git: 70bb22868d53 - main - ktls_test: Add debug option to hexdump keys, nonces, and buffers.
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 08 Dec 2022 00:58:03 UTC
The branch main has been updated by jhb:
URL: https://cgit.FreeBSD.org/src/commit/?id=70bb22868d534435fd8d84173f264b48acacd501
commit 70bb22868d534435fd8d84173f264b48acacd501
Author: John Baldwin <jhb@FreeBSD.org>
AuthorDate: 2022-12-08 00:57:28 +0000
Commit: John Baldwin <jhb@FreeBSD.org>
CommitDate: 2022-12-08 00:57:28 +0000
ktls_test: Add debug option to hexdump keys, nonces, and buffers.
Reviewed by: markj
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D37509
---
tests/sys/kern/Makefile | 2 +-
tests/sys/kern/ktls_test.c | 228 ++++++++++++++++++++++++++++++---------------
2 files changed, 153 insertions(+), 77 deletions(-)
diff --git a/tests/sys/kern/Makefile b/tests/sys/kern/Makefile
index 00baa5c99fae..dec2384bc80b 100644
--- a/tests/sys/kern/Makefile
+++ b/tests/sys/kern/Makefile
@@ -70,7 +70,7 @@ LIBADD.sys_getrandom+= pthread
LIBADD.ptrace_test+= pthread
LIBADD.unix_seqpacket_test+= pthread
LIBADD.kcov+= pthread
-LIBADD.ktls_test+= crypto
+LIBADD.ktls_test+= crypto util
LIBADD.sendfile_helper+= pthread
LIBADD.fdgrowtable_test+= util pthread kvm procstat
LIBADD.sigwait+= rt
diff --git a/tests/sys/kern/ktls_test.c b/tests/sys/kern/ktls_test.c
index 09fb96ed11e8..ee575597f1f2 100644
--- a/tests/sys/kern/ktls_test.c
+++ b/tests/sys/kern/ktls_test.c
@@ -38,6 +38,7 @@
#include <assert.h>
#include <err.h>
#include <fcntl.h>
+#include <libutil.h>
#include <netdb.h>
#include <poll.h>
#include <stdbool.h>
@@ -95,6 +96,30 @@ check_tls_mode(const atf_tc_t *tc, int s, int sockopt)
}
}
+static void __printflike(2, 3)
+debug(const atf_tc_t *tc, const char *fmt, ...)
+{
+ if (!atf_tc_get_config_var_as_bool_wd(tc, "ktls.debug", false))
+ return;
+
+ va_list ap;
+ va_start(ap, fmt);
+ vprintf(fmt, ap);
+ va_end(ap);
+}
+
+static void
+debug_hexdump(const atf_tc_t *tc, const void *buf, int length,
+ const char *label)
+{
+ if (!atf_tc_get_config_var_as_bool_wd(tc, "ktls.debug", false))
+ return;
+
+ if (label != NULL)
+ printf("%s:\n", label);
+ hexdump(buf, length, NULL, 0);
+}
+
static char
rdigit(void)
{
@@ -509,8 +534,8 @@ aead_decrypt(const EVP_CIPHER *cipher, const char *key, const char *nonce,
}
static void
-build_tls_enable(int cipher_alg, size_t cipher_key_len, int auth_alg,
- int minor, uint64_t seqno, struct tls_enable *en)
+build_tls_enable(const atf_tc_t *tc, int cipher_alg, size_t cipher_key_len,
+ int auth_alg, int minor, uint64_t seqno, struct tls_enable *en)
{
u_int auth_key_len, iv_len;
@@ -551,8 +576,13 @@ build_tls_enable(int cipher_alg, size_t cipher_key_len, int auth_alg,
break;
}
en->cipher_key = alloc_buffer(cipher_key_len);
+ debug_hexdump(tc, en->cipher_key, cipher_key_len, "cipher key");
en->iv = alloc_buffer(iv_len);
+ if (iv_len != 0)
+ debug_hexdump(tc, en->iv, iv_len, "iv");
en->auth_key = alloc_buffer(auth_key_len);
+ if (auth_key_len != 0)
+ debug_hexdump(tc, en->auth_key, auth_key_len, "auth key");
en->cipher_algorithm = cipher_alg;
en->cipher_key_len = cipher_key_len;
en->iv_len = iv_len;
@@ -561,6 +591,7 @@ build_tls_enable(int cipher_alg, size_t cipher_key_len, int auth_alg,
en->tls_vmajor = TLS_MAJOR_VER_ONE;
en->tls_vminor = minor;
be64enc(en->rec_seq, seqno);
+ debug(tc, "seqno: %ju\n", (uintmax_t)seqno);
}
static void
@@ -750,8 +781,9 @@ tls_13_nonce(struct tls_enable *en, uint64_t seqno, char *nonce)
* have sufficient room ('avail'), fail the test.
*/
static size_t
-decrypt_tls_aes_cbc_mte(struct tls_enable *en, uint64_t seqno, const void *src,
- size_t len, void *dst, size_t avail, uint8_t *record_type)
+decrypt_tls_aes_cbc_mte(const atf_tc_t *tc, struct tls_enable *en,
+ uint64_t seqno, const void *src, size_t len, void *dst, size_t avail,
+ uint8_t *record_type)
{
const struct tls_record_layer *hdr;
struct tls_mac_data aad;
@@ -765,6 +797,8 @@ decrypt_tls_aes_cbc_mte(struct tls_enable *en, uint64_t seqno, const void *src,
mac_len = tls_mac_len(en);
ATF_REQUIRE(hdr->tls_vmajor == TLS_MAJOR_VER_ONE);
ATF_REQUIRE(hdr->tls_vminor == en->tls_vminor);
+ debug(tc, "decrypting MTE record seqno %ju:\n", (uintmax_t)seqno);
+ debug_hexdump(tc, src, len, NULL);
/* First, decrypt the outer payload into a temporary buffer. */
payload_len = len - hdr_len;
@@ -773,8 +807,10 @@ decrypt_tls_aes_cbc_mte(struct tls_enable *en, uint64_t seqno, const void *src,
iv = en->iv;
else
iv = (void *)(hdr + 1);
+ debug_hexdump(tc, iv, AES_BLOCK_LEN, "iv");
ATF_REQUIRE(cbc_decrypt(tls_EVP_CIPHER(en), en->cipher_key, iv,
(const u_char *)src + hdr_len, buf, payload_len));
+ debug_hexdump(tc, buf, payload_len, "decrypted buffer");
/*
* Copy the last encrypted block to use as the IV for the next
@@ -797,6 +833,7 @@ decrypt_tls_aes_cbc_mte(struct tls_enable *en, uint64_t seqno, const void *src,
/* Verify HMAC. */
payload_len -= mac_len;
tls_mte_aad(en, payload_len, hdr, seqno, &aad);
+ debug_hexdump(tc, &aad, sizeof(aad), "aad");
ATF_REQUIRE(verify_hash(tls_EVP_MD(en), en->auth_key, en->auth_key_len,
&aad, sizeof(aad), buf, payload_len, buf + payload_len));
@@ -807,8 +844,8 @@ decrypt_tls_aes_cbc_mte(struct tls_enable *en, uint64_t seqno, const void *src,
}
static size_t
-decrypt_tls_12_aead(struct tls_enable *en, uint64_t seqno, const void *src,
- size_t len, void *dst, uint8_t *record_type)
+decrypt_tls_12_aead(const atf_tc_t *tc, struct tls_enable *en, uint64_t seqno,
+ const void *src, size_t len, void *dst, uint8_t *record_type)
{
const struct tls_record_layer *hdr;
struct tls_aead_data aad;
@@ -822,12 +859,16 @@ decrypt_tls_12_aead(struct tls_enable *en, uint64_t seqno, const void *src,
payload_len = len - (hdr_len + mac_len);
ATF_REQUIRE(hdr->tls_vmajor == TLS_MAJOR_VER_ONE);
ATF_REQUIRE(hdr->tls_vminor == TLS_MINOR_VER_TWO);
+ debug(tc, "decrypting TLS 1.2 record seqno %ju:\n", (uintmax_t)seqno);
+ debug_hexdump(tc, src, len, NULL);
tls_12_aead_aad(en, payload_len, hdr, seqno, &aad);
+ debug_hexdump(tc, &aad, sizeof(aad), "aad");
if (en->cipher_algorithm == CRYPTO_AES_NIST_GCM_16)
tls_12_gcm_nonce(en, hdr, nonce);
else
tls_13_nonce(en, seqno, nonce);
+ debug_hexdump(tc, nonce, sizeof(nonce), "nonce");
ATF_REQUIRE(aead_decrypt(tls_EVP_CIPHER(en), en->cipher_key, nonce,
&aad, sizeof(aad), (const char *)src + hdr_len, dst, payload_len,
@@ -838,8 +879,8 @@ decrypt_tls_12_aead(struct tls_enable *en, uint64_t seqno, const void *src,
}
static size_t
-decrypt_tls_13_aead(struct tls_enable *en, uint64_t seqno, const void *src,
- size_t len, void *dst, uint8_t *record_type)
+decrypt_tls_13_aead(const atf_tc_t *tc, struct tls_enable *en, uint64_t seqno,
+ const void *src, size_t len, void *dst, uint8_t *record_type)
{
const struct tls_record_layer *hdr;
struct tls_aead_data_13 aad;
@@ -856,9 +897,13 @@ decrypt_tls_13_aead(struct tls_enable *en, uint64_t seqno, const void *src,
ATF_REQUIRE(hdr->tls_type == TLS_RLTYPE_APP);
ATF_REQUIRE(hdr->tls_vmajor == TLS_MAJOR_VER_ONE);
ATF_REQUIRE(hdr->tls_vminor == TLS_MINOR_VER_TWO);
+ debug(tc, "decrypting TLS 1.3 record seqno %ju:\n", (uintmax_t)seqno);
+ debug_hexdump(tc, src, len, NULL);
tls_13_aad(en, hdr, seqno, &aad);
+ debug_hexdump(tc, &aad, sizeof(aad), "aad");
tls_13_nonce(en, seqno, nonce);
+ debug_hexdump(tc, nonce, sizeof(nonce), "nonce");
/*
* Have to use a temporary buffer for the output due to the
@@ -869,6 +914,7 @@ decrypt_tls_13_aead(struct tls_enable *en, uint64_t seqno, const void *src,
ATF_REQUIRE(aead_decrypt(tls_EVP_CIPHER(en), en->cipher_key, nonce,
&aad, sizeof(aad), (const char *)src + hdr_len, buf, payload_len,
(const char *)src + hdr_len + payload_len, mac_len));
+ debug_hexdump(tc, buf, payload_len, "decrypted buffer");
/* Trim record type. */
*record_type = buf[payload_len - 1];
@@ -881,8 +927,8 @@ decrypt_tls_13_aead(struct tls_enable *en, uint64_t seqno, const void *src,
}
static size_t
-decrypt_tls_aead(struct tls_enable *en, uint64_t seqno, const void *src,
- size_t len, void *dst, size_t avail, uint8_t *record_type)
+decrypt_tls_aead(const atf_tc_t *tc, struct tls_enable *en, uint64_t seqno,
+ const void *src, size_t len, void *dst, size_t avail, uint8_t *record_type)
{
const struct tls_record_layer *hdr;
size_t payload_len;
@@ -894,10 +940,10 @@ decrypt_tls_aead(struct tls_enable *en, uint64_t seqno, const void *src,
ATF_REQUIRE(payload_len <= avail);
if (en->tls_vminor == TLS_MINOR_VER_TWO) {
- ATF_REQUIRE(decrypt_tls_12_aead(en, seqno, src, len, dst,
+ ATF_REQUIRE(decrypt_tls_12_aead(tc, en, seqno, src, len, dst,
record_type) == payload_len);
} else {
- ATF_REQUIRE(decrypt_tls_13_aead(en, seqno, src, len, dst,
+ ATF_REQUIRE(decrypt_tls_13_aead(tc, en, seqno, src, len, dst,
record_type) == payload_len);
}
@@ -905,14 +951,14 @@ decrypt_tls_aead(struct tls_enable *en, uint64_t seqno, const void *src,
}
static size_t
-decrypt_tls_record(struct tls_enable *en, uint64_t seqno, const void *src,
- size_t len, void *dst, size_t avail, uint8_t *record_type)
+decrypt_tls_record(const atf_tc_t *tc, struct tls_enable *en, uint64_t seqno,
+ const void *src, size_t len, void *dst, size_t avail, uint8_t *record_type)
{
if (en->cipher_algorithm == CRYPTO_AES_CBC)
- return (decrypt_tls_aes_cbc_mte(en, seqno, src, len, dst, avail,
- record_type));
+ return (decrypt_tls_aes_cbc_mte(tc, en, seqno, src, len, dst,
+ avail, record_type));
else
- return (decrypt_tls_aead(en, seqno, src, len, dst, avail,
+ return (decrypt_tls_aead(tc, en, seqno, src, len, dst, avail,
record_type));
}
@@ -924,9 +970,9 @@ decrypt_tls_record(struct tls_enable *en, uint64_t seqno, const void *src,
* cipher suite.
*/
static size_t
-encrypt_tls_aes_cbc_mte(struct tls_enable *en, uint8_t record_type,
- uint64_t seqno, const void *src, size_t len, void *dst, size_t avail,
- size_t padding)
+encrypt_tls_aes_cbc_mte(const atf_tc_t *tc, struct tls_enable *en,
+ uint8_t record_type, uint64_t seqno, const void *src, size_t len, void *dst,
+ size_t avail, size_t padding)
{
struct tls_record_layer *hdr;
struct tls_mac_data aad;
@@ -939,6 +985,7 @@ encrypt_tls_aes_cbc_mte(struct tls_enable *en, uint8_t record_type,
hdr = dst;
buf = dst;
+ debug(tc, "encrypting MTE record seqno %ju:\n", (uintmax_t)seqno);
hdr_len = tls_header_len(en);
mac_len = tls_mac_len(en);
padding += (AES_BLOCK_LEN - (len + mac_len) % AES_BLOCK_LEN);
@@ -954,12 +1001,15 @@ encrypt_tls_aes_cbc_mte(struct tls_enable *en, uint8_t record_type,
iv = (char *)(hdr + 1);
for (i = 0; i < AES_BLOCK_LEN; i++)
iv[i] = rdigit();
+ debug_hexdump(tc, iv, AES_BLOCK_LEN, "explicit IV");
/* Copy plaintext to ciphertext region. */
memcpy(buf + hdr_len, src, len);
/* Compute HMAC. */
tls_mte_aad(en, len, hdr, seqno, &aad);
+ debug_hexdump(tc, &aad, sizeof(aad), "aad");
+ debug_hexdump(tc, src, len, "plaintext");
ATF_REQUIRE(compute_hash(tls_EVP_MD(en), en->auth_key, en->auth_key_len,
&aad, sizeof(aad), src, len, buf + hdr_len + len, &digest_len));
ATF_REQUIRE(digest_len == mac_len);
@@ -967,17 +1017,19 @@ encrypt_tls_aes_cbc_mte(struct tls_enable *en, uint8_t record_type,
/* Store padding. */
for (i = 0; i < padding; i++)
buf[hdr_len + len + mac_len + i] = padding - 1;
+ debug_hexdump(tc, buf + hdr_len + len, mac_len + padding, "MAC and padding");
/* Encrypt the record. */
ATF_REQUIRE(cbc_encrypt(tls_EVP_CIPHER(en), en->cipher_key, iv,
buf + hdr_len, buf + hdr_len, len + mac_len + padding));
+ debug_hexdump(tc, dst, record_len, "encrypted record");
return (record_len);
}
static size_t
-encrypt_tls_12_aead(struct tls_enable *en, uint8_t record_type, uint64_t seqno,
- const void *src, size_t len, void *dst)
+encrypt_tls_12_aead(const atf_tc_t *tc, struct tls_enable *en,
+ uint8_t record_type, uint64_t seqno, const void *src, size_t len, void *dst)
{
struct tls_record_layer *hdr;
struct tls_aead_data aad;
@@ -986,6 +1038,7 @@ encrypt_tls_12_aead(struct tls_enable *en, uint8_t record_type, uint64_t seqno,
hdr = dst;
+ debug(tc, "encrypting TLS 1.2 record seqno %ju:\n", (uintmax_t)seqno);
hdr_len = tls_header_len(en);
mac_len = tls_mac_len(en);
record_len = hdr_len + len + mac_len;
@@ -998,21 +1051,26 @@ encrypt_tls_12_aead(struct tls_enable *en, uint8_t record_type, uint64_t seqno,
memcpy(hdr + 1, &seqno, sizeof(seqno));
tls_12_aead_aad(en, len, hdr, seqno, &aad);
+ debug_hexdump(tc, &aad, sizeof(aad), "aad");
if (en->cipher_algorithm == CRYPTO_AES_NIST_GCM_16)
tls_12_gcm_nonce(en, hdr, nonce);
else
tls_13_nonce(en, seqno, nonce);
+ debug_hexdump(tc, nonce, sizeof(nonce), "nonce");
+ debug_hexdump(tc, src, len, "plaintext");
ATF_REQUIRE(aead_encrypt(tls_EVP_CIPHER(en), en->cipher_key, nonce,
&aad, sizeof(aad), src, (char *)dst + hdr_len, len,
(char *)dst + hdr_len + len, mac_len));
+ debug_hexdump(tc, dst, record_len, "encrypted record");
return (record_len);
}
static size_t
-encrypt_tls_13_aead(struct tls_enable *en, uint8_t record_type, uint64_t seqno,
- const void *src, size_t len, void *dst, size_t padding)
+encrypt_tls_13_aead(const atf_tc_t *tc, struct tls_enable *en,
+ uint8_t record_type, uint64_t seqno, const void *src, size_t len, void *dst,
+ size_t padding)
{
struct tls_record_layer *hdr;
struct tls_aead_data_13 aad;
@@ -1022,6 +1080,7 @@ encrypt_tls_13_aead(struct tls_enable *en, uint8_t record_type, uint64_t seqno,
hdr = dst;
+ debug(tc, "encrypting TLS 1.3 record seqno %ju:\n", (uintmax_t)seqno);
hdr_len = tls_header_len(en);
mac_len = tls_mac_len(en);
record_len = hdr_len + len + 1 + padding + mac_len;
@@ -1032,7 +1091,9 @@ encrypt_tls_13_aead(struct tls_enable *en, uint8_t record_type, uint64_t seqno,
hdr->tls_length = htons(record_len - sizeof(*hdr));
tls_13_aad(en, hdr, seqno, &aad);
+ debug_hexdump(tc, &aad, sizeof(aad), "aad");
tls_13_nonce(en, seqno, nonce);
+ debug_hexdump(tc, nonce, sizeof(nonce), "nonce");
/*
* Have to use a temporary buffer for the input so that the record
@@ -1042,10 +1103,12 @@ encrypt_tls_13_aead(struct tls_enable *en, uint8_t record_type, uint64_t seqno,
memcpy(buf, src, len);
buf[len] = record_type;
memset(buf + len + 1, 0, padding);
+ debug_hexdump(tc, buf, len + 1 + padding, "plaintext + type + padding");
ATF_REQUIRE(aead_encrypt(tls_EVP_CIPHER(en), en->cipher_key, nonce,
&aad, sizeof(aad), buf, (char *)dst + hdr_len, len + 1 + padding,
(char *)dst + hdr_len + len + 1 + padding, mac_len));
+ debug_hexdump(tc, dst, record_len, "encrypted record");
free(buf);
@@ -1053,8 +1116,9 @@ encrypt_tls_13_aead(struct tls_enable *en, uint8_t record_type, uint64_t seqno,
}
static size_t
-encrypt_tls_aead(struct tls_enable *en, uint8_t record_type, uint64_t seqno,
- const void *src, size_t len, void *dst, size_t avail, size_t padding)
+encrypt_tls_aead(const atf_tc_t *tc, struct tls_enable *en,
+ uint8_t record_type, uint64_t seqno, const void *src, size_t len, void *dst,
+ size_t avail, size_t padding)
{
size_t record_len;
@@ -1063,24 +1127,25 @@ encrypt_tls_aead(struct tls_enable *en, uint8_t record_type, uint64_t seqno,
if (en->tls_vminor == TLS_MINOR_VER_TWO) {
ATF_REQUIRE(padding == 0);
- ATF_REQUIRE(encrypt_tls_12_aead(en, record_type, seqno, src,
+ ATF_REQUIRE(encrypt_tls_12_aead(tc, en, record_type, seqno, src,
len, dst) == record_len);
} else
- ATF_REQUIRE(encrypt_tls_13_aead(en, record_type, seqno, src,
+ ATF_REQUIRE(encrypt_tls_13_aead(tc, en, record_type, seqno, src,
len, dst, padding) == record_len);
return (record_len);
}
static size_t
-encrypt_tls_record(struct tls_enable *en, uint8_t record_type, uint64_t seqno,
- const void *src, size_t len, void *dst, size_t avail, size_t padding)
+encrypt_tls_record(const atf_tc_t *tc, struct tls_enable *en,
+ uint8_t record_type, uint64_t seqno, const void *src, size_t len, void *dst,
+ size_t avail, size_t padding)
{
if (en->cipher_algorithm == CRYPTO_AES_CBC)
- return (encrypt_tls_aes_cbc_mte(en, record_type, seqno, src,
+ return (encrypt_tls_aes_cbc_mte(tc, en, record_type, seqno, src,
len, dst, avail, padding));
else
- return (encrypt_tls_aead(en, record_type, seqno, src, len,
+ return (encrypt_tls_aead(tc, en, record_type, seqno, src, len,
dst, avail, padding));
}
@@ -1097,6 +1162,7 @@ test_ktls_transmit_app_data(const atf_tc_t *tc, struct tls_enable *en,
uint8_t record_type;
plaintext = alloc_buffer(len);
+ debug_hexdump(tc, plaintext, len, "plaintext");
decrypted = malloc(len);
outbuf_cap = tls_header_len(en) + TLS_MAX_MSG_SIZE_V10_2 +
tls_trailer_len(en);
@@ -1154,6 +1220,14 @@ test_ktls_transmit_app_data(const atf_tc_t *tc, struct tls_enable *en,
ATF_REQUIRE_MSG(rv > 0,
"failed to read from socket");
outbuf_len += rv;
+
+ if (outbuf_len ==
+ sizeof(struct tls_record_layer)) {
+ debug(tc, "TLS header for seqno %ju:\n",
+ (uintmax_t)seqno);
+ debug_hexdump(tc, outbuf, outbuf_len,
+ NULL);
+ }
}
if (outbuf_len < sizeof(struct tls_record_layer))
@@ -1161,6 +1235,8 @@ test_ktls_transmit_app_data(const atf_tc_t *tc, struct tls_enable *en,
record_len = sizeof(struct tls_record_layer) +
ntohs(hdr->tls_length);
+ debug(tc, "record_len %zu outbuf_cap %zu\n",
+ record_len, outbuf_cap);
ATF_REQUIRE(record_len <= outbuf_cap);
ATF_REQUIRE(record_len > outbuf_len);
rv = read(ev.ident, outbuf + outbuf_len,
@@ -1171,8 +1247,8 @@ test_ktls_transmit_app_data(const atf_tc_t *tc, struct tls_enable *en,
outbuf_len += rv;
if (outbuf_len == record_len) {
- decrypted_len += decrypt_tls_record(en, seqno,
- outbuf, outbuf_len,
+ decrypted_len += decrypt_tls_record(tc, en,
+ seqno, outbuf, outbuf_len,
decrypted + decrypted_len,
len - decrypted_len, &record_type);
ATF_REQUIRE(record_type == TLS_RLTYPE_APP);
@@ -1266,8 +1342,8 @@ test_ktls_transmit_control(const atf_tc_t *tc, struct tls_enable *en,
payload_len);
ATF_REQUIRE(rv == (ssize_t)payload_len);
- rv = decrypt_tls_record(en, seqno, outbuf, record_len, decrypted, len,
- &record_type);
+ rv = decrypt_tls_record(tc, en, seqno, outbuf, record_len, decrypted,
+ len, &record_type);
ATF_REQUIRE_MSG((ssize_t)len == rv,
"read %zd decrypted bytes, but wrote %zu", rv, len);
@@ -1333,7 +1409,7 @@ test_ktls_transmit_empty_fragment(const atf_tc_t *tc, struct tls_enable *en,
payload_len);
ATF_REQUIRE(rv == (ssize_t)payload_len);
- rv = decrypt_tls_record(en, seqno, outbuf, record_len, NULL, 0,
+ rv = decrypt_tls_record(tc, en, seqno, outbuf, record_len, NULL, 0,
&record_type);
ATF_REQUIRE_MSG(rv == 0,
@@ -1436,7 +1512,7 @@ test_ktls_receive_app_data(const atf_tc_t *tc, struct tls_enable *en,
todo = len - written;
if (todo > TLS_MAX_MSG_SIZE_V10_2 - padding)
todo = TLS_MAX_MSG_SIZE_V10_2 - padding;
- outbuf_len = encrypt_tls_record(en,
+ outbuf_len = encrypt_tls_record(tc, en,
TLS_RLTYPE_APP, seqno, plaintext + written,
todo, outbuf, outbuf_cap, padding);
outbuf_sent = 0;
@@ -1535,7 +1611,7 @@ test_ktls_receive_corrupted_record(const atf_tc_t *tc, struct tls_enable *en,
fd_set_blocking(sockets[0]);
fd_set_blocking(sockets[1]);
- outbuf_len = encrypt_tls_record(en, TLS_RLTYPE_APP, seqno,
+ outbuf_len = encrypt_tls_record(tc, en, TLS_RLTYPE_APP, seqno,
plaintext, len, outbuf, outbuf_cap, 0);
/* A negative offset is an offset from the end. */
@@ -1624,7 +1700,7 @@ test_ktls_receive_truncated_record(const atf_tc_t *tc, struct tls_enable *en,
fd_set_blocking(sockets[0]);
fd_set_blocking(sockets[1]);
- outbuf_len = encrypt_tls_record(en, TLS_RLTYPE_APP, seqno,
+ outbuf_len = encrypt_tls_record(tc, en, TLS_RLTYPE_APP, seqno,
plaintext, len, outbuf, outbuf_cap, 0);
rv = write(sockets[1], outbuf, outbuf_len / 2);
@@ -1665,7 +1741,7 @@ test_ktls_receive_bad_major(const atf_tc_t *tc, struct tls_enable *en,
fd_set_blocking(sockets[0]);
fd_set_blocking(sockets[1]);
- outbuf_len = encrypt_tls_record(en, TLS_RLTYPE_APP, seqno,
+ outbuf_len = encrypt_tls_record(tc, en, TLS_RLTYPE_APP, seqno,
plaintext, len, outbuf, outbuf_cap, 0);
hdr = (void *)outbuf;
@@ -1707,7 +1783,7 @@ test_ktls_receive_bad_minor(const atf_tc_t *tc, struct tls_enable *en,
fd_set_blocking(sockets[0]);
fd_set_blocking(sockets[1]);
- outbuf_len = encrypt_tls_record(en, TLS_RLTYPE_APP, seqno,
+ outbuf_len = encrypt_tls_record(tc, en, TLS_RLTYPE_APP, seqno,
plaintext, len, outbuf, outbuf_cap, 0);
hdr = (void *)outbuf;
@@ -1750,7 +1826,7 @@ test_ktls_receive_bad_type(const atf_tc_t *tc, struct tls_enable *en,
fd_set_blocking(sockets[0]);
fd_set_blocking(sockets[1]);
- outbuf_len = encrypt_tls_record(en, 0x21 /* Alert */, seqno,
+ outbuf_len = encrypt_tls_record(tc, en, 0x21 /* Alert */, seqno,
plaintext, len, outbuf, outbuf_cap, 0);
hdr = (void *)outbuf;
@@ -1875,8 +1951,8 @@ ATF_TC_BODY(ktls_transmit_##cipher_name##_##name, tc) \
\
ATF_REQUIRE_KTLS(); \
seqno = random(); \
- build_tls_enable(cipher_alg, key_size, auth_alg, minor, seqno, \
- &en); \
+ build_tls_enable(tc, cipher_alg, key_size, auth_alg, minor, \
+ seqno, &en); \
test_ktls_transmit_app_data(tc, &en, seqno, len); \
free_tls_enable(&en); \
}
@@ -1895,8 +1971,8 @@ ATF_TC_BODY(ktls_transmit_##cipher_name##_##name, tc) \
\
ATF_REQUIRE_KTLS(); \
seqno = random(); \
- build_tls_enable(cipher_alg, key_size, auth_alg, minor, seqno, \
- &en); \
+ build_tls_enable(tc, cipher_alg, key_size, auth_alg, minor, \
+ seqno, &en); \
test_ktls_transmit_control(tc, &en, seqno, type, len); \
free_tls_enable(&en); \
}
@@ -1915,8 +1991,8 @@ ATF_TC_BODY(ktls_transmit_##cipher_name##_empty_fragment, tc) \
\
ATF_REQUIRE_KTLS(); \
seqno = random(); \
- build_tls_enable(cipher_alg, key_size, auth_alg, minor, seqno, \
- &en); \
+ build_tls_enable(tc, cipher_alg, key_size, auth_alg, minor, \
+ seqno, &en); \
test_ktls_transmit_empty_fragment(tc, &en, seqno); \
free_tls_enable(&en); \
}
@@ -2072,8 +2148,8 @@ ATF_TC_BODY(ktls_transmit_invalid_##name, tc) \
\
ATF_REQUIRE_KTLS(); \
seqno = random(); \
- build_tls_enable(cipher_alg, key_size, auth_alg, minor, seqno, \
- &en); \
+ build_tls_enable(tc, cipher_alg, key_size, auth_alg, minor, \
+ seqno, &en); \
test_ktls_invalid_transmit_cipher_suite(tc, &en); \
free_tls_enable(&en); \
}
@@ -2121,8 +2197,8 @@ ATF_TC_BODY(ktls_receive_##cipher_name##_##name, tc) \
\
ATF_REQUIRE_KTLS(); \
seqno = random(); \
- build_tls_enable(cipher_alg, key_size, auth_alg, minor, seqno, \
- &en); \
+ build_tls_enable(tc, cipher_alg, key_size, auth_alg, minor, \
+ seqno, &en); \
test_ktls_receive_app_data(tc, &en, seqno, len, padding); \
free_tls_enable(&en); \
}
@@ -2141,8 +2217,8 @@ ATF_TC_BODY(ktls_receive_##cipher_name##_bad_data, tc) \
\
ATF_REQUIRE_KTLS(); \
seqno = random(); \
- build_tls_enable(cipher_alg, key_size, auth_alg, minor, seqno, \
- &en); \
+ build_tls_enable(tc, cipher_alg, key_size, auth_alg, minor, \
+ seqno, &en); \
test_ktls_receive_corrupted_data(tc, &en, seqno, len); \
free_tls_enable(&en); \
}
@@ -2161,8 +2237,8 @@ ATF_TC_BODY(ktls_receive_##cipher_name##_bad_mac, tc) \
\
ATF_REQUIRE_KTLS(); \
seqno = random(); \
- build_tls_enable(cipher_alg, key_size, auth_alg, minor, seqno, \
- &en); \
+ build_tls_enable(tc, cipher_alg, key_size, auth_alg, minor, \
+ seqno, &en); \
test_ktls_receive_corrupted_mac(tc, &en, seqno, len); \
free_tls_enable(&en); \
}
@@ -2181,8 +2257,8 @@ ATF_TC_BODY(ktls_receive_##cipher_name##_truncated_record, tc) \
\
ATF_REQUIRE_KTLS(); \
seqno = random(); \
- build_tls_enable(cipher_alg, key_size, auth_alg, minor, seqno, \
- &en); \
+ build_tls_enable(tc, cipher_alg, key_size, auth_alg, minor, \
+ seqno, &en); \
test_ktls_receive_truncated_record(tc, &en, seqno, len); \
free_tls_enable(&en); \
}
@@ -2201,8 +2277,8 @@ ATF_TC_BODY(ktls_receive_##cipher_name##_bad_major, tc) \
\
ATF_REQUIRE_KTLS(); \
seqno = random(); \
- build_tls_enable(cipher_alg, key_size, auth_alg, minor, seqno, \
- &en); \
+ build_tls_enable(tc, cipher_alg, key_size, auth_alg, minor, \
+ seqno, &en); \
test_ktls_receive_bad_major(tc, &en, seqno, len); \
free_tls_enable(&en); \
}
@@ -2221,8 +2297,8 @@ ATF_TC_BODY(ktls_receive_##cipher_name##_bad_minor, tc) \
\
ATF_REQUIRE_KTLS(); \
seqno = random(); \
- build_tls_enable(cipher_alg, key_size, auth_alg, minor, seqno, \
- &en); \
+ build_tls_enable(tc, cipher_alg, key_size, auth_alg, minor, \
+ seqno, &en); \
test_ktls_receive_bad_minor(tc, &en, seqno, len); \
free_tls_enable(&en); \
}
@@ -2241,8 +2317,8 @@ ATF_TC_BODY(ktls_receive_##cipher_name##_##name, tc) \
\
ATF_REQUIRE_KTLS(); \
seqno = random(); \
- build_tls_enable(cipher_alg, key_size, auth_alg, minor, seqno, \
- &en); \
+ build_tls_enable(tc, cipher_alg, key_size, auth_alg, minor, \
+ seqno, &en); \
test_ktls_receive_bad_size(tc, &en, seqno, (len)); \
free_tls_enable(&en); \
}
@@ -2409,8 +2485,8 @@ ATF_TC_BODY(ktls_receive_##cipher_name##_bad_padding, tc) \
\
ATF_REQUIRE_KTLS(); \
seqno = random(); \
- build_tls_enable(cipher_alg, key_size, auth_alg, minor, seqno, \
- &en); \
+ build_tls_enable(tc, cipher_alg, key_size, auth_alg, minor, \
+ seqno, &en); \
test_ktls_receive_corrupted_padding(tc, &en, seqno, len); \
free_tls_enable(&en); \
}
@@ -2466,8 +2542,8 @@ ATF_TC_BODY(ktls_receive_##cipher_name##_bad_iv, tc) \
\
ATF_REQUIRE_KTLS(); \
seqno = random(); \
- build_tls_enable(cipher_alg, key_size, auth_alg, minor, seqno, \
- &en); \
+ build_tls_enable(tc, cipher_alg, key_size, auth_alg, minor, \
+ seqno, &en); \
test_ktls_receive_corrupted_iv(tc, &en, seqno, 64); \
free_tls_enable(&en); \
}
@@ -2509,8 +2585,8 @@ ATF_TC_BODY(ktls_receive_##cipher_name##_bad_type, tc) \
\
ATF_REQUIRE_KTLS(); \
seqno = random(); \
- build_tls_enable(cipher_alg, key_size, auth_alg, minor, seqno, \
- &en); \
+ build_tls_enable(tc, cipher_alg, key_size, auth_alg, minor, \
+ seqno, &en); \
test_ktls_receive_bad_type(tc, &en, seqno, len); \
free_tls_enable(&en); \
}
@@ -2569,8 +2645,8 @@ ATF_TC_BODY(ktls_receive_invalid_##name, tc) \
\
ATF_REQUIRE_KTLS(); \
seqno = random(); \
- build_tls_enable(cipher_alg, key_size, auth_alg, minor, seqno, \
- &en); \
+ build_tls_enable(tc, cipher_alg, key_size, auth_alg, minor, \
+ seqno, &en); \
test_ktls_invalid_receive_cipher_suite(tc, &en); \
free_tls_enable(&en); \
}
@@ -2609,8 +2685,8 @@ ATF_TC_BODY(ktls_receive_unsupported_##name, tc) \
\
ATF_REQUIRE_KTLS(); \
seqno = random(); \
- build_tls_enable(cipher_alg, key_size, auth_alg, minor, seqno, \
- &en); \
+ build_tls_enable(tc, cipher_alg, key_size, auth_alg, minor, \
+ seqno, &en); \
test_ktls_unsupported_receive_cipher_suite(tc, &en); \
free_tls_enable(&en); \
}
@@ -2643,7 +2719,7 @@ ATF_TC_BODY(ktls_sendto_baddst, tc)
s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
ATF_REQUIRE(s >= 0);
- build_tls_enable(CRYPTO_AES_NIST_GCM_16, 128 / 8, 0,
+ build_tls_enable(tc, CRYPTO_AES_NIST_GCM_16, 128 / 8, 0,
TLS_MINOR_VER_THREE, (uint64_t)random(), &en);
ATF_REQUIRE(setsockopt(s, IPPROTO_TCP, TCP_TXTLS_ENABLE, &en,