From nobody Tue Nov 15 20:04:18 2022 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4NBcZp66knz4hdMV; Tue, 15 Nov 2022 20:04:18 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4NBcZp5qHNz4Mdw; Tue, 15 Nov 2022 20:04:18 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1668542658; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=qnU7VLkhXyj29PW5JjXWMELyP1cZ6tBr/jGlorlgAr0=; b=i5w0ZHsmsn1mjyQBk1fIQs71DqqZAmrgZ3fc6/UDx7z9rjw8lXHzgEKmp0NIWeNBWE2LBt QNfuDWlZst6XJI6t4WbpNhAFtOt8tApgH41YdGBlrxA8L+BVBBTT73f5v4neh49eAxPrLk 1iV+cpr2Vvt0Opx4x3ksd9Wlb75Uq/362qnaPPdBBzO8D5endqzcaJJt6qYSZILq/dhVnx XfzH+nXqP2gV0KooCE2DpYD00Zz7KyRDkCVjCmR8ieOhMk61CsR0e7hATRKMb6uUCOD0JS AeyU7o6Q79P55SxaGZNCljxNM5qZYXtKsAaxsSiletmBIAHdl5Smt00/KQCw7A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1668542658; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=qnU7VLkhXyj29PW5JjXWMELyP1cZ6tBr/jGlorlgAr0=; b=iugpaHJVZwHvUn9HsInPv2iCS7v+4auXFMXMA0+iukh7Cm79NTz8xFJTxk6Ey0cI7seE5D huSWDYWBWVGgQHOlXgN8M8fduTr2yU9K/j/tb/lcyLLJCBGSX5xXA1ZD88cigM4Ie+Ct8w VMzUWo/jnXsxzHXI9TFrcRykc/t2b1eK14hZ3dBgyEnL0wuj8WXe8U9MdsmVwAfw+rRQ/5 Nl75but3Ao3q8lZVEh/hhFRGMs4o6YcAp8Fv7Rheg76JoB9RBGk5NHAkIDW30uzeHRLFQe +deJEMWOfXQYcSc7IUABr9m6QnMKqWboZdCC7/soklf9zM74yQgDDrk5yuxoHg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1668542658; a=rsa-sha256; cv=none; b=LiEKEqYqvru2fL8n4YraFcZZSXF1kPyk9HSPdlE/6U/EAQ4tVDE/W0K3jy9yonkUY5QRtC t+TJHo+O9dMT5MTMnK063UHQD1kAJ0eOV+PysMGZydlPMaFJh7vYkY3eDdmmgZL3viYEeL pYwgZrzdbDrvS7iX3EC0nTnyv1oVe7k/HhC6jhbATV0ZwQOG7mIoxTgeS3/vdke93KIo4p eIg5OvJ+IB4bHRTwxA6TV8ykHYGVvEkfiu9Feb58MvooN+1B1KYhfTgCaNKtndR+9/YYmx qU2KaGMZ5a2Am0lzLX0WkE0ns+vrq38C4qLjSeShG3Egp+bEV8DPipIXMJd59g== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4NBcZp4nBpzZLF; Tue, 15 Nov 2022 20:04:18 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 2AFK4IpJ029313; Tue, 15 Nov 2022 20:04:18 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 2AFK4IUX029312; Tue, 15 Nov 2022 20:04:18 GMT (envelope-from git) Date: Tue, 15 Nov 2022 20:04:18 GMT Message-Id: <202211152004.2AFK4IUX029312@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: John Baldwin Subject: git: 64811651aa7c - main - ktls: Add tests for software AES-CBC decryption for TLS 1.1+. List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jhb X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 64811651aa7c401e5b520877ccd04e9eeab425e1 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by jhb: URL: https://cgit.FreeBSD.org/src/commit/?id=64811651aa7c401e5b520877ccd04e9eeab425e1 commit 64811651aa7c401e5b520877ccd04e9eeab425e1 Author: John Baldwin AuthorDate: 2022-11-15 20:02:28 +0000 Commit: John Baldwin CommitDate: 2022-11-15 20:02:28 +0000 ktls: Add tests for software AES-CBC decryption for TLS 1.1+. Reviewed by: markj Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D37371 --- tests/sys/kern/ktls_test.c | 233 +++++++++++++++++++++++++++++++++++++++------ 1 file changed, 204 insertions(+), 29 deletions(-) diff --git a/tests/sys/kern/ktls_test.c b/tests/sys/kern/ktls_test.c index 488b98725d09..3ad733e73f75 100644 --- a/tests/sys/kern/ktls_test.c +++ b/tests/sys/kern/ktls_test.c @@ -270,8 +270,8 @@ fd_set_blocking(int fd) } static bool -cbc_decrypt(const EVP_CIPHER *cipher, const char *key, const char *iv, - const char *input, char *output, size_t size) +cbc_crypt(const EVP_CIPHER *cipher, const char *key, const char *iv, + const char *input, char *output, size_t size, int enc) { EVP_CIPHER_CTX *ctx; int outl, total; @@ -283,7 +283,7 @@ cbc_decrypt(const EVP_CIPHER *cipher, const char *key, const char *iv, return (false); } if (EVP_CipherInit_ex(ctx, cipher, NULL, (const u_char *)key, - (const u_char *)iv, 0) != 1) { + (const u_char *)iv, enc) != 1) { warnx("EVP_CipherInit_ex failed: %s", ERR_error_string(ERR_get_error(), NULL)); EVP_CIPHER_CTX_free(ctx); @@ -315,12 +315,25 @@ cbc_decrypt(const EVP_CIPHER *cipher, const char *key, const char *iv, } static bool -verify_hash(const EVP_MD *md, const void *key, size_t key_len, const void *aad, - size_t aad_len, const void *buffer, size_t len, const void *digest) +cbc_encrypt(const EVP_CIPHER *cipher, const char *key, const char *iv, + const char *input, char *output, size_t size) +{ + return (cbc_crypt(cipher, key, iv, input, output, size, 1)); +} + +static bool +cbc_decrypt(const EVP_CIPHER *cipher, const char *key, const char *iv, + const char *input, char *output, size_t size) +{ + return (cbc_crypt(cipher, key, iv, input, output, size, 0)); +} + +static bool +compute_hash(const EVP_MD *md, const void *key, size_t key_len, const void *aad, + size_t aad_len, const void *buffer, size_t len, void *digest, + u_int *digest_len) { HMAC_CTX *ctx; - unsigned char digest2[EVP_MAX_MD_SIZE]; - u_int digest_len; ctx = HMAC_CTX_new(); if (ctx == NULL) { @@ -346,13 +359,26 @@ verify_hash(const EVP_MD *md, const void *key, size_t key_len, const void *aad, HMAC_CTX_free(ctx); return (false); } - if (HMAC_Final(ctx, digest2, &digest_len) != 1) { + if (HMAC_Final(ctx, digest, digest_len) != 1) { warnx("HMAC_Final failed: %s", ERR_error_string(ERR_get_error(), NULL)); HMAC_CTX_free(ctx); return (false); } HMAC_CTX_free(ctx); + return (true); +} + +static bool +verify_hash(const EVP_MD *md, const void *key, size_t key_len, const void *aad, + size_t aad_len, const void *buffer, size_t len, const void *digest) +{ + unsigned char digest2[EVP_MAX_MD_SIZE]; + u_int digest_len; + + if (!compute_hash(md, key, key_len, aad, aad_len, buffer, len, digest2, + &digest_len)) + return (false); if (memcmp(digest, digest2, digest_len) != 0) { warnx("HMAC mismatch"); return (false); @@ -877,8 +903,62 @@ decrypt_tls_record(struct tls_enable *en, uint64_t seqno, const void *src, /* * Encrypt a TLS record of type 'record_type' with payload 'len' bytes * long at 'src' and store the result at 'dst'. If 'dst' doesn't have - * sufficient room ('avail'), fail the test. + * sufficient room ('avail'), fail the test. 'padding' is the amount + * of additional padding to include beyond any amount mandated by the + * cipher suite. */ +static size_t +encrypt_tls_aes_cbc_mte(struct tls_enable *en, uint8_t record_type, + uint64_t seqno, const void *src, size_t len, void *dst, size_t avail, + size_t padding) +{ + struct tls_record_layer *hdr; + struct tls_mac_data aad; + char *buf, *iv; + size_t hdr_len, mac_len, record_len; + u_int digest_len, i; + + ATF_REQUIRE(padding % 16 == 0); + + hdr = dst; + buf = dst; + + hdr_len = tls_header_len(en); + mac_len = tls_mac_len(en); + padding += (AES_BLOCK_LEN - (len + mac_len) % AES_BLOCK_LEN); + ATF_REQUIRE(padding > 0 && padding <= 255); + + record_len = hdr_len + len + mac_len + padding; + ATF_REQUIRE(record_len <= avail); + + hdr->tls_type = record_type; + hdr->tls_vmajor = TLS_MAJOR_VER_ONE; + hdr->tls_vminor = en->tls_vminor; + hdr->tls_length = htons(record_len - sizeof(*hdr)); + iv = (char *)(hdr + 1); + for (i = 0; i < AES_BLOCK_LEN; i++) + iv[i] = rdigit(); + + /* Copy plaintext to ciphertext region. */ + memcpy(buf + hdr_len, src, len); + + /* Compute HMAC. */ + tls_mte_aad(en, len, hdr, seqno, &aad); + ATF_REQUIRE(compute_hash(tls_EVP_MD(en), en->auth_key, en->auth_key_len, + &aad, sizeof(aad), src, len, buf + hdr_len + len, &digest_len)); + ATF_REQUIRE(digest_len == mac_len); + + /* Store padding. */ + for (i = 0; i < padding; i++) + buf[hdr_len + len + mac_len + i] = padding - 1; + + /* Encrypt the record. */ + ATF_REQUIRE(cbc_encrypt(tls_EVP_CIPHER(en), en->cipher_key, iv, + buf + hdr_len, buf + hdr_len, len + mac_len + padding)); + + return (record_len); +} + static size_t encrypt_tls_12_aead(struct tls_enable *en, uint8_t record_type, uint64_t seqno, const void *src, size_t len, void *dst) @@ -980,8 +1060,12 @@ static size_t encrypt_tls_record(struct tls_enable *en, uint8_t record_type, uint64_t seqno, const void *src, size_t len, void *dst, size_t avail, size_t padding) { - return (encrypt_tls_aead(en, record_type, seqno, src, len, dst, avail, - padding)); + if (en->cipher_algorithm == CRYPTO_AES_CBC) + return (encrypt_tls_aes_cbc_mte(en, record_type, seqno, src, + len, dst, avail, padding)); + else + return (encrypt_tls_aead(en, record_type, seqno, src, len, + dst, avail, padding)); } static void @@ -1389,9 +1473,9 @@ test_ktls_receive_app_data(const atf_tc_t *tc, struct tls_enable *en, #define TLS_10_TESTS(M) \ M(aes128_cbc_1_0_sha1, CRYPTO_AES_CBC, 128 / 8, \ - CRYPTO_SHA1_HMAC) \ + CRYPTO_SHA1_HMAC, TLS_MINOR_VER_ZERO) \ M(aes256_cbc_1_0_sha1, CRYPTO_AES_CBC, 256 / 8, \ - CRYPTO_SHA1_HMAC) + CRYPTO_SHA1_HMAC, TLS_MINOR_VER_ZERO) #define TLS_13_TESTS(M) \ M(aes128_gcm_1_3, CRYPTO_AES_NIST_GCM_16, 128 / 8, 0, \ @@ -1401,11 +1485,7 @@ test_ktls_receive_app_data(const atf_tc_t *tc, struct tls_enable *en, M(chacha20_poly1305_1_3, CRYPTO_CHACHA20_POLY1305, 256 / 8, 0, \ TLS_MINOR_VER_THREE) -#define AES_CBC_TESTS(M) \ - M(aes128_cbc_1_0_sha1, CRYPTO_AES_CBC, 128 / 8, \ - CRYPTO_SHA1_HMAC, TLS_MINOR_VER_ZERO) \ - M(aes256_cbc_1_0_sha1, CRYPTO_AES_CBC, 256 / 8, \ - CRYPTO_SHA1_HMAC, TLS_MINOR_VER_ZERO) \ +#define AES_CBC_NONZERO_TESTS(M) \ M(aes128_cbc_1_1_sha1, CRYPTO_AES_CBC, 128 / 8, \ CRYPTO_SHA1_HMAC, TLS_MINOR_VER_ONE) \ M(aes256_cbc_1_1_sha1, CRYPTO_AES_CBC, 256 / 8, \ @@ -1423,6 +1503,10 @@ test_ktls_receive_app_data(const atf_tc_t *tc, struct tls_enable *en, M(aes256_cbc_1_2_sha384, CRYPTO_AES_CBC, 256 / 8, \ CRYPTO_SHA2_384_HMAC, TLS_MINOR_VER_TWO) \ +#define AES_CBC_TESTS(M) \ + TLS_10_TESTS(M) \ + AES_CBC_NONZERO_TESTS(M) + #define AES_GCM_TESTS(M) \ M(aes128_gcm_1_2, CRYPTO_AES_NIST_GCM_16, 128 / 8, 0, \ TLS_MINOR_VER_TWO) \ @@ -1727,22 +1811,111 @@ ATF_TC_BODY(ktls_receive_##cipher_name##_##name, tc) \ * * - a long test which sends 64KB of application data (split across * multiple TLS records) - * - * Note that receive is currently only supported for TLS 1.2 AEAD - * cipher suites. */ +AES_CBC_NONZERO_TESTS(GEN_RECEIVE_TESTS); AES_GCM_TESTS(GEN_RECEIVE_TESTS); CHACHA20_TESTS(GEN_RECEIVE_TESTS); -#define GEN_PADDING_RECEIVE_TESTS(cipher_name, cipher_alg, key_size, \ - auth_alg, minor) \ +#define GEN_RECEIVE_MTE_PADDING_TESTS(cipher_name, cipher_alg, \ + key_size, auth_alg, minor) \ + GEN_RECEIVE_APP_DATA_TEST(cipher_name, cipher_alg, key_size, \ + auth_alg, minor, padding_1, 1, 0) \ + GEN_RECEIVE_APP_DATA_TEST(cipher_name, cipher_alg, key_size, \ + auth_alg, minor, padding_2, 2, 0) \ + GEN_RECEIVE_APP_DATA_TEST(cipher_name, cipher_alg, key_size, \ + auth_alg, minor, padding_3, 3, 0) \ + GEN_RECEIVE_APP_DATA_TEST(cipher_name, cipher_alg, key_size, \ + auth_alg, minor, padding_4, 4, 0) \ + GEN_RECEIVE_APP_DATA_TEST(cipher_name, cipher_alg, key_size, \ + auth_alg, minor, padding_5, 5, 0) \ + GEN_RECEIVE_APP_DATA_TEST(cipher_name, cipher_alg, key_size, \ + auth_alg, minor, padding_6, 6, 0) \ + GEN_RECEIVE_APP_DATA_TEST(cipher_name, cipher_alg, key_size, \ + auth_alg, minor, padding_7, 7, 0) \ + GEN_RECEIVE_APP_DATA_TEST(cipher_name, cipher_alg, key_size, \ + auth_alg, minor, padding_8, 8, 0) \ + GEN_RECEIVE_APP_DATA_TEST(cipher_name, cipher_alg, key_size, \ + auth_alg, minor, padding_9, 9, 0) \ + GEN_RECEIVE_APP_DATA_TEST(cipher_name, cipher_alg, key_size, \ + auth_alg, minor, padding_10, 10, 0) \ + GEN_RECEIVE_APP_DATA_TEST(cipher_name, cipher_alg, key_size, \ + auth_alg, minor, padding_11, 11, 0) \ + GEN_RECEIVE_APP_DATA_TEST(cipher_name, cipher_alg, key_size, \ + auth_alg, minor, padding_12, 12, 0) \ + GEN_RECEIVE_APP_DATA_TEST(cipher_name, cipher_alg, key_size, \ + auth_alg, minor, padding_13, 13, 0) \ + GEN_RECEIVE_APP_DATA_TEST(cipher_name, cipher_alg, key_size, \ + auth_alg, minor, padding_14, 14, 0) \ + GEN_RECEIVE_APP_DATA_TEST(cipher_name, cipher_alg, key_size, \ + auth_alg, minor, padding_15, 15, 0) \ + GEN_RECEIVE_APP_DATA_TEST(cipher_name, cipher_alg, key_size, \ + auth_alg, minor, padding_16, 16, 0) \ + GEN_RECEIVE_APP_DATA_TEST(cipher_name, cipher_alg, key_size, \ + auth_alg, minor, padding_16_extra, 16, 16) \ + GEN_RECEIVE_APP_DATA_TEST(cipher_name, cipher_alg, key_size, \ + auth_alg, minor, padding_32_extra, 16, 32) + +#define ADD_RECEIVE_MTE_PADDING_TESTS(cipher_name, cipher_alg, \ + key_size, auth_alg, minor) \ + ADD_RECEIVE_APP_DATA_TEST(cipher_name, cipher_alg, key_size, \ + auth_alg, minor, padding_1) \ + ADD_RECEIVE_APP_DATA_TEST(cipher_name, cipher_alg, key_size, \ + auth_alg, minor, padding_2) \ + ADD_RECEIVE_APP_DATA_TEST(cipher_name, cipher_alg, key_size, \ + auth_alg, minor, padding_3) \ + ADD_RECEIVE_APP_DATA_TEST(cipher_name, cipher_alg, key_size, \ + auth_alg, minor, padding_4) \ + ADD_RECEIVE_APP_DATA_TEST(cipher_name, cipher_alg, key_size, \ + auth_alg, minor, padding_5) \ + ADD_RECEIVE_APP_DATA_TEST(cipher_name, cipher_alg, key_size, \ + auth_alg, minor, padding_6) \ + ADD_RECEIVE_APP_DATA_TEST(cipher_name, cipher_alg, key_size, \ + auth_alg, minor, padding_7) \ + ADD_RECEIVE_APP_DATA_TEST(cipher_name, cipher_alg, key_size, \ + auth_alg, minor, padding_8) \ + ADD_RECEIVE_APP_DATA_TEST(cipher_name, cipher_alg, key_size, \ + auth_alg, minor, padding_9) \ + ADD_RECEIVE_APP_DATA_TEST(cipher_name, cipher_alg, key_size, \ + auth_alg, minor, padding_10) \ + ADD_RECEIVE_APP_DATA_TEST(cipher_name, cipher_alg, key_size, \ + auth_alg, minor, padding_11) \ + ADD_RECEIVE_APP_DATA_TEST(cipher_name, cipher_alg, key_size, \ + auth_alg, minor, padding_12) \ + ADD_RECEIVE_APP_DATA_TEST(cipher_name, cipher_alg, key_size, \ + auth_alg, minor, padding_13) \ + ADD_RECEIVE_APP_DATA_TEST(cipher_name, cipher_alg, key_size, \ + auth_alg, minor, padding_14) \ + ADD_RECEIVE_APP_DATA_TEST(cipher_name, cipher_alg, key_size, \ + auth_alg, minor, padding_15) \ + ADD_RECEIVE_APP_DATA_TEST(cipher_name, cipher_alg, key_size, \ + auth_alg, minor, padding_16) \ + ADD_RECEIVE_APP_DATA_TEST(cipher_name, cipher_alg, key_size, \ + auth_alg, minor, padding_16_extra) \ + ADD_RECEIVE_APP_DATA_TEST(cipher_name, cipher_alg, key_size, \ + auth_alg, minor, padding_32_extra) + +/* + * For AES-CBC MTE cipher suites using padding, add tests of messages + * with each possible padding size. Note that the padding_ tests + * do not necessarily test bytes of padding as the padding is a + * function of the cipher suite's MAC length. However, cycling + * through all of the payload sizes from 1 to 16 should exercise all + * of the possible padding lengths for each suite. + * + * Two additional tests check for additional padding with an extra + * 16 or 32 bytes beyond the normal padding. + */ +AES_CBC_NONZERO_TESTS(GEN_RECEIVE_MTE_PADDING_TESTS); + +#define GEN_RECEIVE_TLS13_PADDING_TESTS(cipher_name, cipher_alg, \ + key_size, auth_alg, minor) \ GEN_RECEIVE_APP_DATA_TEST(cipher_name, cipher_alg, key_size, \ auth_alg, minor, short_padded, 64, 16) \ GEN_RECEIVE_APP_DATA_TEST(cipher_name, cipher_alg, key_size, \ auth_alg, minor, long_padded, 64 * 1024, 15) -#define ADD_PADDING_RECEIVE_TESTS(cipher_name, cipher_alg, key_size, \ - auth_alg, minor) \ +#define ADD_RECEIVE_TLS13_PADDING_TESTS(cipher_name, cipher_alg, \ + key_size, auth_alg, minor) \ ADD_RECEIVE_APP_DATA_TEST(cipher_name, cipher_alg, key_size, \ auth_alg, minor, short_padded) \ ADD_RECEIVE_APP_DATA_TEST(cipher_name, cipher_alg, key_size, \ @@ -1752,7 +1925,7 @@ CHACHA20_TESTS(GEN_RECEIVE_TESTS); * For TLS 1.3 cipher suites, run two additional receive tests which * use add padding to each record. */ -TLS_13_TESTS(GEN_PADDING_RECEIVE_TESTS); +TLS_13_TESTS(GEN_RECEIVE_TLS13_PADDING_TESTS); static void test_ktls_invalid_receive_cipher_suite(const atf_tc_t *tc, @@ -1833,7 +2006,7 @@ ATF_TC_BODY(ktls_receive_unsupported_##name, tc) \ * Ensure that valid cipher suites not supported for receive are * rejected. */ -AES_CBC_TESTS(GEN_UNSUPPORTED_RECEIVE_TEST); +TLS_10_TESTS(GEN_UNSUPPORTED_RECEIVE_TEST); /* * Try to perform an invalid sendto(2) on a TXTLS-enabled socket, to exercise @@ -1887,10 +2060,12 @@ ATF_TP_ADD_TCS(tp) INVALID_CIPHER_SUITES(ADD_INVALID_TRANSMIT_TEST); /* Receive tests */ - AES_CBC_TESTS(ADD_UNSUPPORTED_RECEIVE_TEST); + TLS_10_TESTS(ADD_UNSUPPORTED_RECEIVE_TEST); + AES_CBC_NONZERO_TESTS(ADD_RECEIVE_TESTS); AES_GCM_TESTS(ADD_RECEIVE_TESTS); CHACHA20_TESTS(ADD_RECEIVE_TESTS); - TLS_13_TESTS(ADD_PADDING_RECEIVE_TESTS); + AES_CBC_NONZERO_TESTS(ADD_RECEIVE_MTE_PADDING_TESTS); + TLS_13_TESTS(ADD_RECEIVE_TLS13_PADDING_TESTS); INVALID_CIPHER_SUITES(ADD_INVALID_RECEIVE_TEST); /* Miscellaneous */