_crypto_cfg.crypto_model) - 1); strncpy(knet_handle_crypto_cfg.crypto_cipher_type, "aes128", sizeof(knet_handle_crypto_cfg.crypto_cipher_type) - 1); strncpy(knet_handle_crypto_cfg.crypto_hash_type, "none", sizeof(knet_handle_crypto_cfg.crypto_hash_type) - 1); knet_handle_crypto_cfg.private_key_len = 2000; if (!knet_handle_crypto_set_config(knet_h, &knet_handle_crypto_cfg, 1)) { printf("knet_handle_crypto_set_config accepted crypto without hashing\n"); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } flush_logs(logfds[0], stdout); printf("Test knet_handle_crypto_set_config with %s/aes128/sha1 and key where (key_len %% wrap_key_block_size != 0)\n", model); memset(&knet_handle_crypto_cfg, 0, sizeof(struct knet_handle_crypto_cfg)); strncpy(knet_handle_crypto_cfg.crypto_model, model, sizeof(knet_handle_crypto_cfg.crypto_model) - 1); strncpy(knet_handle_crypto_cfg.crypto_cipher_type, "aes128", sizeof(knet_handle_crypto_cfg.crypto_cipher_type) - 1); strncpy(knet_handle_crypto_cfg.crypto_hash_type, "sha1", sizeof(knet_handle_crypto_cfg.crypto_hash_type) - 1); /* * Prime number so chance that (private_key_len % wrap_key_block_size == 0) is minimalized */ knet_handle_crypto_cfg.private_key_len = 2003; if (knet_handle_crypto_set_config(knet_h, &knet_handle_crypto_cfg, 1) < 0) { printf("knet_handle_crypto_set_config doesn't accept private_ley with len 2003: %s\n", strerror(errno)); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } flush_logs(logfds[0], stdout); printf("Test knet_handle_crypto_set_config second with %s/aes128/sha1 and normal key\n", model); memset(&knet_handle_crypto_cfg, 0, sizeof(struct knet_handle_crypto_cfg)); strncpy(knet_handle_crypto_cfg.crypto_model, model, sizeof(knet_handle_crypto_cfg.crypto_model) - 1); strncpy(knet_handle_crypto_cfg.crypto_cipher_type, "aes128", sizeof(knet_handle_crypto_cfg.crypto_cipher_type) - 1); strncpy(knet_handle_crypto_cfg.crypto_hash_type, "sha1", sizeof(knet_handle_crypto_cfg.crypto_hash_type) - 1); knet_handle_crypto_cfg.private_key_len = 2000; if (knet_handle_crypto_set_config(knet_h, &knet_handle_crypto_cfg, 2) < 0) { printf("knet_handle_crypto_set_config failed to install second config: %s\n", strerror(errno)); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } flush_logs(logfds[0], stdout); if (!knet_h->crypto_instance[2]) { printf("knet_handle_crypto_set_config failed to install second config but reported success\n"); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } if (knet_h->crypto_instance[1] == knet_h->crypto_instance[2]) { printf("knet_handle_crypto_set_config failed to install second config and assigned to first\n"); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } printf("Test knet_handle_crypto_set_config second config BUSY test\n"); if (knet_handle_crypto_use_config(knet_h, 2) < 0) { printf("knet_handle_crypto_use_config failed to enable second config: %s\n", strerror(errno)); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } if (!knet_handle_crypto_set_config(knet_h, &knet_handle_crypto_cfg, 2) && (errno != EBUSY)) { printf("knet_handle_crypto_set_config failed to detect second config in use: %s\n", strerror(errno)); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } if (knet_handle_crypto_use_config(knet_h, 0) < 0) { printf("knet_handle_crypto_use_config failed to enable second config: %s\n", strerror(errno)); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } flush_logs(logfds[0], stdout); printf("Shutdown crypto\n"); memset(&knet_handle_crypto_cfg, 0, sizeof(struct knet_handle_crypto_cfg)); strncpy(knet_handle_crypto_cfg.crypto_model, "none", sizeof(knet_handle_crypto_cfg.crypto_model) - 1); strncpy(knet_handle_crypto_cfg.crypto_cipher_type, "none", sizeof(knet_handle_crypto_cfg.crypto_cipher_type) - 1); strncpy(knet_handle_crypto_cfg.crypto_hash_type, "none", sizeof(knet_handle_crypto_cfg.crypto_hash_type) - 1); knet_handle_crypto_cfg.private_key_len = 2000; if (knet_handle_crypto_set_config(knet_h, &knet_handle_crypto_cfg, 1) < 0) { printf("Unable to shutdown crypto: %s\n", strerror(errno)); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } flush_logs(logfds[0], stdout); if (knet_h->crypto_instance[1]) { printf("knet_handle_crypto_set_config failed to wipe first config but reported success\n"); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } if (knet_handle_crypto_set_config(knet_h, &knet_handle_crypto_cfg, 2) < 0) { printf("Unable to shutdown crypto: %s\n", strerror(errno)); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } flush_logs(logfds[0], stdout); if (knet_h->crypto_instance[2]) { printf("knet_handle_crypto_set_config failed to wipe first config but reported success\n"); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); } int main(int argc, char *argv[]) { struct knet_crypto_info crypto_list[16]; size_t crypto_list_entries; size_t i; memset(crypto_list, 0, sizeof(crypto_list)); if (knet_get_crypto_list(crypto_list, &crypto_list_entries) < 0) { printf("knet_get_crypto_list failed: %s\n", strerror(errno)); return FAIL; } if (crypto_list_entries == 0) { printf("no crypto modules detected. Skipping\n"); return SKIP; } for (i=0; i < crypto_list_entries; i++) { test(crypto_list[i].name, crypto_list[0].name); } return PASS; } diff --git a/libknet/tests/api_knet_handle_crypto_use_config.c b/libknet/tests/api_knet_handle_crypto_use_config.c index 2f1974dc..d9dd0040 100644 --- a/libknet/tests/api_knet_handle_crypto_use_config.c +++ b/libknet/tests/api_knet_handle_crypto_use_config.c @@ -1,248 +1,248 @@ /* - * Copyright (C) 2016-2019 Red Hat, Inc. All rights reserved. + * Copyright (C) 2020 Red Hat, Inc. All rights reserved. * * Authors: Fabio M. Di Nitto * * This software licensed under GPL-2.0+ */ #include "config.h" #include #include #include #include #include #include "libknet.h" #include "internals.h" #include "crypto_model.h" #include "test-common.h" static void test(const char *model, const char *model2) { knet_handle_t knet_h; int logfds[2]; struct knet_handle_crypto_cfg knet_handle_crypto_cfg; memset(&knet_handle_crypto_cfg, 0, sizeof(struct knet_handle_crypto_cfg)); printf("Test knet_handle_crypto_use_config incorrect knet_h\n"); if ((!knet_handle_crypto_use_config(NULL, 1)) || (errno != EINVAL)) { printf("knet_handle_crypto_use_config accepted invalid knet_h or returned incorrect error: %s\n", strerror(errno)); exit(FAIL); } setup_logpipes(logfds); knet_h = knet_handle_start(logfds, KNET_LOG_DEBUG); flush_logs(logfds[0], stdout); printf("Test knet_handle_crypto_use_config with invalid config num\n"); if ((!knet_handle_crypto_use_config(knet_h, KNET_MAX_CRYPTO_INSTANCES + 1)) || (errno != EINVAL)) { printf("knet_handle_crypto_use_config accepted invalid config num (%u) or returned incorrect error: %s\n", KNET_MAX_CRYPTO_INSTANCES + 1, strerror(errno)); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } flush_logs(logfds[0], stdout); printf("Test knet_handle_crypto_use_config with un-initialized cfg\n"); if ((!knet_handle_crypto_use_config(knet_h, 1)) || (errno != EINVAL)) { printf("knet_handle_crypto_use_config accepted invalid un-initialized cfg (1): %d\n", errno); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } flush_logs(logfds[0], stdout); if ((!knet_handle_crypto_use_config(knet_h, 2)) || (errno != EINVAL)) { printf("knet_handle_crypto_use_config accepted invalid un-initialized cfg (2)\n"); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } flush_logs(logfds[0], stdout); printf("Test knet_handle_crypto_set_config with %s/aes128/sha1 and normal key\n", model); memset(&knet_handle_crypto_cfg, 0, sizeof(struct knet_handle_crypto_cfg)); strncpy(knet_handle_crypto_cfg.crypto_model, model, sizeof(knet_handle_crypto_cfg.crypto_model) - 1); strncpy(knet_handle_crypto_cfg.crypto_cipher_type, "aes128", sizeof(knet_handle_crypto_cfg.crypto_cipher_type) - 1); strncpy(knet_handle_crypto_cfg.crypto_hash_type, "sha1", sizeof(knet_handle_crypto_cfg.crypto_hash_type) - 1); knet_handle_crypto_cfg.private_key_len = 2000; if (knet_handle_crypto_set_config(knet_h, &knet_handle_crypto_cfg, 1)) { printf("knet_handle_crypto_set_config failed with correct config: %s\n", strerror(errno)); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } flush_logs(logfds[0], stdout); printf("Test knet_handle_crypto_use_config with un-initialized cfg (part 2)\n"); if ((!knet_handle_crypto_use_config(knet_h, 2)) || (errno != EINVAL)) { printf("knet_handle_crypto_use_config accepted invalid un-initialized cfg (2)\n"); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } flush_logs(logfds[0], stdout); if ((knet_handle_crypto_use_config(knet_h, 1)) < 0) { printf("knet_handle_crypto_use_config did not accept valid config (1)\n"); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } flush_logs(logfds[0], stdout); printf("Test knet_handle_crypto_set_config for second config with %s/aes128/sha1 and normal key\n", model); memset(&knet_handle_crypto_cfg, 0, sizeof(struct knet_handle_crypto_cfg)); strncpy(knet_handle_crypto_cfg.crypto_model, model, sizeof(knet_handle_crypto_cfg.crypto_model) - 1); strncpy(knet_handle_crypto_cfg.crypto_cipher_type, "aes128", sizeof(knet_handle_crypto_cfg.crypto_cipher_type) - 1); strncpy(knet_handle_crypto_cfg.crypto_hash_type, "sha1", sizeof(knet_handle_crypto_cfg.crypto_hash_type) - 1); knet_handle_crypto_cfg.private_key_len = 2000; if (knet_handle_crypto_set_config(knet_h, &knet_handle_crypto_cfg, 2)) { printf("knet_handle_crypto_set_config failed with correct config: %s\n", strerror(errno)); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } flush_logs(logfds[0], stdout); printf("Test knet_handle_crypto_use_config with valid data\n"); if ((knet_handle_crypto_use_config(knet_h, 2)) < 0) { printf("knet_handle_crypto_use_config did not accept valid config (1)\n"); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } flush_logs(logfds[0], stdout); if (knet_h->crypto_in_use_config != 2) { printf("knet_handle_crypto_set_config failed to set crypto in-use config to 2\n"); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } printf("Shutdown crypto\n"); printf("Test knet_handle_crypto_use_config with valid data\n"); if ((knet_handle_crypto_use_config(knet_h, 0)) < 0) { printf("knet_handle_crypto_use_config did not accept valid config (1)\n"); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } flush_logs(logfds[0], stdout); if (knet_h->crypto_in_use_config != 0) { printf("knet_handle_crypto_set_config failed to set crypto in-use config to 2\n"); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } memset(&knet_handle_crypto_cfg, 0, sizeof(struct knet_handle_crypto_cfg)); strncpy(knet_handle_crypto_cfg.crypto_model, "none", sizeof(knet_handle_crypto_cfg.crypto_model) - 1); strncpy(knet_handle_crypto_cfg.crypto_cipher_type, "none", sizeof(knet_handle_crypto_cfg.crypto_cipher_type) - 1); strncpy(knet_handle_crypto_cfg.crypto_hash_type, "none", sizeof(knet_handle_crypto_cfg.crypto_hash_type) - 1); knet_handle_crypto_cfg.private_key_len = 2000; if (knet_handle_crypto_set_config(knet_h, &knet_handle_crypto_cfg, 1) < 0) { printf("Unable to shutdown crypto: %s\n", strerror(errno)); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } flush_logs(logfds[0], stdout); if (knet_h->crypto_instance[1]) { printf("knet_handle_crypto_set_config failed to wipe first config but reported success\n"); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } if (knet_handle_crypto_set_config(knet_h, &knet_handle_crypto_cfg, 2) < 0) { printf("Unable to shutdown crypto: %s\n", strerror(errno)); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } flush_logs(logfds[0], stdout); if (knet_h->crypto_instance[2]) { printf("knet_handle_crypto_set_config failed to wipe first config but reported success\n"); knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } knet_handle_free(knet_h); flush_logs(logfds[0], stdout); close_logpipes(logfds); } int main(int argc, char *argv[]) { struct knet_crypto_info crypto_list[16]; size_t crypto_list_entries; size_t i; memset(crypto_list, 0, sizeof(crypto_list)); if (knet_get_crypto_list(crypto_list, &crypto_list_entries) < 0) { printf("knet_get_crypto_list failed: %s\n", strerror(errno)); return FAIL; } if (crypto_list_entries == 0) { printf("no crypto modules detected. Skipping\n"); return SKIP; } for (i=0; i < crypto_list_entries; i++) { test(crypto_list[i].name, crypto_list[0].name); } return PASS; } diff --git a/libknet/tests/fun_config_crypto.c b/libknet/tests/fun_config_crypto.c index 90bee038..2a4b5df1 100644 --- a/libknet/tests/fun_config_crypto.c +++ b/libknet/tests/fun_config_crypto.c @@ -1,278 +1,278 @@ /* - * Copyright (C) 2016-2019 Red Hat, Inc. All rights reserved. + * Copyright (C) 2020 Red Hat, Inc. All rights reserved. * * Authors: Fabio M. Di Nitto * * This software licensed under GPL-2.0+ */ #include "config.h" #include #include #include #include #include #include #include "libknet.h" #include "compress.h" #include "internals.h" #include "netutils.h" #include "test-common.h" #define TESTNODES 2 static void test(const char *model) { knet_handle_t knet_h[TESTNODES + 1]; int logfds[2]; struct knet_handle_crypto_cfg knet_handle_crypto_cfg; int i,x,j; int seconds = 5; if (is_memcheck() || is_helgrind()) { printf("Test suite is running under valgrind, adjusting wait_for_host timeout\n"); seconds = seconds * 16; } setup_logpipes(logfds); knet_handle_start_nodes(knet_h, TESTNODES, logfds, KNET_LOG_DEBUG); flush_logs(logfds[0], stdout); /* * config1: aes128/sha256 key1 is all 0s (2000 bytes) */ memset(&knet_handle_crypto_cfg, 0, sizeof(struct knet_handle_crypto_cfg)); strncpy(knet_handle_crypto_cfg.crypto_model, model, sizeof(knet_handle_crypto_cfg.crypto_model) - 1); strncpy(knet_handle_crypto_cfg.crypto_cipher_type, "aes128", sizeof(knet_handle_crypto_cfg.crypto_cipher_type) - 1); strncpy(knet_handle_crypto_cfg.crypto_hash_type, "sha256", sizeof(knet_handle_crypto_cfg.crypto_hash_type) - 1); memset(knet_handle_crypto_cfg.private_key, 0, KNET_MAX_KEY_LEN); knet_handle_crypto_cfg.private_key_len = 2000; for (i = 1; i <= TESTNODES; i++) { if (knet_handle_crypto_set_config(knet_h[i], &knet_handle_crypto_cfg, 1) < 0) { printf("knet_handle_crypto_set_config (1) failed with correct config: %s\n", strerror(errno)); knet_handle_stop_nodes(knet_h, TESTNODES); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } if (knet_handle_crypto_use_config(knet_h[i], 1) < 0) { printf("knet_handle_crypto_use_config (1) failed with correct config: %s\n", strerror(errno)); knet_handle_stop_nodes(knet_h, TESTNODES); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } if (knet_handle_crypto_rx_clear_traffic(knet_h[i], KNET_CRYPTO_RX_DISALLOW_CLEAR_TRAFFIC)) { printf("knet_handle_crypto_rx_clear_traffic failed: %s\n", strerror(errno)); knet_handle_stop_nodes(knet_h, TESTNODES); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } } flush_logs(logfds[0], stdout); knet_handle_join_nodes(knet_h, TESTNODES, 1, AF_INET, KNET_TRANSPORT_UDP); flush_logs(logfds[0], stdout); /* * config2: aes256/sha512 key1 is all 1s (KNET_MAX_KEY_LEN bytes) */ memset(&knet_handle_crypto_cfg, 0, sizeof(struct knet_handle_crypto_cfg)); strncpy(knet_handle_crypto_cfg.crypto_model, model, sizeof(knet_handle_crypto_cfg.crypto_model) - 1); strncpy(knet_handle_crypto_cfg.crypto_cipher_type, "aes256", sizeof(knet_handle_crypto_cfg.crypto_cipher_type) - 1); strncpy(knet_handle_crypto_cfg.crypto_hash_type, "sha512", sizeof(knet_handle_crypto_cfg.crypto_hash_type) - 1); memset(knet_handle_crypto_cfg.private_key, 1, KNET_MAX_KEY_LEN); knet_handle_crypto_cfg.private_key_len = KNET_MAX_KEY_LEN; for (i = 1; i <= TESTNODES; i++) { if (knet_handle_crypto_set_config(knet_h[i], &knet_handle_crypto_cfg, 2) < 0) { printf("knet_handle_crypto_set_config (2) failed with correct config: %s\n", strerror(errno)); knet_handle_stop_nodes(knet_h, TESTNODES); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } } flush_logs(logfds[0], stdout); printf("Testing crypto config switch from 1 to 2\n"); for (i = 1; i <= TESTNODES; i++) { if (knet_handle_crypto_use_config(knet_h[i], 2) < 0) { printf("knet_handle_crypto_use_config (2) failed with correct config: %s\n", strerror(errno)); knet_handle_stop_nodes(knet_h, TESTNODES); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } for (x = 0; x < seconds; x++){ flush_logs(logfds[0], stdout); sleep(1); } for (x = 1; x <= TESTNODES; x++) { for (j = 1; j <= TESTNODES; j++) { if (j == x) { continue; } if (knet_h[x]->host_index[j]->status.reachable != 1) { printf("knet failed to switch config for host %d\n", x); knet_handle_stop_nodes(knet_h, TESTNODES); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } } } } flush_logs(logfds[0], stdout); printf("Testing crypto config switch from 2 to 1\n"); for (i = 1; i <= TESTNODES; i++) { if (knet_handle_crypto_use_config(knet_h[i], 1) < 0) { printf("knet_handle_crypto_use_config (1) failed with correct config: %s\n", strerror(errno)); knet_handle_stop_nodes(knet_h, TESTNODES); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } for (x = 0; x < seconds; x++){ flush_logs(logfds[0], stdout); sleep(1); } for (x = 1; x <= TESTNODES; x++) { for (j = 1; j <= TESTNODES; j++) { if (j == x) { continue; } if (knet_h[x]->host_index[j]->status.reachable != 1) { printf("knet failed to switch config for host %d\n", x); knet_handle_stop_nodes(knet_h, TESTNODES); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } } } } printf("Testing disable crypto config and allow clear traffic\n"); memset(&knet_handle_crypto_cfg, 0, sizeof(struct knet_handle_crypto_cfg)); strncpy(knet_handle_crypto_cfg.crypto_model, "none", sizeof(knet_handle_crypto_cfg.crypto_model) - 1); strncpy(knet_handle_crypto_cfg.crypto_cipher_type, "none", sizeof(knet_handle_crypto_cfg.crypto_cipher_type) - 1); strncpy(knet_handle_crypto_cfg.crypto_hash_type, "none", sizeof(knet_handle_crypto_cfg.crypto_hash_type) - 1); memset(knet_handle_crypto_cfg.private_key, 0, KNET_MAX_KEY_LEN); knet_handle_crypto_cfg.private_key_len = KNET_MAX_KEY_LEN; for (i = 1; i <= TESTNODES; i++) { /* * config2 is no longer in use */ if (knet_handle_crypto_set_config(knet_h[i], &knet_handle_crypto_cfg, 2) < 0) { printf("knet_handle_crypto_set_config (2) failed with correct config: %s\n", strerror(errno)); knet_handle_stop_nodes(knet_h, TESTNODES); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } /* * allow clear traffic on RX on all nodes, before we change config to clear traffic */ if (knet_handle_crypto_rx_clear_traffic(knet_h[i], KNET_CRYPTO_RX_ALLOW_CLEAR_TRAFFIC)) { printf("knet_handle_crypto_rx_clear_traffic failed: %s\n", strerror(errno)); knet_handle_stop_nodes(knet_h, TESTNODES); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } } for (i = 1; i <= TESTNODES; i++) { /* * switch to clear traffic on RX on all nodes */ if (knet_handle_crypto_use_config(knet_h[i], 0) < 0) { printf("knet_handle_crypto_use_config (0) failed with correct config: %s\n", strerror(errno)); knet_handle_stop_nodes(knet_h, TESTNODES); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } } for (i = 1; i <= TESTNODES; i++) { /* * config1 is no longer in use */ if (knet_handle_crypto_set_config(knet_h[i], &knet_handle_crypto_cfg, 1) < 0) { printf("knet_handle_crypto_set_config (2) failed with correct config: %s\n", strerror(errno)); knet_handle_stop_nodes(knet_h, TESTNODES); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } } for (i = 1; i <= TESTNODES; i++) { for (x = 0; x < seconds; x++){ flush_logs(logfds[0], stdout); sleep(1); } for (x = 1; x <= TESTNODES; x++) { for (j = 1; j <= TESTNODES; j++) { if (j == x) { continue; } if (knet_h[x]->host_index[j]->status.reachable != 1) { printf("knet failed to switch config for host %d\n", x); knet_handle_stop_nodes(knet_h, TESTNODES); flush_logs(logfds[0], stdout); close_logpipes(logfds); exit(FAIL); } } } } flush_logs(logfds[0], stdout); close_logpipes(logfds); knet_handle_stop_nodes(knet_h, TESTNODES); } int main(int argc, char *argv[]) { struct knet_crypto_info crypto_list[16]; size_t crypto_list_entries; size_t i; memset(crypto_list, 0, sizeof(crypto_list)); if (knet_get_crypto_list(crypto_list, &crypto_list_entries) < 0) { printf("knet_get_crypto_list failed: %s\n", strerror(errno)); return FAIL; } if (crypto_list_entries == 0) { printf("no crypto modules detected. Skipping\n"); return SKIP; } for (i=0; i < crypto_list_entries; i++) { test(crypto_list[i].name); } return PASS; }