int main(int argc, char** argv)
{
struct sockaddr_in server_addr, client_addr;
socklen_t client_len;
int fd, conn_fd, r;
char buf[4 * NBYTES], *pbuf = buf;
struct iovec iov;
struct msghdr msg = { NULL, 0, &iov, 1, NULL, 0, 0 };
server_addr.sin_family = AF_INET;
server_addr.sin_addr.s_addr = htonl(INADDR_ANY);
server_addr.sin_port = htons(1080);
PRINT("Trying socket()... ");
fd = socket(PF_INET, SOCK_DGRAM, 0);
EXPECT_SUCCESS(fd);
PRINT("Trying bind()... ");
r = bind(fd, (const struct sockaddr *) &server_addr, sizeof(server_addr));
EXPECT_SUCCESS(r);
PRINT("Trying recvfrom()... ");
client_len = sizeof(client_addr);
r = recvfrom(fd, pbuf, NBYTES, 0, (struct sockaddr *) &client_addr, &client_len);
EXPECT_EQUAL(r, NBYTES);
ASSUME_EQUAL_STR(pbuf, "foo");
pbuf += NBYTES;
PRINT("Trying recvmsg()... ");
iov.iov_base = pbuf;
iov.iov_len = NBYTES;
r = recvmsg(fd, &msg, 0);
EXPECT_EQUAL(r, NBYTES);
ASSUME_EQUAL_STR(pbuf, "bar");
pbuf += NBYTES;
PRINT("Trying recv()... ");
r = recv(fd, pbuf, NBYTES, 0);
EXPECT_EQUAL(r, NBYTES);
ASSUME_EQUAL_STR(pbuf, "baz");
pbuf += NBYTES;
PRINT("Trying read()... ");
r = read(fd, pbuf, NBYTES);
EXPECT_EQUAL(r, NBYTES);
ASSUME_EQUAL_STR(pbuf, "qux");
pbuf += NBYTES;
PRINT("Trying sendto()... ");
r = sendto(fd, buf, pbuf - buf, 0, (const struct sockaddr *) &client_addr, client_len);
EXPECT_EQUAL(r, pbuf - buf);
PRINT("Trying close()... ");
r = close(fd);
EXPECT_SUCCESS(r);
printf("Success\n");
return EXIT_SUCCESS;
}
bool
TestSuccess(const char* hdr, bool extraTokens,
uint64_t expectedMaxAge, bool expectedIncludeSubdomains,
nsISiteSecurityService* sss)
{
nsCOMPtr<nsIURI> dummyUri;
nsresult rv = NS_NewURI(getter_AddRefs(dummyUri), "https://foo.com/bar.html");
EXPECT_SUCCESS(rv, "Failed to create URI");
uint64_t maxAge = 0;
bool includeSubdomains = false;
rv = sss->UnsafeProcessHeader(nsISiteSecurityService::HEADER_HSTS, dummyUri,
hdr, 0, &maxAge, &includeSubdomains, nullptr);
EXPECT_SUCCESS(rv, "Failed to process valid header: %s", hdr);
REQUIRE_EQUAL(maxAge, expectedMaxAge, "Did not correctly parse maxAge");
REQUIRE_EQUAL(includeSubdomains, expectedIncludeSubdomains, "Did not correctly parse presence/absence of includeSubdomains");
if (extraTokens) {
REQUIRE_EQUAL(rv, NS_SUCCESS_LOSS_OF_INSIGNIFICANT_DATA,
"Extra tokens were expected when parsing, but were not encountered.");
} else {
REQUIRE_EQUAL(rv, NS_OK, "Unexpected tokens found during parsing.");
}
passed(hdr);
return true;
}
void alloc_local(void)
{
errval_t err;
#ifndef __k1om__
uint64_t minbase, maxlimit;
ram_get_affinity(&minbase, &maxlimit);
ram_set_affinity(XPHI_BENCH_RAM_MINBASE, XPHI_BENCH_RAM_MAXLIMIT);
#endif
size_t alloced_size = 0;
err = frame_alloc(&local_frame, XPHI_BENCH_MSG_FRAME_SIZE, &alloced_size);
EXPECT_SUCCESS(err, "frame_alloc");
#ifndef __k1om__
ram_set_affinity(minbase, maxlimit);
#endif
struct frame_identity id;
err = invoke_frame_identify(local_frame, &id);
EXPECT_SUCCESS(err, "invoke_frame_identify");
local_base = id.base;
local_frame_sz = alloced_size;
debug_printf("alloc_local | Frame base: %016lx, size=%lx\n", id.base,
1UL << id.bits);
err = vspace_map_one_frame(&local_buf, alloced_size, local_frame, NULL, NULL);
EXPECT_SUCCESS(err, "vspace_map_one_frame");
}
status_t Harness::allocatePortBuffers(
const sp<MemoryDealer> &dealer,
IOMX::node_id node, OMX_U32 portIndex,
Vector<Buffer> *buffers) {
buffers->clear();
OMX_PARAM_PORTDEFINITIONTYPE def;
status_t err = getPortDefinition(node, portIndex, &def);
EXPECT_SUCCESS(err, "getPortDefinition");
for (OMX_U32 i = 0; i < def.nBufferCountActual; ++i) {
Buffer buffer;
buffer.mMemory = dealer->allocate(def.nBufferSize);
buffer.mFlags = 0;
CHECK(buffer.mMemory != NULL);
err = mOMX->allocateBufferWithBackup(
node, portIndex, buffer.mMemory, &buffer.mID);
EXPECT_SUCCESS(err, "allocateBuffer");
buffers->push(buffer);
}
return OK;
}
int main(int argc,
char **argv)
{
errval_t err;
debug_printf("Xeon Phi Test started on the card.\n");
err = xeon_phi_client_init(disp_xeon_phi_id());
EXPECT_SUCCESS(err, "xeon_phi_client_init");
xeon_phi_client_set_callbacks(&callbacks);
alloc_local();
wait_for_connection();
char iface[30];
snprintf(iface, 30, "xphi_ump_bench.%u", XPHI_BENCH_CORE_HOST);
debug_printf("sending open to host domain..\n");
err = xeon_phi_client_chan_open(disp_xeon_phi_id(), domainid, 0, local_frame, 2);
EXPECT_SUCCESS(err, "xeon_phi_client_init");
#if XPHI_BENCH_INITIATOR_HOST
debug_printf("giving time for host to initialize...\n");
for (uint32_t i = 0; i < 10; ++i) {
delay_ms(4000);
thread_yield();
}
#endif
#if XPHI_BENCH_INITIATOR_HOST
debug_printf("---------------- normal run -----------------\n");
xphi_bench_start_echo(&xphi_uc);
debug_printf("---------------- reversed run -----------------\n");
xphi_bench_start_echo(&xphi_uc_rev);
#else
#ifndef XPHI_BENCH_THROUGHPUT
debug_printf("---------------- normal run -----------------\n");
xphi_bench_start_initator_rtt(&xphi_uc);
debug_printf("---------------- reversed run -----------------\n");
xphi_bench_start_initator_rtt(&xphi_uc_rev);
#else
#ifdef XPHI_BENCH_SEND_SYNC
debug_printf("---------------- normal run -----------------\n");
xphi_bench_start_initator_sync(&xphi_uc);
debug_printf("---------------- reversed run -----------------\n");
xphi_bench_start_initator_sync(&xphi_uc_rev);
#else
debug_printf("---------------- normal run -----------------\n");
xphi_bench_start_initator_async(&xphi_uc);
debug_printf("---------------- reversed run -----------------\n");
xphi_bench_start_initator_async(&xphi_uc_rev);
#endif
#endif
#endif
}
int main(int argc, char **argv)
{
struct s2n_stuffer dhparams_in, dhparams_out;
struct s2n_dh_params dh_params;
struct s2n_blob b;
BEGIN_TEST();
EXPECT_EQUAL(s2n_get_private_random_bytes_used(), 0);
/* Parse the DH params */
b.data = dhparams;
b.size = sizeof(dhparams);
EXPECT_SUCCESS(s2n_stuffer_alloc(&dhparams_in, sizeof(dhparams)));
EXPECT_SUCCESS(s2n_stuffer_alloc(&dhparams_out, sizeof(dhparams)));
EXPECT_SUCCESS(s2n_stuffer_write(&dhparams_in, &b));
EXPECT_SUCCESS(s2n_stuffer_dhparams_from_pem(&dhparams_in, &dhparams_out));
b.size = s2n_stuffer_data_available(&dhparams_out);
b.data = s2n_stuffer_raw_read(&dhparams_out, b.size);
EXPECT_SUCCESS(s2n_pkcs3_to_dh_params(&dh_params, &b));
EXPECT_SUCCESS(s2n_dh_generate_ephemeral_key(&dh_params));
/* Verify that our DRBG is called and that over-riding works */
EXPECT_NOT_EQUAL(s2n_get_private_random_bytes_used(), 0);
EXPECT_SUCCESS(s2n_dh_params_free(&dh_params));
EXPECT_SUCCESS(s2n_stuffer_free(&dhparams_out));
EXPECT_SUCCESS(s2n_stuffer_free(&dhparams_in));
END_TEST();
}
int main(int argc, char **argv)
{
struct s2n_connection *conn;
BEGIN_TEST();
EXPECT_NULL(conn = s2n_connection_new(S2N_CLIENT));
EXPECT_SUCCESS(setenv("S2N_ENABLE_CLIENT_MODE", "1", 0));
EXPECT_NOT_NULL(conn = s2n_connection_new(S2N_CLIENT));
EXPECT_SUCCESS(s2n_connection_free(conn));
END_TEST();
}
status_t Harness::testAll() {
List<IOMX::ComponentInfo> componentInfos;
status_t err = mOMX->listNodes(&componentInfos);
EXPECT_SUCCESS(err, "listNodes");
for (List<IOMX::ComponentInfo>::iterator it = componentInfos.begin();
it != componentInfos.end(); ++it) {
const IOMX::ComponentInfo &info = *it;
const char *componentName = info.mName.string();
if (strncmp(componentName, "OMX.google.", 11)) {
continue;
}
for (List<String8>::const_iterator role_it = info.mRoles.begin();
role_it != info.mRoles.end(); ++role_it) {
const char *componentRole = (*role_it).string();
err = test(componentName, componentRole);
if (err == OK) {
printf("OK\n");
}
}
}
return OK;
}
static errval_t msg_open_cb(xphi_dom_id_t domain,
uint64_t usrdata,
struct capref msgframe,
uint8_t type)
{
errval_t err;
domainid = domain;
struct frame_identity id;
err = invoke_frame_identify(msgframe, &id);
EXPECT_SUCCESS(err, "frame identify");
debug_printf("msg_open_cb | Frame base: %016lx, size=%lx\n", id.base,
1UL << id.bits);
assert((1UL << id.bits) >= XPHI_BENCH_MSG_FRAME_SIZE);
err = vspace_map_one_frame(&remote_buf, XPHI_BENCH_MSG_FRAME_SIZE, msgframe,
NULL, NULL);
EXPECT_SUCCESS(err, "vspace map frame");
remote_frame = msgframe;
remote_base = id.base;
remote_frame_sz = (1UL << id.bits);
init_buffer();
connected = 0x1;
debug_printf("Initializing UMP channel...\n");
err = ump_chan_init(&xphi_uc, inbuf, XPHI_BENCH_MSG_CHAN_SIZE, outbuf,
XPHI_BENCH_MSG_CHAN_SIZE);
EXPECT_SUCCESS(err, "initialize ump channel");
err = ump_chan_init(&xphi_uc_rev, inbuf_rev, XPHI_BENCH_MSG_CHAN_SIZE, outbuf_rev,
XPHI_BENCH_MSG_CHAN_SIZE);
EXPECT_SUCCESS(err, "initialize ump channel");
return SYS_ERR_OK;
}
int main(int argc, char **argv)
{
unsigned char publicKey[BIKE1_L1_PUBLIC_KEY_BYTES];
unsigned char privateKey[BIKE1_L1_SECRET_KEY_BYTES];
unsigned char clientSharedSecretPlaintext[BIKE1_L1_SHARED_SECRET_BYTES];
unsigned char serverSharedSecretPlaintext[BIKE1_L1_SHARED_SECRET_BYTES];
unsigned char encryptedSecret[BIKE1_L1_CIPHERTEXT_BYTES];
BEGIN_TEST();
// BIKE is not supported in FIPS mode
if (s2n_is_in_fips_mode()) {
END_TEST();
}
EXPECT_SUCCESS(BIKE1_L1_crypto_kem_keypair(publicKey, privateKey));
EXPECT_SUCCESS(BIKE1_L1_crypto_kem_enc(encryptedSecret, clientSharedSecretPlaintext, publicKey));
EXPECT_SUCCESS(BIKE1_L1_crypto_kem_dec(serverSharedSecretPlaintext, encryptedSecret, privateKey));
EXPECT_BYTEARRAY_EQUAL(serverSharedSecretPlaintext, clientSharedSecretPlaintext, BIKE1_L1_SHARED_SECRET_BYTES);
END_TEST();
}
bool TestFailure(const char* hdr,
nsISiteSecurityService* sss)
{
nsCOMPtr<nsIURI> dummyUri;
nsresult rv = NS_NewURI(getter_AddRefs(dummyUri), "https://foo.com/bar.html");
EXPECT_SUCCESS(rv, "Failed to create URI");
rv = sss->UnsafeProcessHeader(nsISiteSecurityService::HEADER_HSTS, dummyUri,
hdr, 0, nullptr, nullptr, nullptr);
EXPECT_FAILURE(rv, "Parsed invalid header: %s", hdr);
passed(hdr);
return true;
}
int main(int argc, char **argv)
{
struct s2n_config *server_config;
struct s2n_cipher_preferences *default_cipher_preferences;
BEGIN_TEST();
EXPECT_SUCCESS(setenv("S2N_ENABLE_CLIENT_MODE", "1", 0));
EXPECT_SUCCESS(setenv("S2N_DONT_MLOCK", "1", 0));
EXPECT_SUCCESS(s2n_init());
EXPECT_NOT_NULL(server_config = s2n_config_new());
EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key(server_config, certificate, private_key));
EXPECT_SUCCESS(s2n_config_add_dhparams(server_config, dhparams));
EXPECT_NOT_NULL(default_cipher_preferences = server_config->cipher_preferences);
/* Verify that a handshake succeeds for every cipher in the default list. */
for (int cipher_idx = 0; cipher_idx < default_cipher_preferences->count; cipher_idx++) {
struct s2n_cipher_preferences server_cipher_preferences;
struct s2n_connection *client_conn;
struct s2n_connection *server_conn;
int client_more;
int server_more;
int server_to_client[2];
int client_to_server[2];
/* Craft a cipher preference with a cipher_idx cipher
NOTE: Its safe to use memcpy as the address of server_cipher_preferences
will never be NULL */
memcpy(&server_cipher_preferences, default_cipher_preferences, sizeof(server_cipher_preferences));
server_cipher_preferences.count = 1;
server_cipher_preferences.wire_format = default_cipher_preferences->wire_format + cipher_idx * S2N_TLS_CIPHER_SUITE_LEN;
server_config->cipher_preferences = &server_cipher_preferences;
/* Create nonblocking pipes */
EXPECT_SUCCESS(pipe(server_to_client));
EXPECT_SUCCESS(pipe(client_to_server));
for (int i = 0; i < 2; i++) {
EXPECT_NOT_EQUAL(fcntl(server_to_client[i], F_SETFL, fcntl(server_to_client[i], F_GETFL) | O_NONBLOCK), -1);
EXPECT_NOT_EQUAL(fcntl(client_to_server[i], F_SETFL, fcntl(client_to_server[i], F_GETFL) | O_NONBLOCK), -1);
}
EXPECT_NOT_NULL(client_conn = s2n_connection_new(S2N_CLIENT));
EXPECT_SUCCESS(s2n_connection_set_read_fd(client_conn, server_to_client[0]));
EXPECT_SUCCESS(s2n_connection_set_write_fd(client_conn, client_to_server[1]));
EXPECT_NOT_NULL(server_conn = s2n_connection_new(S2N_SERVER));
EXPECT_SUCCESS(s2n_connection_set_read_fd(server_conn, client_to_server[0]));
EXPECT_SUCCESS(s2n_connection_set_write_fd(server_conn, server_to_client[1]));
EXPECT_SUCCESS(s2n_connection_set_config(server_conn, server_config));
do {
int ret;
ret = s2n_negotiate(client_conn, &client_more);
EXPECT_TRUE(ret == 0 || (client_more && errno == EAGAIN));
ret = s2n_negotiate(server_conn, &server_more);
EXPECT_TRUE(ret == 0 || (server_more && errno == EAGAIN));
} while (client_more || server_more);
EXPECT_SUCCESS(s2n_shutdown(client_conn, &client_more));
EXPECT_SUCCESS(s2n_connection_free(client_conn));
EXPECT_SUCCESS(s2n_shutdown(server_conn, &server_more));
EXPECT_SUCCESS(s2n_connection_free(server_conn));
for (int i = 0; i < 2; i++) {
EXPECT_SUCCESS(close(server_to_client[i]));
EXPECT_SUCCESS(close(client_to_server[i]));
}
}
EXPECT_SUCCESS(s2n_config_free(server_config));
END_TEST();
return 0;
}
int main(int argc, char **argv)
{
BEGIN_TEST();
EXPECT_SUCCESS(setenv("S2N_ENABLE_CLIENT_MODE", "1", 0));
EXPECT_SUCCESS(setenv("S2N_DONT_MLOCK", "1", 0));
EXPECT_SUCCESS(s2n_init());
/* Client doens't use the server name extension. */
{
struct s2n_connection *client_conn;
struct s2n_connection *server_conn;
struct s2n_config *server_config;
s2n_blocked_status client_blocked;
s2n_blocked_status server_blocked;
int server_to_client[2];
int client_to_server[2];
/* Create nonblocking pipes */
EXPECT_SUCCESS(pipe(server_to_client));
EXPECT_SUCCESS(pipe(client_to_server));
for (int i = 0; i < 2; i++) {
EXPECT_NOT_EQUAL(fcntl(server_to_client[i], F_SETFL, fcntl(server_to_client[i], F_GETFL) | O_NONBLOCK), -1);
EXPECT_NOT_EQUAL(fcntl(client_to_server[i], F_SETFL, fcntl(client_to_server[i], F_GETFL) | O_NONBLOCK), -1);
}
EXPECT_NOT_NULL(client_conn = s2n_connection_new(S2N_CLIENT));
EXPECT_SUCCESS(s2n_connection_set_read_fd(client_conn, server_to_client[0]));
EXPECT_SUCCESS(s2n_connection_set_write_fd(client_conn, client_to_server[1]));
EXPECT_NOT_NULL(server_conn = s2n_connection_new(S2N_SERVER));
EXPECT_SUCCESS(s2n_connection_set_read_fd(server_conn, client_to_server[0]));
EXPECT_SUCCESS(s2n_connection_set_write_fd(server_conn, server_to_client[1]));
EXPECT_NOT_NULL(server_config = s2n_config_new());
EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key(server_config, certificate, private_key));
EXPECT_SUCCESS(s2n_connection_set_config(server_conn, server_config));
do {
int ret;
ret = s2n_negotiate(client_conn, &client_blocked);
EXPECT_TRUE(ret == 0 || (client_blocked && errno == EAGAIN));
ret = s2n_negotiate(server_conn, &server_blocked);
EXPECT_TRUE(ret == 0 || (server_blocked && errno == EAGAIN));
} while (client_blocked || server_blocked);
/* Verify that the server didn't receive the server name. */
EXPECT_NULL(s2n_get_server_name(server_conn));
EXPECT_SUCCESS(s2n_shutdown(client_conn, &client_blocked));
EXPECT_SUCCESS(s2n_connection_free(client_conn));
EXPECT_SUCCESS(s2n_shutdown(server_conn, &server_blocked));
EXPECT_SUCCESS(s2n_connection_free(server_conn));
EXPECT_SUCCESS(s2n_config_free(server_config));
for (int i = 0; i < 2; i++) {
EXPECT_SUCCESS(close(server_to_client[i]));
EXPECT_SUCCESS(close(client_to_server[i]));
}
}
/* Client uses the server name extension. */
{
struct s2n_connection *client_conn;
struct s2n_connection *server_conn;
struct s2n_config *server_config;
s2n_blocked_status client_blocked;
s2n_blocked_status server_blocked;
int server_to_client[2];
int client_to_server[2];
const char *sent_server_name = "awesome.amazonaws.com";
const char *received_server_name;
/* Create nonblocking pipes */
EXPECT_SUCCESS(pipe(server_to_client));
EXPECT_SUCCESS(pipe(client_to_server));
for (int i = 0; i < 2; i++) {
EXPECT_NOT_EQUAL(fcntl(server_to_client[i], F_SETFL, fcntl(server_to_client[i], F_GETFL) | O_NONBLOCK), -1);
EXPECT_NOT_EQUAL(fcntl(client_to_server[i], F_SETFL, fcntl(client_to_server[i], F_GETFL) | O_NONBLOCK), -1);
}
EXPECT_NOT_NULL(client_conn = s2n_connection_new(S2N_CLIENT));
EXPECT_SUCCESS(s2n_connection_set_read_fd(client_conn, server_to_client[0]));
EXPECT_SUCCESS(s2n_connection_set_write_fd(client_conn, client_to_server[1]));
/* Set the server name */
EXPECT_SUCCESS(s2n_set_server_name(client_conn, sent_server_name));
EXPECT_NOT_NULL(server_conn = s2n_connection_new(S2N_SERVER));
EXPECT_SUCCESS(s2n_connection_set_read_fd(server_conn, client_to_server[0]));
EXPECT_SUCCESS(s2n_connection_set_write_fd(server_conn, server_to_client[1]));
EXPECT_NOT_NULL(server_config = s2n_config_new());
EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key(server_config, certificate, private_key));
EXPECT_SUCCESS(s2n_connection_set_config(server_conn, server_config));
do {
int ret;
ret = s2n_negotiate(client_conn, &client_blocked);
EXPECT_TRUE(ret == 0 || (client_blocked && errno == EAGAIN));
ret = s2n_negotiate(server_conn, &server_blocked);
EXPECT_TRUE(ret == 0 || (server_blocked && errno == EAGAIN));
} while (client_blocked || server_blocked);
/* Verify that the server name was received intact. */
EXPECT_NOT_NULL(received_server_name = s2n_get_server_name(server_conn));
EXPECT_EQUAL(strlen(received_server_name), strlen(sent_server_name));
EXPECT_BYTEARRAY_EQUAL(received_server_name, sent_server_name, strlen(received_server_name));
EXPECT_SUCCESS(s2n_shutdown(client_conn, &client_blocked));
EXPECT_SUCCESS(s2n_connection_free(client_conn));
EXPECT_SUCCESS(s2n_shutdown(server_conn, &server_blocked));
EXPECT_SUCCESS(s2n_connection_free(server_conn));
EXPECT_SUCCESS(s2n_config_free(server_config));
for (int i = 0; i < 2; i++) {
EXPECT_SUCCESS(close(server_to_client[i]));
EXPECT_SUCCESS(close(client_to_server[i]));
}
}
/* Client sends multiple server names. */
{
struct s2n_connection *server_conn;
struct s2n_config *server_config;
s2n_blocked_status server_blocked;
int server_to_client[2];
int client_to_server[2];
const char *sent_server_name = "svr";
const char *received_server_name;
uint8_t client_extensions[] = {
/* Extension type TLS_EXTENSION_SERVER_NAME */
0x00, 0x00,
/* Extension size */
0x00, 0x0C,
/* All server names len */
0x00, 0x0A,
/* First server name type - host name */
0x00,
/* First server name len */
0x00, 0x03,
/* First server name, matches sent_server_name */
's', 'v', 'r',
/* Second server name type - host name */
0x00,
/* Second server name len */
0x00, 0x01,
/* Second server name */
0xFF,
};
int client_extensions_len = sizeof(client_extensions);
uint8_t client_hello_message[] = {
/* Protocol version TLS 1.2 */
0x03, 0x03,
/* Client random */
ZERO_TO_THIRTY_ONE,
/* SessionID len - 32 bytes */
0x20,
/* Session ID */
ZERO_TO_THIRTY_ONE,
/* Cipher suites len */
0x00, 0x02,
/* Cipher suite - TLS_RSA_WITH_AES_128_CBC_SHA256 */
0x00, 0x3C,
/* Compression methods len */
0x01,
/* Compression method - none */
0x00,
/* Extensions len */
(client_extensions_len >> 8) & 0xff, (client_extensions_len & 0xff),
};
int body_len = sizeof(client_hello_message) + client_extensions_len;
uint8_t message_header[] = {
/* Handshake message type CLIENT HELLO */
0x01,
/* Body len */
(body_len >> 16) & 0xff, (body_len >> 8) & 0xff, (body_len & 0xff),
};
int message_len = sizeof(message_header) + body_len;
uint8_t record_header[] = {
/* Record type HANDSHAKE */
0x16,
/* Protocol version TLS 1.2 */
0x03, 0x03,
/* Message len */
(message_len >> 8) & 0xff, (message_len & 0xff),
};
/* Create nonblocking pipes */
EXPECT_SUCCESS(pipe(server_to_client));
EXPECT_SUCCESS(pipe(client_to_server));
for (int i = 0; i < 2; i++) {
EXPECT_NOT_EQUAL(fcntl(server_to_client[i], F_SETFL, fcntl(server_to_client[i], F_GETFL) | O_NONBLOCK), -1);
EXPECT_NOT_EQUAL(fcntl(client_to_server[i], F_SETFL, fcntl(client_to_server[i], F_GETFL) | O_NONBLOCK), -1);
}
EXPECT_NOT_NULL(server_conn = s2n_connection_new(S2N_SERVER));
EXPECT_SUCCESS(s2n_connection_set_read_fd(server_conn, client_to_server[0]));
EXPECT_SUCCESS(s2n_connection_set_write_fd(server_conn, server_to_client[1]));
EXPECT_NOT_NULL(server_config = s2n_config_new());
EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key(server_config, certificate, private_key));
EXPECT_SUCCESS(s2n_connection_set_config(server_conn, server_config));
/* Send the client hello */
EXPECT_EQUAL(write(client_to_server[1], record_header, sizeof(record_header)), sizeof(record_header));
EXPECT_EQUAL(write(client_to_server[1], message_header, sizeof(message_header)), sizeof(message_header));
EXPECT_EQUAL(write(client_to_server[1], client_hello_message, sizeof(client_hello_message)), sizeof(client_hello_message));
EXPECT_EQUAL(write(client_to_server[1], client_extensions, sizeof(client_extensions)), sizeof(client_extensions));
/* Verify that the CLIENT HELLO is accepted */
s2n_negotiate(server_conn, &server_blocked);
EXPECT_EQUAL(server_blocked, 1);
EXPECT_EQUAL(server_conn->handshake.state, CLIENT_KEY);
/* Verify that the server name was received intact. */
EXPECT_NOT_NULL(received_server_name = s2n_get_server_name(server_conn));
EXPECT_EQUAL(strlen(received_server_name), strlen(sent_server_name));
EXPECT_BYTEARRAY_EQUAL(received_server_name, sent_server_name, strlen(received_server_name));
EXPECT_SUCCESS(s2n_shutdown(server_conn, &server_blocked));
EXPECT_SUCCESS(s2n_connection_free(server_conn));
EXPECT_SUCCESS(s2n_config_free(server_config));
for (int i = 0; i < 2; i++) {
EXPECT_SUCCESS(close(server_to_client[i]));
EXPECT_SUCCESS(close(client_to_server[i]));
}
}
/* Client doesn't use the OCSP extension. */
{
struct s2n_connection *client_conn;
struct s2n_connection *server_conn;
struct s2n_config *server_config;
s2n_blocked_status client_blocked;
s2n_blocked_status server_blocked;
int server_to_client[2];
int client_to_server[2];
uint32_t length;
/* Create nonblocking pipes */
EXPECT_SUCCESS(pipe(server_to_client));
EXPECT_SUCCESS(pipe(client_to_server));
for (int i = 0; i < 2; i++) {
EXPECT_NOT_EQUAL(fcntl(server_to_client[i], F_SETFL, fcntl(server_to_client[i], F_GETFL) | O_NONBLOCK), -1);
EXPECT_NOT_EQUAL(fcntl(client_to_server[i], F_SETFL, fcntl(client_to_server[i], F_GETFL) | O_NONBLOCK), -1);
}
EXPECT_NOT_NULL(client_conn = s2n_connection_new(S2N_CLIENT));
EXPECT_SUCCESS(s2n_connection_set_read_fd(client_conn, server_to_client[0]));
EXPECT_SUCCESS(s2n_connection_set_write_fd(client_conn, client_to_server[1]));
EXPECT_NOT_NULL(server_conn = s2n_connection_new(S2N_SERVER));
EXPECT_SUCCESS(s2n_connection_set_read_fd(server_conn, client_to_server[0]));
EXPECT_SUCCESS(s2n_connection_set_write_fd(server_conn, server_to_client[1]));
EXPECT_NOT_NULL(server_config = s2n_config_new());
EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_with_status(server_config, certificate, private_key, server_ocsp_status, sizeof(server_ocsp_status)));
EXPECT_SUCCESS(s2n_connection_set_config(server_conn, server_config));
do {
int ret;
ret = s2n_negotiate(client_conn, &client_blocked);
EXPECT_TRUE(ret == 0 || client_blocked);
ret = s2n_negotiate(server_conn, &server_blocked);
EXPECT_TRUE(ret == 0 || server_blocked);
} while (client_blocked || server_blocked);
/* Verify that the client didn't receive an OCSP response. */
EXPECT_NULL(s2n_connection_get_ocsp_response(client_conn, &length));
EXPECT_EQUAL(length, 0);
EXPECT_SUCCESS(s2n_shutdown(client_conn, &client_blocked));
EXPECT_SUCCESS(s2n_connection_free(client_conn));
EXPECT_SUCCESS(s2n_shutdown(server_conn, &server_blocked));
EXPECT_SUCCESS(s2n_connection_free(server_conn));
EXPECT_SUCCESS(s2n_config_free(server_config));
for (int i = 0; i < 2; i++) {
EXPECT_SUCCESS(close(server_to_client[i]));
EXPECT_SUCCESS(close(client_to_server[i]));
}
}
/* Server doesn't support the OCSP extension. */
{
struct s2n_connection *client_conn;
struct s2n_connection *server_conn;
struct s2n_config *server_config;
struct s2n_config *client_config;
s2n_blocked_status client_blocked;
s2n_blocked_status server_blocked;
int server_to_client[2];
int client_to_server[2];
uint32_t length;
/* Create nonblocking pipes */
EXPECT_SUCCESS(pipe(server_to_client));
EXPECT_SUCCESS(pipe(client_to_server));
for (int i = 0; i < 2; i++) {
EXPECT_NOT_EQUAL(fcntl(server_to_client[i], F_SETFL, fcntl(server_to_client[i], F_GETFL) | O_NONBLOCK), -1);
EXPECT_NOT_EQUAL(fcntl(client_to_server[i], F_SETFL, fcntl(client_to_server[i], F_GETFL) | O_NONBLOCK), -1);
}
EXPECT_NOT_NULL(client_conn = s2n_connection_new(S2N_CLIENT));
EXPECT_SUCCESS(s2n_connection_set_read_fd(client_conn, server_to_client[0]));
EXPECT_SUCCESS(s2n_connection_set_write_fd(client_conn, client_to_server[1]));
EXPECT_NOT_NULL(client_config = s2n_config_new());
EXPECT_SUCCESS(s2n_config_set_status_request_type(client_config, S2N_STATUS_REQUEST_OCSP));
EXPECT_SUCCESS(s2n_connection_set_config(client_conn, client_config));
EXPECT_NOT_NULL(server_conn = s2n_connection_new(S2N_SERVER));
EXPECT_SUCCESS(s2n_connection_set_read_fd(server_conn, client_to_server[0]));
EXPECT_SUCCESS(s2n_connection_set_write_fd(server_conn, server_to_client[1]));
EXPECT_NOT_NULL(server_config = s2n_config_new());
EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key(server_config, certificate, private_key));
EXPECT_SUCCESS(s2n_connection_set_config(server_conn, server_config));
do {
int ret;
ret = s2n_negotiate(client_conn, &client_blocked);
EXPECT_TRUE(ret == 0 || client_blocked);
ret = s2n_negotiate(server_conn, &server_blocked);
EXPECT_TRUE(ret == 0 || server_blocked);
} while (client_blocked || server_blocked);
/* Verify that the client didn't receive an OCSP response. */
EXPECT_NULL(s2n_connection_get_ocsp_response(client_conn, &length));
EXPECT_EQUAL(length, 0);
EXPECT_SUCCESS(s2n_shutdown(client_conn, &client_blocked));
EXPECT_SUCCESS(s2n_connection_free(client_conn));
EXPECT_SUCCESS(s2n_shutdown(server_conn, &server_blocked));
EXPECT_SUCCESS(s2n_connection_free(server_conn));
EXPECT_SUCCESS(s2n_config_free(server_config));
EXPECT_SUCCESS(s2n_config_free(client_config));
for (int i = 0; i < 2; i++) {
EXPECT_SUCCESS(close(server_to_client[i]));
EXPECT_SUCCESS(close(client_to_server[i]));
}
}
/* Server and client support the OCSP extension. */
{
struct s2n_connection *client_conn;
struct s2n_connection *server_conn;
struct s2n_config *server_config;
struct s2n_config *client_config;
s2n_blocked_status client_blocked;
s2n_blocked_status server_blocked;
int server_to_client[2];
int client_to_server[2];
uint32_t length;
/* Create nonblocking pipes */
EXPECT_SUCCESS(pipe(server_to_client));
EXPECT_SUCCESS(pipe(client_to_server));
for (int i = 0; i < 2; i++) {
EXPECT_NOT_EQUAL(fcntl(server_to_client[i], F_SETFL, fcntl(server_to_client[i], F_GETFL) | O_NONBLOCK), -1);
EXPECT_NOT_EQUAL(fcntl(client_to_server[i], F_SETFL, fcntl(client_to_server[i], F_GETFL) | O_NONBLOCK), -1);
}
EXPECT_NOT_NULL(client_conn = s2n_connection_new(S2N_CLIENT));
EXPECT_SUCCESS(s2n_connection_set_read_fd(client_conn, server_to_client[0]));
EXPECT_SUCCESS(s2n_connection_set_write_fd(client_conn, client_to_server[1]));
EXPECT_NOT_NULL(client_config = s2n_config_new());
EXPECT_SUCCESS(s2n_config_set_status_request_type(client_config, S2N_STATUS_REQUEST_OCSP));
EXPECT_SUCCESS(s2n_connection_set_config(client_conn, client_config));
EXPECT_NOT_NULL(server_conn = s2n_connection_new(S2N_SERVER));
EXPECT_SUCCESS(s2n_connection_set_read_fd(server_conn, client_to_server[0]));
EXPECT_SUCCESS(s2n_connection_set_write_fd(server_conn, server_to_client[1]));
EXPECT_NOT_NULL(server_config = s2n_config_new());
EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_with_status(server_config, certificate, private_key, server_ocsp_status, sizeof(server_ocsp_status)));
EXPECT_SUCCESS(s2n_connection_set_config(server_conn, server_config));
do {
int ret;
ret = s2n_negotiate(client_conn, &client_blocked);
EXPECT_TRUE(ret == 0 || client_blocked);
ret = s2n_negotiate(server_conn, &server_blocked);
EXPECT_TRUE(ret == 0 || server_blocked);
} while (client_blocked || server_blocked);
/* Verify that the client didn't receive an OCSP response. */
EXPECT_NULL(s2n_connection_get_ocsp_response(client_conn, &length));
EXPECT_EQUAL(length, 0);
EXPECT_SUCCESS(s2n_shutdown(client_conn, &client_blocked));
EXPECT_SUCCESS(s2n_connection_free(client_conn));
EXPECT_SUCCESS(s2n_shutdown(server_conn, &server_blocked));
EXPECT_SUCCESS(s2n_connection_free(server_conn));
EXPECT_SUCCESS(s2n_config_free(server_config));
EXPECT_SUCCESS(s2n_config_free(client_config));
for (int i = 0; i < 2; i++) {
EXPECT_SUCCESS(close(server_to_client[i]));
EXPECT_SUCCESS(close(client_to_server[i]));
}
}
END_TEST();
return 0;
}
int main(int argc, char **argv)
{
struct s2n_connection *conn;
uint8_t random_data[S2N_DEFAULT_FRAGMENT_LENGTH + 1];
uint8_t mac_key[] = "sample mac key";
uint8_t aes128_key[] = "123456789012345";
uint8_t aes256_key[] = "1234567890123456789012345678901";
struct s2n_blob aes128 = {.data = aes128_key,.size = sizeof(aes128_key) };
struct s2n_blob aes256 = {.data = aes256_key,.size = sizeof(aes256_key) };
struct s2n_blob r = {.data = random_data, .size = sizeof(random_data)};
BEGIN_TEST();
EXPECT_SUCCESS(s2n_init());
EXPECT_NOT_NULL(conn = s2n_connection_new(S2N_SERVER));
EXPECT_SUCCESS(s2n_get_urandom_data(&r));
/* Peer and we are in sync */
conn->server = &conn->active;
conn->client = &conn->active;
/* test the AES128 cipher with a SHA1 hash */
conn->active.cipher_suite->cipher = &s2n_aes128_gcm;
conn->active.cipher_suite->hmac_alg = S2N_HMAC_SHA1;
EXPECT_SUCCESS(conn->active.cipher_suite->cipher->get_encryption_key(&conn->active.server_key, &aes128));
EXPECT_SUCCESS(conn->active.cipher_suite->cipher->get_decryption_key(&conn->active.client_key, &aes128));
EXPECT_SUCCESS(s2n_hmac_init(&conn->active.client_record_mac, S2N_HMAC_SHA1, mac_key, sizeof(mac_key)));
EXPECT_SUCCESS(s2n_hmac_init(&conn->active.server_record_mac, S2N_HMAC_SHA1, mac_key, sizeof(mac_key)));
conn->actual_protocol_version = S2N_TLS12;
int max_fragment = S2N_DEFAULT_FRAGMENT_LENGTH;
for (int i = 0; i <= max_fragment + 1; i++) {
struct s2n_blob in = {.data = random_data,.size = i };
int bytes_written;
EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->out));
EXPECT_SUCCESS(bytes_written = s2n_record_write(conn, TLS_APPLICATION_DATA, &in));
static const int overhead = 20 /* TLS header */
+ 8 /* IV */
+ 16; /* TAG */
if (i < max_fragment - overhead) {
EXPECT_EQUAL(bytes_written, i);
} else {
EXPECT_EQUAL(bytes_written, max_fragment - overhead);
}
uint16_t predicted_length = bytes_written + 20;
predicted_length += conn->active.cipher_suite->cipher->io.aead.record_iv_size;
predicted_length += conn->active.cipher_suite->cipher->io.aead.tag_size;
EXPECT_EQUAL(conn->out.blob.data[0], TLS_APPLICATION_DATA);
EXPECT_EQUAL(conn->out.blob.data[1], 3);
EXPECT_EQUAL(conn->out.blob.data[2], 3);
EXPECT_EQUAL(conn->out.blob.data[3], (predicted_length >> 8) & 0xff);
EXPECT_EQUAL(conn->out.blob.data[4], predicted_length & 0xff);
/* The data should be encrypted */
if (bytes_written > 10) {
EXPECT_NOT_EQUAL(memcmp(conn->out.blob.data + 5, random_data, bytes_written), 0);
}
/* Copy the encrypted out data to the in data */
EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->in));
EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->header_in));
EXPECT_SUCCESS(s2n_stuffer_copy(&conn->out, &conn->header_in, 5));
EXPECT_SUCCESS(s2n_stuffer_copy(&conn->out, &conn->in, s2n_stuffer_data_available(&conn->out)));
/* Let's decrypt it */
uint8_t content_type;
uint16_t fragment_length;
EXPECT_SUCCESS(s2n_record_header_parse(conn, &content_type, &fragment_length));
EXPECT_SUCCESS(s2n_record_parse(conn));
EXPECT_EQUAL(content_type, TLS_APPLICATION_DATA);
EXPECT_EQUAL(fragment_length, predicted_length);
EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->header_in));
EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->in));
/* Now lets corrupt some data and ensure the tests pass */
/* Copy the encrypted out data to the in data */
EXPECT_SUCCESS(s2n_stuffer_reread(&conn->out));
EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->in));
EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->header_in));
EXPECT_SUCCESS(s2n_stuffer_copy(&conn->out, &conn->header_in, 5));
EXPECT_SUCCESS(s2n_stuffer_copy(&conn->out, &conn->in, s2n_stuffer_data_available(&conn->out)));
/* Tamper the protocol version in the header, and ensure decryption fails, as we use this in the AAD */
conn->in.blob.data[2] = 2;
EXPECT_SUCCESS(s2n_record_header_parse(conn, &content_type, &fragment_length));
EXPECT_FAILURE(s2n_record_parse(conn));
EXPECT_EQUAL(content_type, TLS_APPLICATION_DATA);
EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->header_in));
EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->in));
/* Tamper with the IV and ensure decryption fails */
for (int j = 0; j < S2N_TLS_GCM_IV_LEN; j++) {
/* Copy the encrypted out data to the in data */
EXPECT_SUCCESS(s2n_stuffer_reread(&conn->out));
EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->in));
EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->header_in));
EXPECT_SUCCESS(s2n_stuffer_copy(&conn->out, &conn->header_in, 5));
EXPECT_SUCCESS(s2n_stuffer_copy(&conn->out, &conn->in, s2n_stuffer_data_available(&conn->out)));
conn->in.blob.data[5 + j] ++;
EXPECT_SUCCESS(s2n_record_header_parse(conn, &content_type, &fragment_length));
EXPECT_FAILURE(s2n_record_parse(conn));
EXPECT_EQUAL(content_type, TLS_APPLICATION_DATA);
EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->header_in));
EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->in));
}
/* Tamper with the TAG and ensure decryption fails */
for (int j = 0; j < S2N_TLS_GCM_TAG_LEN; j++) {
/* Copy the encrypted out data to the in data */
EXPECT_SUCCESS(s2n_stuffer_reread(&conn->out));
EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->in));
EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->header_in));
EXPECT_SUCCESS(s2n_stuffer_copy(&conn->out, &conn->header_in, 5));
EXPECT_SUCCESS(s2n_stuffer_copy(&conn->out, &conn->in, s2n_stuffer_data_available(&conn->out)));
conn->in.blob.data[conn->in.blob.size - j - 1] ++;
EXPECT_SUCCESS(s2n_record_header_parse(conn, &content_type, &fragment_length));
EXPECT_FAILURE(s2n_record_parse(conn));
EXPECT_EQUAL(content_type, TLS_APPLICATION_DATA);
EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->header_in));
EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->in));
}
/* Tamper w ith the cipher text and ensure decryption fails */
for (int j = S2N_TLS_GCM_IV_LEN; j < conn->in.blob.size - S2N_TLS_GCM_TAG_LEN; j++) {
/* Copy the encrypted out data to the in data */
EXPECT_SUCCESS(s2n_stuffer_reread(&conn->out));
EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->in));
EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->header_in));
EXPECT_SUCCESS(s2n_stuffer_copy(&conn->out, &conn->header_in, 5));
EXPECT_SUCCESS(s2n_stuffer_copy(&conn->out, &conn->in, s2n_stuffer_data_available(&conn->out)));
conn->in.blob.data[5 + j] ++;
EXPECT_SUCCESS(s2n_record_header_parse(conn, &content_type, &fragment_length));
EXPECT_FAILURE(s2n_record_parse(conn));
EXPECT_EQUAL(content_type, TLS_APPLICATION_DATA);
EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->header_in));
EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->in));
}
}
EXPECT_SUCCESS(conn->active.cipher_suite->cipher->destroy_key(&conn->active.server_key));
EXPECT_SUCCESS(conn->active.cipher_suite->cipher->destroy_key(&conn->active.client_key));
EXPECT_SUCCESS(s2n_connection_free(conn));
/* test the AES256 cipher with a SHA1 hash */
EXPECT_NOT_NULL(conn = s2n_connection_new(S2N_SERVER));
conn->active.cipher_suite->cipher = &s2n_aes256_gcm;
conn->active.cipher_suite->hmac_alg = S2N_HMAC_SHA1;
EXPECT_SUCCESS(conn->active.cipher_suite->cipher->get_encryption_key(&conn->active.server_key, &aes256));
EXPECT_SUCCESS(conn->active.cipher_suite->cipher->get_decryption_key(&conn->active.client_key, &aes256));
EXPECT_SUCCESS(s2n_hmac_init(&conn->active.client_record_mac, S2N_HMAC_SHA1, mac_key, sizeof(mac_key)));
EXPECT_SUCCESS(s2n_hmac_init(&conn->active.server_record_mac, S2N_HMAC_SHA1, mac_key, sizeof(mac_key)));
conn->actual_protocol_version = S2N_TLS12;
for (int i = 0; i <= max_fragment + 1; i++) {
struct s2n_blob in = {.data = random_data,.size = i };
int bytes_written;
EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->out));
EXPECT_SUCCESS(bytes_written = s2n_record_write(conn, TLS_APPLICATION_DATA, &in));
static const int overhead = 20 /* TLS header */
+ 8 /* IV */
+ 16; /* TAG */
if (i < max_fragment - overhead) {
EXPECT_EQUAL(bytes_written, i);
} else {
EXPECT_EQUAL(bytes_written, max_fragment - overhead);
}
uint16_t predicted_length = bytes_written + 20;
predicted_length += conn->active.cipher_suite->cipher->io.aead.record_iv_size;
predicted_length += conn->active.cipher_suite->cipher->io.aead.tag_size;
EXPECT_EQUAL(conn->out.blob.data[0], TLS_APPLICATION_DATA);
EXPECT_EQUAL(conn->out.blob.data[1], 3);
EXPECT_EQUAL(conn->out.blob.data[2], 3);
EXPECT_EQUAL(conn->out.blob.data[3], (predicted_length >> 8) & 0xff);
EXPECT_EQUAL(conn->out.blob.data[4], predicted_length & 0xff);
/* The data should be encrypted */
if (bytes_written > 10) {
EXPECT_NOT_EQUAL(memcmp(conn->out.blob.data + 5, random_data, bytes_written), 0);
}
/* Copy the encrypted out data to the in data */
EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->in));
EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->header_in));
EXPECT_SUCCESS(s2n_stuffer_copy(&conn->out, &conn->header_in, 5));
EXPECT_SUCCESS(s2n_stuffer_copy(&conn->out, &conn->in, s2n_stuffer_data_available(&conn->out)));
/* Let's decrypt it */
uint8_t content_type;
uint16_t fragment_length;
EXPECT_SUCCESS(s2n_record_header_parse(conn, &content_type, &fragment_length));
EXPECT_SUCCESS(s2n_record_parse(conn));
EXPECT_EQUAL(content_type, TLS_APPLICATION_DATA);
EXPECT_EQUAL(fragment_length, predicted_length);
EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->header_in));
EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->in));
/* Now lets corrupt some data and ensure the tests pass */
/* Copy the encrypted out data to the in data */
EXPECT_SUCCESS(s2n_stuffer_reread(&conn->out));
EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->in));
EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->header_in));
EXPECT_SUCCESS(s2n_stuffer_copy(&conn->out, &conn->header_in, 5));
EXPECT_SUCCESS(s2n_stuffer_copy(&conn->out, &conn->in, s2n_stuffer_data_available(&conn->out)));
/* Tamper the protocol version in the header, and ensure decryption fails, as we use this in the AAD */
conn->in.blob.data[2] = 2;
EXPECT_SUCCESS(s2n_record_header_parse(conn, &content_type, &fragment_length));
EXPECT_FAILURE(s2n_record_parse(conn));
EXPECT_EQUAL(content_type, TLS_APPLICATION_DATA);
EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->header_in));
EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->in));
/* Tamper with the IV and ensure decryption fails */
for (int j = 0; j < S2N_TLS_GCM_IV_LEN; j++) {
/* Copy the encrypted out data to the in data */
EXPECT_SUCCESS(s2n_stuffer_reread(&conn->out));
EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->in));
EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->header_in));
EXPECT_SUCCESS(s2n_stuffer_copy(&conn->out, &conn->header_in, 5));
EXPECT_SUCCESS(s2n_stuffer_copy(&conn->out, &conn->in, s2n_stuffer_data_available(&conn->out)));
conn->in.blob.data[5 + j] ++;
EXPECT_SUCCESS(s2n_record_header_parse(conn, &content_type, &fragment_length));
EXPECT_FAILURE(s2n_record_parse(conn));
EXPECT_EQUAL(content_type, TLS_APPLICATION_DATA);
EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->header_in));
EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->in));
}
/* Tamper with the TAG and ensure decryption fails */
for (int j = 0; j < S2N_TLS_GCM_TAG_LEN; j++) {
/* Copy the encrypted out data to the in data */
EXPECT_SUCCESS(s2n_stuffer_reread(&conn->out));
EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->in));
EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->header_in));
EXPECT_SUCCESS(s2n_stuffer_copy(&conn->out, &conn->header_in, 5));
EXPECT_SUCCESS(s2n_stuffer_copy(&conn->out, &conn->in, s2n_stuffer_data_available(&conn->out)));
conn->in.blob.data[conn->in.blob.size - j - 1] ++;
EXPECT_SUCCESS(s2n_record_header_parse(conn, &content_type, &fragment_length));
EXPECT_FAILURE(s2n_record_parse(conn));
EXPECT_EQUAL(content_type, TLS_APPLICATION_DATA);
EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->header_in));
EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->in));
}
/* Tamper w ith the cipher text and ensure decryption fails */
for (int j = S2N_TLS_GCM_IV_LEN; j < conn->in.blob.size - S2N_TLS_GCM_TAG_LEN; j++) {
/* Copy the encrypted out data to the in data */
EXPECT_SUCCESS(s2n_stuffer_reread(&conn->out));
EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->in));
EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->header_in));
EXPECT_SUCCESS(s2n_stuffer_copy(&conn->out, &conn->header_in, 5));
EXPECT_SUCCESS(s2n_stuffer_copy(&conn->out, &conn->in, s2n_stuffer_data_available(&conn->out)));
conn->in.blob.data[5 + j] ++;
EXPECT_SUCCESS(s2n_record_header_parse(conn, &content_type, &fragment_length));
EXPECT_FAILURE(s2n_record_parse(conn));
EXPECT_EQUAL(content_type, TLS_APPLICATION_DATA);
EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->header_in));
EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->in));
}
}
EXPECT_SUCCESS(conn->active.cipher_suite->cipher->destroy_key(&conn->active.server_key));
EXPECT_SUCCESS(conn->active.cipher_suite->cipher->destroy_key(&conn->active.client_key));
EXPECT_SUCCESS(s2n_connection_free(conn));
END_TEST();
}
int main(int argc, char **argv)
{
uint8_t digest_pad[64];
uint8_t output_pad[96];
uint8_t hello[] = "Hello world!\n";
struct s2n_stuffer output;
struct s2n_hash_state hash, copy;
struct s2n_blob out = {.data = output_pad,.size = sizeof(output_pad) };
BEGIN_TEST();
/* Initialise our output stuffers */
EXPECT_SUCCESS(s2n_stuffer_init(&output, &out));
uint8_t md5_digest_size;
GUARD(s2n_hash_digest_size(S2N_HASH_MD5, &md5_digest_size));
EXPECT_EQUAL(md5_digest_size, 16);
EXPECT_SUCCESS(s2n_hash_init(&hash, S2N_HASH_MD5));
EXPECT_SUCCESS(s2n_hash_update(&hash, hello, strlen((char *)hello)));
EXPECT_SUCCESS(s2n_hash_copy(©, &hash));
EXPECT_SUCCESS(s2n_hash_digest(&hash, digest_pad, MD5_DIGEST_LENGTH));
for (int i = 0; i < 16; i++) {
EXPECT_SUCCESS(s2n_stuffer_write_uint8_hex(&output, digest_pad[i]));
}
/* Reference value from command line md5sum */
EXPECT_EQUAL(memcmp(output_pad, "59ca0efa9f5633cb0371bbc0355478d8", 16 * 2), 0);
/* Check the copy */
EXPECT_SUCCESS(s2n_hash_digest(©, digest_pad, MD5_DIGEST_LENGTH));
for (int i = 0; i < 16; i++) {
EXPECT_SUCCESS(s2n_stuffer_write_uint8_hex(&output, digest_pad[i]));
}
/* Reference value from command line md5sum */
EXPECT_EQUAL(memcmp(output_pad, "59ca0efa9f5633cb0371bbc0355478d8", 16 * 2), 0);
EXPECT_SUCCESS(s2n_stuffer_init(&output, &out));
uint8_t sha1_digest_size;
GUARD(s2n_hash_digest_size(S2N_HASH_SHA1, &sha1_digest_size));
EXPECT_EQUAL(sha1_digest_size, 20);
EXPECT_SUCCESS(s2n_hash_init(&hash, S2N_HASH_SHA1));
EXPECT_SUCCESS(s2n_hash_update(&hash, hello, strlen((char *)hello)));
EXPECT_SUCCESS(s2n_hash_digest(&hash, digest_pad, SHA_DIGEST_LENGTH));
for (int i = 0; i < 20; i++) {
EXPECT_SUCCESS(s2n_stuffer_write_uint8_hex(&output, digest_pad[i]));
}
/* Reference value from command line sha1sum */
EXPECT_EQUAL(memcmp(output_pad, "47a013e660d408619d894b20806b1d5086aab03b", 20 * 2), 0);
EXPECT_SUCCESS(s2n_stuffer_init(&output, &out));
uint8_t sha256_digest_size;
GUARD(s2n_hash_digest_size(S2N_HASH_SHA256, &sha256_digest_size));
EXPECT_EQUAL(sha256_digest_size, 32);
EXPECT_SUCCESS(s2n_hash_init(&hash, S2N_HASH_SHA256));
EXPECT_SUCCESS(s2n_hash_update(&hash, hello, strlen((char *)hello)));
EXPECT_SUCCESS(s2n_hash_digest(&hash, digest_pad, SHA256_DIGEST_LENGTH));
for (int i = 0; i < 32; i++) {
EXPECT_SUCCESS(s2n_stuffer_write_uint8_hex(&output, digest_pad[i]));
}
/* Reference value from command line sha256sum */
EXPECT_EQUAL(memcmp(output_pad, "0ba904eae8773b70c75333db4de2f3ac45a8ad4ddba1b242f0b3cfc199391dd8", 32 * 2), 0);
EXPECT_SUCCESS(s2n_stuffer_init(&output, &out));
uint8_t sha384_digest_size;
GUARD(s2n_hash_digest_size(S2N_HASH_SHA384, &sha384_digest_size));
EXPECT_EQUAL(sha384_digest_size, 48);
EXPECT_SUCCESS(s2n_hash_init(&hash, S2N_HASH_SHA384));
EXPECT_SUCCESS(s2n_hash_update(&hash, hello, strlen((char *)hello)));
EXPECT_SUCCESS(s2n_hash_digest(&hash, digest_pad, SHA384_DIGEST_LENGTH));
for (int i = 0; i < 48; i++) {
EXPECT_SUCCESS(s2n_stuffer_write_uint8_hex(&output, digest_pad[i]));
}
/* Reference value from command line sha512sum */
EXPECT_EQUAL(memcmp(output_pad, "f7f8f1b9d5a9a61742eeda26c20990282ac08dabda14e70376fcb4c8b46198a9959ea9d7d194b38520eed5397ffe6d8e", 48 * 2), 0);
END_TEST();
}
int main(int argc, char **argv)
{
struct s2n_connection *conn;
struct s2n_config *config;
int status;
pid_t pid;
int server_to_client[2];
int client_to_server[2];
BEGIN_TEST();
EXPECT_SUCCESS(setenv("S2N_ENABLE_CLIENT_MODE", "1", 0));
/* Create a pipe */
EXPECT_SUCCESS(s2n_init());
for (int is_dh_key_exchange = 0; is_dh_key_exchange <= 1; is_dh_key_exchange++) {
EXPECT_SUCCESS(pipe(server_to_client));
EXPECT_SUCCESS(pipe(client_to_server));
/* Create a child process */
pid = fork();
if (pid == 0) {
/* This is the child process, close the read end of the pipe */
EXPECT_SUCCESS(close(client_to_server[0]));
EXPECT_SUCCESS(close(server_to_client[1]));
/* Write the fragmented hello message */
mock_client(client_to_server[1], server_to_client[0]);
}
/* This is the parent */
EXPECT_SUCCESS(close(client_to_server[1]));
EXPECT_SUCCESS(close(server_to_client[0]));
EXPECT_NOT_NULL(conn = s2n_connection_new(S2N_SERVER));
EXPECT_NOT_NULL(config = s2n_config_new());
EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key(config, certificate, private_key));
if (is_dh_key_exchange) {
EXPECT_SUCCESS(s2n_config_add_dhparams(config, dhparams));
}
EXPECT_SUCCESS(s2n_connection_set_config(conn, config));
/* Set up the connection to read from the fd */
EXPECT_SUCCESS(s2n_connection_set_read_fd(conn, client_to_server[0]));
EXPECT_SUCCESS(s2n_connection_set_write_fd(conn, server_to_client[1]));
/* Negotiate the handshake. */
EXPECT_SUCCESS(s2n_negotiate(conn, &status));
char buffer[0xffff];
for (int i = 1; i < 0xffff; i += 100) {
char * ptr = buffer;
int bytes_read = 0;
int size = i;
do {
EXPECT_SUCCESS(bytes_read = s2n_recv(conn, ptr, size, &status));
size -= bytes_read;
ptr += bytes_read;
} while(size);
for (int j = 0; j < i; j++) {
EXPECT_EQUAL(buffer[j], 33);
}
}
/* Verify that read() returns EOF */
EXPECT_SUCCESS(s2n_recv(conn, buffer, 1, &status));
EXPECT_SUCCESS(s2n_shutdown(conn, &status));
EXPECT_SUCCESS(s2n_connection_free(conn));
EXPECT_SUCCESS(s2n_config_free(config));
/* Clean up */
EXPECT_EQUAL(waitpid(-1, &status, 0), pid);
EXPECT_EQUAL(status, 0);
}
END_TEST();
return 0;
}
int main(int argc, char **argv)
{
struct s2n_stuffer certificate_in, certificate_out;
struct s2n_stuffer dhparams_in, dhparams_out;
struct s2n_stuffer rsa_key_in, rsa_key_out;
struct s2n_blob b;
BEGIN_TEST();
EXPECT_SUCCESS(s2n_stuffer_alloc(&certificate_in, sizeof(certificate)));
EXPECT_SUCCESS(s2n_stuffer_alloc(&certificate_out, sizeof(certificate)));
EXPECT_SUCCESS(s2n_stuffer_alloc(&dhparams_in, sizeof(dhparams)));
EXPECT_SUCCESS(s2n_stuffer_alloc(&dhparams_out, sizeof(dhparams)));
EXPECT_SUCCESS(s2n_stuffer_alloc(&rsa_key_in, sizeof(private_key)));
EXPECT_SUCCESS(s2n_stuffer_alloc(&rsa_key_out, sizeof(private_key)));
b.data = certificate;
b.size = sizeof(certificate);
EXPECT_SUCCESS(s2n_stuffer_write(&certificate_in, &b));
b.data = private_key;
b.size = sizeof(private_key);
EXPECT_SUCCESS(s2n_stuffer_write(&rsa_key_in, &b));
b.data = dhparams;
b.size = sizeof(dhparams);
EXPECT_SUCCESS(s2n_stuffer_write(&dhparams_in, &b));
EXPECT_SUCCESS(s2n_stuffer_certificate_from_pem(&certificate_in, &certificate_out));
EXPECT_SUCCESS(s2n_stuffer_rsa_private_key_from_pem(&rsa_key_in, &rsa_key_out));
EXPECT_SUCCESS(s2n_stuffer_dhparams_from_pem(&dhparams_in, &dhparams_out));
struct s2n_rsa_private_key priv_key;
struct s2n_rsa_public_key pub_key;
b.size = s2n_stuffer_data_available(&certificate_out);
b.data = s2n_stuffer_raw_read(&certificate_out, b.size);
EXPECT_SUCCESS(s2n_asn1der_to_rsa_public_key(&pub_key, &b));
b.size = s2n_stuffer_data_available(&rsa_key_out);
b.data = s2n_stuffer_raw_read(&rsa_key_out, b.size);
EXPECT_SUCCESS(s2n_asn1der_to_rsa_private_key(&priv_key, &b));
EXPECT_SUCCESS(s2n_rsa_keys_match(&pub_key, &priv_key));
struct s2n_connection *conn;
EXPECT_NOT_NULL(conn = s2n_connection_new(S2N_SERVER));
EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key(conn->config, (char *)chain, (char *)private_key));
struct s2n_dh_params dh_params;
b.size = s2n_stuffer_data_available(&dhparams_out);
b.data = s2n_stuffer_raw_read(&dhparams_out, b.size);
EXPECT_SUCCESS(s2n_pkcs3_to_dh_params(&dh_params, &b));
EXPECT_SUCCESS(s2n_config_add_dhparams(conn->config, (char *)dhparams));
/* Try signing and verification with RSA */
uint8_t inputpad[] = "Hello world!";
struct s2n_blob signature;
struct s2n_hash_state tls10_one, tls10_two, tls12_one, tls12_two;
EXPECT_SUCCESS(s2n_hash_init(&tls10_one, S2N_HASH_MD5_SHA1));
EXPECT_SUCCESS(s2n_hash_init(&tls10_two, S2N_HASH_MD5_SHA1));
EXPECT_SUCCESS(s2n_hash_init(&tls12_one, S2N_HASH_SHA1));
EXPECT_SUCCESS(s2n_hash_init(&tls12_two, S2N_HASH_SHA1));
EXPECT_SUCCESS(s2n_alloc(&signature, s2n_rsa_public_encrypted_size(&pub_key)));
EXPECT_SUCCESS(s2n_hash_update(&tls10_one, inputpad, sizeof(inputpad)));
EXPECT_SUCCESS(s2n_hash_update(&tls10_two, inputpad, sizeof(inputpad)));
EXPECT_SUCCESS(s2n_rsa_sign(&priv_key, &tls10_one, &signature));
EXPECT_SUCCESS(s2n_rsa_verify(&pub_key, &tls10_two, &signature));
EXPECT_SUCCESS(s2n_hash_update(&tls12_one, inputpad, sizeof(inputpad)));
EXPECT_SUCCESS(s2n_hash_update(&tls12_two, inputpad, sizeof(inputpad)));
EXPECT_SUCCESS(s2n_rsa_sign(&priv_key, &tls12_one, &signature));
EXPECT_SUCCESS(s2n_rsa_verify(&pub_key, &tls12_two, &signature));
EXPECT_SUCCESS(s2n_dh_params_free(&dh_params));
EXPECT_SUCCESS(s2n_rsa_private_key_free(&priv_key));
EXPECT_SUCCESS(s2n_rsa_public_key_free(&pub_key));
EXPECT_SUCCESS(s2n_config_free_dhparams(conn->config));
EXPECT_SUCCESS(s2n_config_free_cert_chain_and_key(conn->config));
EXPECT_SUCCESS(s2n_connection_free(conn));
EXPECT_SUCCESS(s2n_free(&signature));
EXPECT_SUCCESS(s2n_stuffer_free(&certificate_in));
EXPECT_SUCCESS(s2n_stuffer_free(&certificate_out));
EXPECT_SUCCESS(s2n_stuffer_free(&dhparams_in));
EXPECT_SUCCESS(s2n_stuffer_free(&dhparams_out));
EXPECT_SUCCESS(s2n_stuffer_free(&rsa_key_in));
EXPECT_SUCCESS(s2n_stuffer_free(&rsa_key_out));
END_TEST();
}
int main(int argc, char **argv)
{
uint8_t digest_pad[256];
uint8_t check_pad[256];
uint8_t output_pad[256];
struct s2n_stuffer output;
uint8_t sekrit[] = "sekrit";
uint8_t longsekrit[] = "This is a really really really long key on purpose to make sure that it's longer than the block size";
uint8_t hello[] = "Hello world!";
struct s2n_hmac_state hmac, copy;
struct s2n_hmac_state cmac;
struct s2n_blob out = {.data = output_pad,.size = sizeof(output_pad) };
BEGIN_TEST();
/* Initialise our output stuffers */
EXPECT_SUCCESS(s2n_stuffer_init(&output, &out));
EXPECT_EQUAL(s2n_hmac_digest_size(S2N_HMAC_MD5), 16);
EXPECT_SUCCESS(s2n_hmac_init(&hmac, S2N_HMAC_MD5, sekrit, strlen((char *)sekrit)));
EXPECT_SUCCESS(s2n_hmac_update(&hmac, hello, strlen((char *)hello)));
EXPECT_SUCCESS(s2n_hmac_copy(©, &hmac));
EXPECT_SUCCESS(s2n_hmac_digest(&hmac, digest_pad, 16));
for (int i = 0; i < 16; i++) {
EXPECT_SUCCESS(s2n_stuffer_write_uint8_hex(&output, digest_pad[i]));
}
/* Reference value from python */
EXPECT_EQUAL(memcmp(output_pad, "3ad68c53dc1a3cf35f6469877fae4585", 16 * 2), 0);
/* Check the copy */
EXPECT_SUCCESS(s2n_hmac_digest(©, digest_pad, 16));
for (int i = 0; i < 16; i++) {
EXPECT_SUCCESS(s2n_stuffer_write_uint8_hex(&output, digest_pad[i]));
}
/* Reference value from python */
EXPECT_EQUAL(memcmp(output_pad, "3ad68c53dc1a3cf35f6469877fae4585", 16 * 2), 0);
/* Test that a reset works */
EXPECT_SUCCESS(s2n_hmac_reset(&hmac));
EXPECT_SUCCESS(s2n_hmac_update(&hmac, hello, strlen((char *)hello)));
EXPECT_SUCCESS(s2n_hmac_digest(&hmac, digest_pad, 16));
EXPECT_SUCCESS(s2n_stuffer_init(&output, &out));
for (int i = 0; i < 16; i++) {
EXPECT_SUCCESS(s2n_stuffer_write_uint8_hex(&output, digest_pad[i]));
}
/* Reference value from python */
EXPECT_EQUAL(memcmp(output_pad, "3ad68c53dc1a3cf35f6469877fae4585", 16 * 2), 0);
EXPECT_SUCCESS(s2n_hmac_init(&hmac, S2N_HMAC_MD5, longsekrit, strlen((char *)longsekrit)));
EXPECT_SUCCESS(s2n_hmac_update(&hmac, hello, strlen((char *)hello)));
EXPECT_SUCCESS(s2n_hmac_digest(&hmac, digest_pad, 16));
EXPECT_SUCCESS(s2n_stuffer_init(&output, &out));
for (int i = 0; i < 16; i++) {
EXPECT_SUCCESS(s2n_stuffer_write_uint8_hex(&output, digest_pad[i]));
}
/* Reference value from python */
EXPECT_EQUAL(memcmp(output_pad, "2ce569d61f4ee6ad9ceebe02a112ace7", 16 * 2), 0);
/* Test that a reset works */
EXPECT_SUCCESS(s2n_hmac_reset(&hmac));
EXPECT_SUCCESS(s2n_hmac_update(&hmac, hello, strlen((char *)hello)));
EXPECT_SUCCESS(s2n_hmac_digest(&hmac, digest_pad, 16));
EXPECT_SUCCESS(s2n_stuffer_init(&output, &out));
for (int i = 0; i < 16; i++) {
EXPECT_SUCCESS(s2n_stuffer_write_uint8_hex(&output, digest_pad[i]));
}
/* Reference value from python */
EXPECT_EQUAL(memcmp(output_pad, "2ce569d61f4ee6ad9ceebe02a112ace7", 16 * 2), 0);
/* Verify that _verify works */
EXPECT_SUCCESS(s2n_hmac_init(&cmac, S2N_HMAC_MD5, longsekrit, strlen((char *)longsekrit)));
EXPECT_SUCCESS(s2n_hmac_update(&cmac, hello, strlen((char *)hello)));
EXPECT_SUCCESS(s2n_hmac_digest(&cmac, check_pad, 16));
EXPECT_SUCCESS(s2n_hmac_digest_verify(digest_pad, 16, check_pad, 16));
/* Try SHA1 */
EXPECT_EQUAL(s2n_hmac_digest_size(S2N_HMAC_SHA1), 20);
EXPECT_SUCCESS(s2n_hmac_init(&hmac, S2N_HMAC_SHA1, sekrit, strlen((char *)sekrit)));
EXPECT_SUCCESS(s2n_hmac_update(&hmac, hello, strlen((char *)hello)));
EXPECT_SUCCESS(s2n_hmac_digest(&hmac, digest_pad, 20));
EXPECT_SUCCESS(s2n_stuffer_init(&output, &out));
for (int i = 0; i < 20; i++) {
EXPECT_SUCCESS(s2n_stuffer_write_uint8_hex(&output, digest_pad[i]));
}
/* Reference value from python */
EXPECT_EQUAL(memcmp(output_pad, "6d301861b599938eca94f6de917362886d97882f", 20 * 2), 0);
/* Try SHA256 */
EXPECT_EQUAL(s2n_hmac_digest_size(S2N_HMAC_SHA256), 32);
EXPECT_SUCCESS(s2n_hmac_init(&hmac, S2N_HMAC_SHA256, sekrit, strlen((char *)sekrit)));
EXPECT_SUCCESS(s2n_hmac_update(&hmac, hello, strlen((char *)hello)));
EXPECT_SUCCESS(s2n_hmac_digest(&hmac, digest_pad, 32));
EXPECT_SUCCESS(s2n_stuffer_init(&output, &out));
for (int i = 0; i < 32; i++) {
EXPECT_SUCCESS(s2n_stuffer_write_uint8_hex(&output, digest_pad[i]));
}
/* Reference value from python */
EXPECT_EQUAL(memcmp(output_pad, "adc20b12d236e6d1824d690622e33ead4f67ba5a2be9606fe762b2dd859a78a9", 32 * 2), 0);
/* Try SHA384 */
EXPECT_EQUAL(s2n_hmac_digest_size(S2N_HMAC_SHA384), 48);
EXPECT_SUCCESS(s2n_hmac_init(&hmac, S2N_HMAC_SHA384, sekrit, strlen((char *)sekrit)));
EXPECT_SUCCESS(s2n_hmac_update(&hmac, hello, strlen((char *)hello)));
EXPECT_SUCCESS(s2n_hmac_digest(&hmac, digest_pad, 48));
EXPECT_SUCCESS(s2n_stuffer_init(&output, &out));
for (int i = 0; i < 48; i++) {
EXPECT_SUCCESS(s2n_stuffer_write_uint8_hex(&output, digest_pad[i]));
}
/* Reference value from python */
EXPECT_EQUAL(memcmp(output_pad, "8552563cadd583b79dcc7225bb79bc6483c63f259187162e1c9d4283eb6299ef1bc3ca81c0c40fc7b22f7a1f3b93adb4", 48 * 2), 0);
/* Try SHA512 */
EXPECT_EQUAL(s2n_hmac_digest_size(S2N_HMAC_SHA512), 64);
EXPECT_SUCCESS(s2n_hmac_init(&hmac, S2N_HMAC_SHA512, sekrit, strlen((char *)sekrit)));
EXPECT_SUCCESS(s2n_hmac_update(&hmac, hello, strlen((char *)hello)));
EXPECT_SUCCESS(s2n_hmac_digest(&hmac, digest_pad, 64));
EXPECT_SUCCESS(s2n_stuffer_init(&output, &out));
for (int i = 0; i < 64; i++) {
EXPECT_SUCCESS(s2n_stuffer_write_uint8_hex(&output, digest_pad[i]));
}
/* Reference value from python */
EXPECT_EQUAL(memcmp(output_pad, "0a834a1ed265042e2897405edb4fdd9818950cd5bea10b828f2fed45a1cb6dbd2107e4b04eb20f211998cd4e8c7e11ebdcb0103ac63882481e1bb8083d07f4be", 64 * 2), 0);
/* Try SSLv3 MD5 */
EXPECT_EQUAL(s2n_hmac_digest_size(S2N_HMAC_SSLv3_MD5), 16);
EXPECT_SUCCESS(s2n_hmac_init(&hmac, S2N_HMAC_SSLv3_MD5, sekrit, strlen((char *)sekrit)));
EXPECT_SUCCESS(s2n_hmac_update(&hmac, hello, strlen((char *)hello)));
EXPECT_SUCCESS(s2n_hmac_digest(&hmac, digest_pad, 16));
EXPECT_SUCCESS(s2n_stuffer_init(&output, &out));
for (int i = 0; i < 16; i++) {
EXPECT_SUCCESS(s2n_stuffer_write_uint8_hex(&output, digest_pad[i]));
}
/* Reference value from Go */
EXPECT_EQUAL(memcmp(output_pad, "d4f0d06b9765de23e6c3e33a24c5ded0", 16 * 2), 0);
/* Test that a reset works */
EXPECT_SUCCESS(s2n_hmac_reset(&hmac));
EXPECT_SUCCESS(s2n_hmac_update(&hmac, hello, strlen((char *)hello)));
EXPECT_SUCCESS(s2n_hmac_digest(&hmac, digest_pad, 16));
EXPECT_SUCCESS(s2n_stuffer_init(&output, &out));
for (int i = 0; i < 16; i++) {
EXPECT_SUCCESS(s2n_stuffer_write_uint8_hex(&output, digest_pad[i]));
}
EXPECT_EQUAL(memcmp(output_pad, "d4f0d06b9765de23e6c3e33a24c5ded0", 16 * 2), 0);
/* Try SSLv3 SHA1 */
EXPECT_EQUAL(s2n_hmac_digest_size(S2N_HMAC_SSLv3_SHA1), 20);
EXPECT_SUCCESS(s2n_hmac_init(&hmac, S2N_HMAC_SSLv3_SHA1, sekrit, strlen((char *)sekrit)));
EXPECT_SUCCESS(s2n_hmac_update(&hmac, hello, strlen((char *)hello)));
EXPECT_SUCCESS(s2n_hmac_digest(&hmac, digest_pad, 20));
EXPECT_SUCCESS(s2n_stuffer_init(&output, &out));
for (int i = 0; i < 20; i++) {
EXPECT_SUCCESS(s2n_stuffer_write_uint8_hex(&output, digest_pad[i]));
}
/* Reference value from Go */
EXPECT_EQUAL(memcmp(output_pad, "b0c66179f6eb5a46b4b7c4fca84b3ea5161b7326", 20 * 2), 0);
/* Test that a reset works */
EXPECT_SUCCESS(s2n_hmac_reset(&hmac));
EXPECT_SUCCESS(s2n_hmac_update(&hmac, hello, strlen((char *)hello)));
EXPECT_SUCCESS(s2n_hmac_digest(&hmac, digest_pad, 20));
EXPECT_SUCCESS(s2n_stuffer_init(&output, &out));
for (int i = 0; i < 20; i++) {
EXPECT_SUCCESS(s2n_stuffer_write_uint8_hex(&output, digest_pad[i]));
}
EXPECT_EQUAL(memcmp(output_pad, "b0c66179f6eb5a46b4b7c4fca84b3ea5161b7326", 20 * 2), 0);
END_TEST();
}
int main(int argc, char** argv)
{
struct sockaddr_in server_addr, client_addr;
socklen_t client_len;
int listen_fd, conn_fd, r;
char buf[36], *pbuf = buf;
struct iovec iov;
struct msghdr msg = { NULL, 0, &iov, 1, NULL, 0, 0 };
server_addr.sin_family = AF_INET;
server_addr.sin_addr.s_addr = htonl(INADDR_ANY);
server_addr.sin_port = htons(1080);
PRINT("Trying socket()... ");
listen_fd = socket(PF_INET, SOCK_STREAM, 0);
EXPECT_SUCCESS(listen_fd);
PRINT("Trying bind()... ");
r = bind(listen_fd, (const struct sockaddr *) &server_addr, sizeof(server_addr));
EXPECT_SUCCESS(r);
PRINT("Trying listen()... ");
r = listen(listen_fd, 1);
EXPECT_SUCCESS(r);
PRINT("Trying accept()... ");
client_len = sizeof(client_addr);
conn_fd = accept(listen_fd, (struct sockaddr *) &client_addr, &client_len);
EXPECT_SUCCESS(conn_fd);
PRINT("Trying read()... ");
r = read(conn_fd, pbuf, 10);
EXPECT_EQUAL(r, 10);
pbuf += 10;
PRINT("Trying recvfrom()... ");
client_len = sizeof(client_addr);
r = recvfrom(conn_fd, pbuf, 10, 0, (struct sockaddr *) &client_addr, &client_len);
EXPECT_EQUAL(r, 10);
pbuf += 10;
PRINT("Trying recvmsg()... ");
iov.iov_base = pbuf;
iov.iov_len = 10;
r = recvmsg(conn_fd, &msg, 0);
EXPECT_EQUAL(r, 10);
pbuf += 10;
PRINT("Trying recv()... ");
r = recv(conn_fd, pbuf, 10, 0);
EXPECT_EQUAL(r, 6);
pbuf += 6;
PRINT("Trying recv()... ");
r = recv(conn_fd, pbuf, 10, 0);
EXPECT_EQUAL(r, 0);
PRINT("Trying send()... ");
r = send(conn_fd, buf, pbuf - buf, 0);
EXPECT_EQUAL(r, pbuf - buf);
PRINT("Trying close()... ");
r = close(conn_fd);
EXPECT_SUCCESS(r);
PRINT("Trying close()... ");
r = close(listen_fd);
EXPECT_SUCCESS(r);
printf("Success\n");
return EXIT_SUCCESS;
}
int main(int argc, char **argv)
{
struct s2n_connection *conn;
struct s2n_config *config;
s2n_blocked_status blocked;
int status;
pid_t pid;
int server_to_client[2];
int client_to_server[2];
BEGIN_TEST();
EXPECT_SUCCESS(setenv("S2N_ENABLE_CLIENT_MODE", "1", 0));
for (int cert = 0; cert < SUPPORTED_CERTIFICATE_FORMATS; cert++) {
for (int is_dh_key_exchange = 0; is_dh_key_exchange <= 1; is_dh_key_exchange++) {
/* Create a pipe */
EXPECT_SUCCESS(pipe(server_to_client));
EXPECT_SUCCESS(pipe(client_to_server));
/* Create a child process */
pid = fork();
if (pid == 0) {
/* This is the child process, close the read end of the pipe */
EXPECT_SUCCESS(close(client_to_server[0]));
EXPECT_SUCCESS(close(server_to_client[1]));
/* Write the fragmented hello message */
mock_client(client_to_server[1], server_to_client[0]);
}
/* This is the parent */
EXPECT_SUCCESS(close(client_to_server[1]));
EXPECT_SUCCESS(close(server_to_client[0]));
EXPECT_NOT_NULL(conn = s2n_connection_new(S2N_SERVER));
conn->server_protocol_version = S2N_TLS12;
conn->client_protocol_version = S2N_TLS12;
conn->actual_protocol_version = S2N_TLS12;
EXPECT_NOT_NULL(config = s2n_config_new());
EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key(config, certificates[cert], private_keys[cert]));
if (is_dh_key_exchange) {
EXPECT_SUCCESS(s2n_config_add_dhparams(config, dhparams));
}
EXPECT_SUCCESS(s2n_connection_set_config(conn, config));
/* Set up the connection to read from the fd */
EXPECT_SUCCESS(s2n_connection_set_read_fd(conn, client_to_server[0]));
EXPECT_SUCCESS(s2n_connection_set_write_fd(conn, server_to_client[1]));
/* Negotiate the handshake. */
EXPECT_SUCCESS(s2n_negotiate(conn, &blocked));
char buffer[0xffff];
for (int i = 1; i < 0xffff; i += 100) {
char * ptr = buffer;
int size = i;
do {
int bytes_read = 0;
EXPECT_SUCCESS(bytes_read = s2n_recv(conn, ptr, size, &blocked));
size -= bytes_read;
ptr += bytes_read;
} while(size);
for (int j = 0; j < i; j++) {
EXPECT_EQUAL(buffer[j], 33);
}
}
int shutdown_rc = -1;
do {
shutdown_rc = s2n_shutdown(conn, &blocked);
EXPECT_TRUE(shutdown_rc == 0 || (errno == EAGAIN && blocked));
} while(shutdown_rc != 0);
EXPECT_SUCCESS(s2n_connection_free(conn));
EXPECT_SUCCESS(s2n_config_free(config));
/* Clean up */
EXPECT_EQUAL(waitpid(-1, &status, 0), pid);
EXPECT_EQUAL(status, 0);
}
}
END_TEST();
return 0;
}
int main(int argc, char **argv) {
BEGIN_TEST();
EXPECT_SUCCESS(setenv("S2N_ENABLE_CLIENT_MODE", "1", 0));
/* Part 1 setup a client and server connection with everything they need for a key exchange */
struct s2n_connection *client_conn, *server_conn;
EXPECT_NOT_NULL(client_conn = s2n_connection_new(S2N_CLIENT));
EXPECT_NOT_NULL(server_conn = s2n_connection_new(S2N_SERVER));
struct s2n_config *server_config, *client_config;
client_config = s2n_fetch_unsafe_client_testing_config();
GUARD(s2n_connection_set_config(client_conn, client_config));
/* Part 1.1 setup server's keypair and the give the client the certificate */
char *cert_chain;
char *private_key;
char *client_chain;
EXPECT_NOT_NULL(cert_chain = malloc(S2N_MAX_TEST_PEM_SIZE));
EXPECT_NOT_NULL(private_key = malloc(S2N_MAX_TEST_PEM_SIZE));
EXPECT_NOT_NULL(client_chain = malloc(S2N_MAX_TEST_PEM_SIZE));
EXPECT_NOT_NULL(server_config = s2n_config_new());
EXPECT_SUCCESS(s2n_read_test_pem(S2N_RSA_2048_PKCS1_CERT_CHAIN, cert_chain, S2N_MAX_TEST_PEM_SIZE));
EXPECT_SUCCESS(s2n_read_test_pem(S2N_RSA_2048_PKCS1_KEY, private_key, S2N_MAX_TEST_PEM_SIZE));
EXPECT_SUCCESS(s2n_read_test_pem(S2N_RSA_2048_PKCS1_LEAF_CERT, client_chain, S2N_MAX_TEST_PEM_SIZE));
struct s2n_cert_chain_and_key *chain_and_key;
EXPECT_NOT_NULL(chain_and_key = s2n_cert_chain_and_key_new());
EXPECT_SUCCESS(s2n_cert_chain_and_key_load_pem(chain_and_key, cert_chain, private_key));
EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_to_store(server_config, chain_and_key));
EXPECT_SUCCESS(s2n_connection_set_config(server_conn, server_config));
GUARD(s2n_set_signature_hash_pair_from_preference_list(server_conn, &server_conn->handshake_params.client_sig_hash_algs, &server_conn->secure.conn_hash_alg, &server_conn->secure.conn_sig_alg));
DEFER_CLEANUP(struct s2n_stuffer certificate_in = {{0}}, s2n_stuffer_free);
EXPECT_SUCCESS(s2n_stuffer_alloc(&certificate_in, S2N_MAX_TEST_PEM_SIZE));
DEFER_CLEANUP(struct s2n_stuffer certificate_out = {{0}}, s2n_stuffer_free);
EXPECT_SUCCESS(s2n_stuffer_alloc(&certificate_out, S2N_MAX_TEST_PEM_SIZE));
struct s2n_blob temp_blob;
temp_blob.data = (uint8_t *) client_chain;
temp_blob.size = strlen(client_chain) + 1;
EXPECT_SUCCESS(s2n_stuffer_write(&certificate_in, &temp_blob));
EXPECT_SUCCESS(s2n_stuffer_certificate_from_pem(&certificate_in, &certificate_out));
temp_blob.size = s2n_stuffer_data_available(&certificate_out);
temp_blob.data = s2n_stuffer_raw_read(&certificate_out, temp_blob.size);
s2n_cert_type cert_type;
EXPECT_SUCCESS(s2n_asn1der_to_public_key_and_type(&client_conn->secure.server_public_key, &cert_type, &temp_blob));
server_conn->handshake_params.our_chain_and_key = chain_and_key;
EXPECT_SUCCESS(setup_connection(server_conn));
EXPECT_SUCCESS(setup_connection(client_conn));
#if S2N_LIBCRYPTO_SUPPORTS_CUSTOM_RAND
/* Read the seed from the RSP_FILE and create the DRBG for the test. Since the seed is the same (and prediction
* resistance is off) all calls to generate random data will return the same sequence. Thus the server always
* generates the same ECDHE point and KEM public key, the client does the same. */
FILE *kat_file = fopen(RSP_FILE_NAME, "r");
EXPECT_NOT_NULL(kat_file);
EXPECT_SUCCESS(s2n_alloc(&kat_entropy_blob, 48));
EXPECT_SUCCESS(ReadHex(kat_file, kat_entropy_blob.data, 48, "seed = "));
struct s2n_drbg drbg = {.entropy_generator = &s2n_entropy_generator};
s2n_stack_blob(personalization_string, 32, 32);
EXPECT_SUCCESS(s2n_drbg_instantiate(&drbg, &personalization_string, S2N_DANGEROUS_AES_256_CTR_NO_DF_NO_PR));
EXPECT_SUCCESS(s2n_set_private_drbg_for_test(drbg));
#endif
/* Part 2 server sends key first */
EXPECT_SUCCESS(s2n_server_key_send(server_conn));
/* Part 2.1 verify the results as best we can */
EXPECT_EQUAL(server_conn->handshake.io.write_cursor, SERVER_KEY_MESSAGE_LENGTH);
struct s2n_blob server_key_message = {.size = SERVER_KEY_MESSAGE_LENGTH, .data = s2n_stuffer_raw_read(&server_conn->handshake.io, SERVER_KEY_MESSAGE_LENGTH)};
#if S2N_LIBCRYPTO_SUPPORTS_CUSTOM_RAND
/* Part 2.1.1 if we're running in known answer mode check the server's key exchange message matches the expected value */
uint8_t expected_server_key_message[SERVER_KEY_MESSAGE_LENGTH];
EXPECT_SUCCESS(ReadHex(kat_file, expected_server_key_message, SERVER_KEY_MESSAGE_LENGTH, "expected_server_key_exchange = "));
EXPECT_BYTEARRAY_EQUAL(expected_server_key_message, server_key_message.data, SERVER_KEY_MESSAGE_LENGTH);
#endif
/* Part 2.2 copy server's message to the client's stuffer */
s2n_stuffer_write(&client_conn->handshake.io, &server_key_message);
/* Part 3 client recvs the server's key and sends the client key exchange message */
EXPECT_SUCCESS(s2n_server_key_recv(client_conn));
EXPECT_SUCCESS(s2n_client_key_send(client_conn));
/* Part 3.1 verify the results as best we can */
EXPECT_EQUAL(client_conn->handshake.io.write_cursor - client_conn->handshake.io.read_cursor, CLIENT_KEY_MESSAGE_LENGTH);
struct s2n_blob client_key_message = {.size = CLIENT_KEY_MESSAGE_LENGTH, .data = s2n_stuffer_raw_read(&client_conn->handshake.io, CLIENT_KEY_MESSAGE_LENGTH)};
#if S2N_LIBCRYPTO_SUPPORTS_CUSTOM_RAND
/* Part 3.1.1 if we're running in known answer mode check the client's key exchange message matches the expected value */
uint8_t expected_client_key_message[CLIENT_KEY_MESSAGE_LENGTH];
EXPECT_SUCCESS(ReadHex(kat_file, expected_client_key_message, CLIENT_KEY_MESSAGE_LENGTH, "expected_client_key_exchange = "));
EXPECT_BYTEARRAY_EQUAL(expected_client_key_message, client_key_message.data, CLIENT_KEY_MESSAGE_LENGTH);
#endif
/* Part 3.2 copy the client's message back to the server's stuffer */
s2n_stuffer_write(&server_conn->handshake.io, &client_key_message);
/* Part 4 server receives the client's message */
EXPECT_SUCCESS(s2n_client_key_recv(server_conn));
/* Part 4.1 verify results as best we can, the client and server should at least have the same master secret */
EXPECT_BYTEARRAY_EQUAL(server_conn->secure.master_secret, client_conn->secure.master_secret, S2N_TLS_SECRET_LEN);
#if S2N_LIBCRYPTO_SUPPORTS_CUSTOM_RAND
/* Part 4.1.1 if we're running in known answer mode check that both the client and server got the expected master secret
* from the RSP_FILE */
uint8_t expected_master_secret[S2N_TLS_SECRET_LEN];
EXPECT_SUCCESS(ReadHex(kat_file, expected_master_secret, S2N_TLS_SECRET_LEN, "expected_master_secret = "));
EXPECT_BYTEARRAY_EQUAL(expected_master_secret, client_conn->secure.master_secret, S2N_TLS_SECRET_LEN);
EXPECT_BYTEARRAY_EQUAL(expected_master_secret, server_conn->secure.master_secret, S2N_TLS_SECRET_LEN);
#endif
EXPECT_SUCCESS(s2n_cert_chain_and_key_free(chain_and_key));
EXPECT_SUCCESS(s2n_connection_free(client_conn));
EXPECT_SUCCESS(s2n_connection_free(server_conn));
EXPECT_SUCCESS(s2n_config_free(server_config));
free(cert_chain);
free(client_chain);
free(private_key);
#if S2N_LIBCRYPTO_SUPPORTS_CUSTOM_RAND
/* Extra cleanup needed for the known answer test */
fclose(kat_file);
#endif
END_TEST();
}
int main(int argc, char **argv)
{
uint8_t data[10000000];
uint8_t *ptr = data;
struct s2n_connection *conn;
struct s2n_config *config;
s2n_blocked_status blocked;
int status;
pid_t pid;
int server_to_client[2];
int client_to_server[2];
struct s2n_blob blob = {.data = data, .size = sizeof(data)};
BEGIN_TEST();
EXPECT_SUCCESS(setenv("S2N_ENABLE_CLIENT_MODE", "1", 0));
EXPECT_NOT_NULL(config = s2n_config_new());
EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key(config, certificate, private_key));
EXPECT_SUCCESS(s2n_config_add_dhparams(config, dhparams));
/* Get some random data to send/receive */
EXPECT_SUCCESS(s2n_get_urandom_data(&blob));
/* Create a pipe */
EXPECT_SUCCESS(pipe(server_to_client));
EXPECT_SUCCESS(pipe(client_to_server));
/* Create a child process */
pid = fork();
if (pid == 0) {
/* This is the child process, close the read end of the pipe */
EXPECT_SUCCESS(close(client_to_server[0]));
EXPECT_SUCCESS(close(server_to_client[1]));
/* Run the client */
mock_client(client_to_server[1], server_to_client[0], data, sizeof(data));
}
/* This is the parent */
EXPECT_SUCCESS(close(client_to_server[1]));
EXPECT_SUCCESS(close(server_to_client[0]));
EXPECT_NOT_NULL(conn = s2n_connection_new(S2N_SERVER));
EXPECT_SUCCESS(s2n_connection_set_config(conn, config));
/* Set up the connection to read from the fd */
EXPECT_SUCCESS(s2n_connection_set_read_fd(conn, client_to_server[0]));
EXPECT_SUCCESS(s2n_connection_set_write_fd(conn, server_to_client[1]));
/* Negotiate the handshake. */
EXPECT_SUCCESS(s2n_negotiate(conn, &blocked));
/* Pause the child process by sending it SIGSTP */
EXPECT_SUCCESS(kill(pid, SIGSTOP));
/* Make our pipes non-blocking */
EXPECT_NOT_EQUAL(fcntl(client_to_server[0], F_SETFL, fcntl(client_to_server[0], F_GETFL) | O_NONBLOCK), -1);
EXPECT_NOT_EQUAL(fcntl(server_to_client[1], F_SETFL, fcntl(server_to_client[1], F_GETFL) | O_NONBLOCK), -1);
/* Try to all 10MB of data, should be enough to fill PIPEBUF, so
we'll get blocked at some point */
uint32_t remaining = sizeof(data);
while (remaining) {
int r = s2n_send(conn, ptr, remaining, &blocked);
if (r < 0) {
if (blocked) {
/* We reached a blocked state */
break;
}
continue;
}
remaining -= r;
ptr += r;
}
/* Remaining shouldn't have progressed at all */
EXPECT_EQUAL(remaining, sizeof(data));
/* Wake the child process by sending it SIGCONT */
EXPECT_SUCCESS(kill(pid, SIGCONT));
/* Make our sockets blocking again */
EXPECT_NOT_EQUAL(fcntl(client_to_server[0], F_SETFL, fcntl(client_to_server[0], F_GETFL) ^ O_NONBLOCK), -1);
EXPECT_NOT_EQUAL(fcntl(server_to_client[1], F_SETFL, fcntl(server_to_client[1], F_GETFL) ^ O_NONBLOCK), -1);
/* Actually send the remaining data */
while (remaining) {
int r = s2n_send(conn, ptr, remaining, &blocked);
if (r < 0) {
continue;
}
remaining -= r;
ptr += r;
}
EXPECT_SUCCESS(s2n_shutdown(conn, &blocked));
EXPECT_SUCCESS(s2n_connection_free(conn));
/* Clean up */
EXPECT_EQUAL(waitpid(-1, &status, 0), pid);
EXPECT_EQUAL(status, 0);
EXPECT_SUCCESS(s2n_config_free(config));
END_TEST();
return 0;
}
static int prepare_xomp(int argc,
char *argv[])
{
errval_t err;
xomp_wloc_t location = XOMP_WORKER_LOC_MIXED;
for (int i = 3; i < argc; ++i) {
if (!strncmp(argv[i], "--location=", 11)) {
char *p = strchr(argv[i], '=');
p++;
if (!strcmp(p, "local")) {
location = XOMP_WORKER_LOC_LOCAL;
}
}
}
if (location == XOMP_WORKER_LOC_MIXED) {
debug_printf("waiting for xeon phi to be ready\n");
err = xeon_phi_domain_blocking_lookup("xeon_phi.0.ready", NULL);
EXPECT_SUCCESS(err, "nameservice_blocking_lookup");
err = xeon_phi_domain_blocking_lookup("xeon_phi.1.ready", NULL);
EXPECT_SUCCESS(err, "nameservice_blocking_lookup");
#if XOMP_BENCH_ENABLED
xomp_master_bench_enable(BENCH_RUN_COUNT, nthreads,
XOMP_MASTER_BENCH_MEM_ADD);
#endif
}
struct xomp_spawn local_info = {
.argc = argc,
.argv = argv,
#ifdef __k1om__
.path = "/k1om/sbin/benchmarks/bomp_mm",
#else
.path = "/x86_64/sbin/benchmarks/bomp_mm",
#endif
};
struct xomp_spawn remote_info = {
.argc = argc,
.argv = argv,
.path = "/k1om/sbin/benchmarks/bomp_mm",
};
struct xomp_args xomp_arg = {
.type = XOMP_ARG_TYPE_DISTINCT,
.core_stride = 0, // use default
.args = {
.distinct = {
.nthreads = nthreads,
.worker_loc = location,
.nphi = 2,
.local = local_info,
.remote = remote_info
}
}
};
cycles_t tsc_start = bench_tsc();
if (bomp_xomp_init(&xomp_arg)) {
debug_printf("bomp init failed!\n");
exit(1);
}
cycles_t tsc_end = bench_tsc();
timer_xompinit = bench_time_diff(tsc_start, tsc_end);
return (location == XOMP_WORKER_LOC_LOCAL);
}
int main(int argc,
char *argv[])
{
errval_t err;
xomp_wid_t wid;
bench_init();
err = xomp_worker_parse_cmdline(argc, argv, &wid);
if (err_is_ok(err)) {
struct xomp_args xw_arg = {
.type = XOMP_ARG_TYPE_WORKER,
.args = {
.worker = {
.id = wid
}
}
};
bomp_xomp_init(&xw_arg);
}
if (argc < 4) {
debug_printf("Usage: %s <size> <numthreats>\n", argv[0]);
exit(1);
}
nthreads = strtoul(argv[1], NULL, 10);
if (nthreads == 0) {
debug_printf("num threads must be >0\n");
exit(1);
}
DEBUG("\n");
DEBUG("======================================================\n");
debug_printf("Num Threads: %u\n", nthreads);
uint8_t is_shared = 0;
for (int i = 2; i < argc; ++i) {
if (!strcmp(argv[i], "bomp")) {
prepare_bomp();
is_shared = 1;
} else if (!strcmp(argv[i], "xomp")) {
is_shared = prepare_xomp(argc, argv);
} else {
debug_printf("ignoring argument {%s}\n", argv[i]);
}
}
debug_printf("-------------------------------------\n");
debug_printf("init time: %lu\n", timer_xompinit);
debug_printf("-------------------------------------\n");
#if XOMP_BENCH_ENABLED
xomp_master_bench_print_results();
#endif
while (1)
;
}
int main(int argc, char **argv)
{
BEGIN_TEST();
/* Test generate->write->read->compute_shared with all supported curves */
for (int i = 0; i < sizeof(s2n_ecc_supported_curves) / sizeof(s2n_ecc_supported_curves[0]); i++) {
struct s2n_ecc_params server_params, client_params;
struct s2n_stuffer wire;
struct s2n_blob server_shared, client_shared, ecdh_params_sent, ecdh_params_received;
EXPECT_SUCCESS(s2n_stuffer_growable_alloc(&wire, 1024));
/* Server generates a key for a given curve */
server_params.negotiated_curve = &s2n_ecc_supported_curves[i];
EXPECT_SUCCESS(s2n_ecc_generate_ephemeral_key(&server_params));
/* Server sends the public */
EXPECT_SUCCESS(s2n_ecc_write_ecc_params(&server_params, &wire, &ecdh_params_sent));
/* Client reads the public */
struct s2n_ecdhe_raw_server_params ecdhe_data = {{0}};
EXPECT_SUCCESS(s2n_ecc_read_ecc_params(&wire, &ecdh_params_received, &ecdhe_data));
EXPECT_SUCCESS(s2n_ecc_parse_ecc_params(&client_params, &ecdhe_data));
/* The client got the curve */
EXPECT_EQUAL(client_params.negotiated_curve, server_params.negotiated_curve);
/* Client sends its public */
EXPECT_SUCCESS(s2n_ecc_compute_shared_secret_as_client(&client_params, &wire, &client_shared));
/* Server receives it */
EXPECT_SUCCESS(s2n_ecc_compute_shared_secret_as_server(&server_params, &wire, &server_shared));
/* Shared is the same for the client and the server */
EXPECT_EQUAL(client_shared.size, server_shared.size);
EXPECT_BYTEARRAY_EQUAL(client_shared.data, server_shared.data, client_shared.size);
/* Clean up */
EXPECT_SUCCESS(s2n_stuffer_free(&wire));
EXPECT_SUCCESS(s2n_free(&server_shared));
EXPECT_SUCCESS(s2n_free(&client_shared));
EXPECT_SUCCESS(s2n_ecc_params_free(&server_params));
EXPECT_SUCCESS(s2n_ecc_params_free(&client_params));
}
END_TEST();
}
int main(int argc, char **argv)
{
struct s2n_timer timer;
uint64_t nanoseconds;
BEGIN_TEST();
/* First: Perform some tests using the real clock */
EXPECT_SUCCESS(s2n_timer_start(&timer));
EXPECT_SUCCESS(s2n_timer_reset(&timer, &nanoseconds));
EXPECT_TRUE(nanoseconds < 1000000000);
EXPECT_SUCCESS(s2n_timer_elapsed(&timer, &nanoseconds));
EXPECT_TRUE(nanoseconds < 1000000000);
EXPECT_SUCCESS(sleep(1));
EXPECT_SUCCESS(s2n_timer_reset(&timer, &nanoseconds));
EXPECT_TRUE(nanoseconds > 1000000000);
EXPECT_TRUE(nanoseconds < 2000000000);
EXPECT_SUCCESS(sleep(1));
EXPECT_SUCCESS(s2n_timer_elapsed(&timer, &nanoseconds));
EXPECT_TRUE(nanoseconds > 1000000000);
EXPECT_TRUE(nanoseconds < 2000000000);
#if !defined(__APPLE__) || !defined(__MACH__)
/* Next: perform some tests around timespec boundaries */
/* Pretend that there were 999,999,999 nanoseconds elapsed in the
* previously measured instant. Keep reseting the timer until
* the second progresses from that instant, and there are also
* less than 999,999,999 nanoseconds elapsed.
*
* This sets up a situation in which the tv_sec field causes time
* to move "forwards", and tv_nsec causes it to move backwards.
* e.g.
*
* previous_time = 10
*
* timer.time.tv_sec = 11
* timer.time.tv_nsec = 123456789;
*
* delta will be:
* (11 - 10) * 1000000000
* + (123456789 - 999999999)
*
* = 123456790 (same as 1 + 123456789)
*/
time_t previous_time;
do {
previous_time = timer.time.tv_sec;
timer.time.tv_nsec = 999999999;
EXPECT_SUCCESS(s2n_timer_reset(&timer, &nanoseconds));
}
while(previous_time != (timer.time.tv_sec - 1) || timer.time.tv_nsec == 999999999);
EXPECT_TRUE(nanoseconds < 1000000000);
EXPECT_TRUE(nanoseconds == 1 + timer.time.tv_nsec);
/* Now we perform the oppossite test: make sure that the previous value for
* nsec is smaller than the later one */
do {
previous_time = timer.time.tv_sec;
timer.time.tv_nsec = 0;
EXPECT_SUCCESS(s2n_timer_reset(&timer, &nanoseconds));
}
while(previous_time != (timer.time.tv_sec - 1) || timer.time.tv_nsec == 0);
EXPECT_TRUE(nanoseconds > 1000000000);
EXPECT_TRUE(nanoseconds < 2000000000);
EXPECT_TRUE(nanoseconds == 1000000000 + timer.time.tv_nsec);
#endif
END_TEST();
}
int main(int argc, char **argv)
{
uint8_t data[256] = { 0 };
struct s2n_drbg drbg = {{ 0 }};
struct s2n_blob blob = {.data = data, .size = 64 };
struct s2n_timer timer;
uint64_t drbg_nanoseconds;
uint64_t urandom_nanoseconds;
struct s2n_stuffer nist_reference_personalization_strings;
struct s2n_stuffer nist_reference_returned_bits;
struct s2n_stuffer nist_reference_values;
struct s2n_config *config;
BEGIN_TEST();
EXPECT_NOT_NULL(config = s2n_config_new())
/* Open /dev/urandom */
EXPECT_TRUE(entropy_fd = open("/dev/urandom", O_RDONLY));
/* Convert the hex entropy data into binary */
EXPECT_SUCCESS(s2n_stuffer_alloc_ro_from_hex_string(&nist_reference_entropy, nist_reference_entropy_hex));
EXPECT_SUCCESS(s2n_stuffer_alloc_ro_from_hex_string(&nist_reference_personalization_strings, nist_reference_personalization_strings_hex));
EXPECT_SUCCESS(s2n_stuffer_alloc_ro_from_hex_string(&nist_reference_returned_bits, nist_reference_returned_bits_hex));
EXPECT_SUCCESS(s2n_stuffer_alloc_ro_from_hex_string(&nist_reference_values, nist_reference_values_hex));
/* Check everything against the NIST vectors */
for (int i = 0; i < 14; i++) {
uint8_t ps[32];
struct s2n_drbg nist_drbg = { .entropy_generator = nist_fake_urandom_data };
struct s2n_blob personalization_string = {.data = ps, .size = 32};
/* Read the next personalization string */
EXPECT_SUCCESS(s2n_stuffer_read(&nist_reference_personalization_strings, &personalization_string));
/* Instantiate the DRBG */
EXPECT_SUCCESS(s2n_drbg_instantiate(&nist_drbg, &personalization_string));
uint8_t nist_v[16];
GUARD(s2n_stuffer_read_bytes(&nist_reference_values, nist_v, sizeof(nist_v)));
EXPECT_TRUE(memcmp(nist_v, nist_drbg.v, sizeof(nist_drbg.v)) == 0);
/* Generate 512 bits (FIRST CALL) */
uint8_t out[64];
struct s2n_blob generated = {.data = out, .size = 64 };
EXPECT_SUCCESS(s2n_drbg_generate(&nist_drbg, &generated));
GUARD(s2n_stuffer_read_bytes(&nist_reference_values, nist_v, sizeof(nist_v)));
EXPECT_TRUE(memcmp(nist_v, nist_drbg.v, sizeof(nist_drbg.v)) == 0);
/* Generate another 512 bits (SECOND CALL) */
EXPECT_SUCCESS(s2n_drbg_generate(&nist_drbg, &generated));
GUARD(s2n_stuffer_read_bytes(&nist_reference_values, nist_v, sizeof(nist_v)));
EXPECT_TRUE(memcmp(nist_v, nist_drbg.v, sizeof(nist_drbg.v)) == 0);
uint8_t nist_returned_bits[64];
GUARD(s2n_stuffer_read_bytes(&nist_reference_returned_bits, nist_returned_bits, sizeof(nist_returned_bits)));
EXPECT_TRUE(memcmp(nist_returned_bits, out, sizeof(nist_returned_bits)) == 0);
EXPECT_SUCCESS(s2n_drbg_wipe(&nist_drbg));
}
EXPECT_SUCCESS(s2n_drbg_instantiate(&drbg, &blob));
/* Use the DRBG for 32MB of data */
EXPECT_SUCCESS(s2n_timer_start(config, &timer));
for (int i = 0; i < 500000; i++) {
EXPECT_SUCCESS(s2n_drbg_generate(&drbg, &blob));
}
EXPECT_SUCCESS(s2n_timer_reset(config, &timer, &drbg_nanoseconds));
/* Use urandom for 32MB of data */
EXPECT_SUCCESS(s2n_timer_start(config, &timer));
for (int i = 0; i < 500000; i++) {
EXPECT_SUCCESS(s2n_get_urandom_data(&blob));
}
EXPECT_SUCCESS(s2n_timer_reset(config, &timer, &urandom_nanoseconds));
/* Confirm that the DRBG is faster than urandom */
EXPECT_TRUE(drbg_nanoseconds < urandom_nanoseconds);
/* NOTE: s2n_random_test also includes monobit tests for this DRBG */
/* the DRBG state is 128 bytes, test that we can get more than that */
blob.size = 129;
for (int i = 0; i < 10; i++) {
EXPECT_SUCCESS(s2n_drbg_generate(&drbg, &blob));
}
EXPECT_SUCCESS(s2n_drbg_wipe(&drbg));
EXPECT_SUCCESS(s2n_stuffer_free(&nist_reference_entropy));
EXPECT_SUCCESS(s2n_stuffer_free(&nist_reference_personalization_strings));
EXPECT_SUCCESS(s2n_stuffer_free(&nist_reference_returned_bits));
EXPECT_SUCCESS(s2n_stuffer_free(&nist_reference_values));
END_TEST();
}
int main(int argc, char **argv)
{
struct s2n_connection *conn;
uint8_t mac_key[] = "sample mac key";
uint8_t aes128_key[] = "123456789012345";
struct s2n_blob aes128 = {.data = aes128_key,.size = sizeof(aes128_key) };
uint8_t random_data[S2N_LARGE_RECORD_LENGTH + 1];
struct s2n_blob r = {.data = random_data, .size = sizeof(random_data)};
BEGIN_TEST();
EXPECT_NOT_NULL(conn = s2n_connection_new(S2N_SERVER));
EXPECT_SUCCESS(s2n_get_urandom_data(&r));
/* Peer and we are in sync */
conn->server = &conn->secure;
conn->client = &conn->secure;
/* test the AES128 cipher with a SHA1 hash */
conn->secure.cipher_suite->record_alg = &s2n_record_alg_aes128_sha;
EXPECT_SUCCESS(conn->secure.cipher_suite->record_alg->cipher->init(&conn->secure.server_key));
EXPECT_SUCCESS(conn->secure.cipher_suite->record_alg->cipher->init(&conn->secure.client_key));
EXPECT_SUCCESS(conn->secure.cipher_suite->record_alg->cipher->set_encryption_key(&conn->secure.server_key, &aes128));
EXPECT_SUCCESS(conn->secure.cipher_suite->record_alg->cipher->set_decryption_key(&conn->secure.client_key, &aes128));
EXPECT_SUCCESS(s2n_hmac_init(&conn->secure.client_record_mac, S2N_HMAC_SHA1, mac_key, sizeof(mac_key)));
EXPECT_SUCCESS(s2n_hmac_init(&conn->secure.server_record_mac, S2N_HMAC_SHA1, mac_key, sizeof(mac_key)));
conn->actual_protocol_version = S2N_TLS11;
/* Align the record size, then subtract 20 bytes for the HMAC, 16 bytes for the explicit IV, and one byte
* for the padding length byte.
*/
int small_aligned_payload = S2N_SMALL_FRAGMENT_LENGTH - (S2N_SMALL_FRAGMENT_LENGTH % 16) - 20 - 16 - 1;
int large_aligned_payload = S2N_LARGE_FRAGMENT_LENGTH - (S2N_LARGE_FRAGMENT_LENGTH % 16) - 20 - 16 - 1;
int bytes_written;
/* Check the default: small record */
EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->out));
EXPECT_SUCCESS(bytes_written = s2n_record_write(conn, TLS_APPLICATION_DATA, &r));
EXPECT_EQUAL(bytes_written, small_aligned_payload);
/* Check explicitly small records */
EXPECT_SUCCESS(s2n_connection_prefer_low_latency(conn));
EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->out));
EXPECT_SUCCESS(bytes_written = s2n_record_write(conn, TLS_APPLICATION_DATA, &r));
EXPECT_EQUAL(bytes_written, small_aligned_payload);
/* Check explicitly large records */
EXPECT_SUCCESS(s2n_connection_prefer_throughput(conn));
EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->out));
EXPECT_SUCCESS(bytes_written = s2n_record_write(conn, TLS_APPLICATION_DATA, &r));
EXPECT_EQUAL(bytes_written, large_aligned_payload);
/* Clean up */
EXPECT_SUCCESS(conn->secure.cipher_suite->record_alg->cipher->destroy_key(&conn->secure.server_key));
EXPECT_SUCCESS(conn->secure.cipher_suite->record_alg->cipher->destroy_key(&conn->secure.client_key));
EXPECT_SUCCESS(s2n_connection_free(conn));
EXPECT_SUCCESS(s2n_hmac_init(&conn->secure.server_record_mac, S2N_HMAC_SHA1, mac_key, sizeof(mac_key)));
END_TEST();
}
status_t Harness::testStateTransitions(
const char *componentName, const char *componentRole) {
if (strncmp(componentName, "OMX.", 4)) {
// Non-OMX components, i.e. software decoders won't execute this
// test.
return OK;
}
sp<MemoryDealer> dealer = new MemoryDealer(16 * 1024 * 1024, "OMXHarness");
IOMX::node_id node;
status_t err =
mOMX->allocateNode(componentName, this, &node);
EXPECT_SUCCESS(err, "allocateNode");
NodeReaper reaper(this, node);
err = setRole(node, componentRole);
EXPECT_SUCCESS(err, "setRole");
// Initiate transition Loaded->Idle
err = mOMX->sendCommand(node, OMX_CommandStateSet, OMX_StateIdle);
EXPECT_SUCCESS(err, "sendCommand(go-to-Idle)");
omx_message msg;
err = dequeueMessageForNode(node, &msg, DEFAULT_TIMEOUT);
// Make sure node doesn't just transition to idle before we are done
// allocating all input and output buffers.
EXPECT(err == TIMED_OUT,
"Component must not transition from loaded to idle before "
"all input and output buffers are allocated.");
// Now allocate buffers.
Vector<Buffer> inputBuffers;
err = allocatePortBuffers(dealer, node, 0, &inputBuffers);
EXPECT_SUCCESS(err, "allocatePortBuffers(input)");
err = dequeueMessageForNode(node, &msg, DEFAULT_TIMEOUT);
CHECK_EQ(err, TIMED_OUT);
Vector<Buffer> outputBuffers;
err = allocatePortBuffers(dealer, node, 1, &outputBuffers);
EXPECT_SUCCESS(err, "allocatePortBuffers(output)");
err = dequeueMessageForNode(node, &msg, DEFAULT_TIMEOUT);
EXPECT(err == OK
&& msg.type == omx_message::EVENT
&& msg.u.event_data.event == OMX_EventCmdComplete
&& msg.u.event_data.data1 == OMX_CommandStateSet
&& msg.u.event_data.data2 == OMX_StateIdle,
"Component did not properly transition to idle state "
"after all input and output buffers were allocated.");
// Initiate transition Idle->Executing
err = mOMX->sendCommand(node, OMX_CommandStateSet, OMX_StateExecuting);
EXPECT_SUCCESS(err, "sendCommand(go-to-Executing)");
err = dequeueMessageForNode(node, &msg, DEFAULT_TIMEOUT);
EXPECT(err == OK
&& msg.type == omx_message::EVENT
&& msg.u.event_data.event == OMX_EventCmdComplete
&& msg.u.event_data.data1 == OMX_CommandStateSet
&& msg.u.event_data.data2 == OMX_StateExecuting,
"Component did not properly transition from idle to "
"executing state.");
for (size_t i = 0; i < outputBuffers.size(); ++i) {
err = mOMX->fillBuffer(node, outputBuffers[i].mID);
EXPECT_SUCCESS(err, "fillBuffer");
outputBuffers.editItemAt(i).mFlags |= kBufferBusy;
}
err = mOMX->sendCommand(node, OMX_CommandFlush, 1);
EXPECT_SUCCESS(err, "sendCommand(flush-output-port)");
err = dequeueMessageForNodeIgnoringBuffers(
node, &inputBuffers, &outputBuffers, &msg, DEFAULT_TIMEOUT);
EXPECT(err == OK
&& msg.type == omx_message::EVENT
&& msg.u.event_data.event == OMX_EventCmdComplete
&& msg.u.event_data.data1 == OMX_CommandFlush
&& msg.u.event_data.data2 == 1,
"Component did not properly acknowledge flushing the output port.");
for (size_t i = 0; i < outputBuffers.size(); ++i) {
EXPECT((outputBuffers[i].mFlags & kBufferBusy) == 0,
"Not all output buffers have been returned to us by the time "
"we received the flush-complete notification.");
}
for (size_t i = 0; i < outputBuffers.size(); ++i) {
err = mOMX->fillBuffer(node, outputBuffers[i].mID);
EXPECT_SUCCESS(err, "fillBuffer");
outputBuffers.editItemAt(i).mFlags |= kBufferBusy;
}
// Initiate transition Executing->Idle
err = mOMX->sendCommand(node, OMX_CommandStateSet, OMX_StateIdle);
EXPECT_SUCCESS(err, "sendCommand(go-to-Idle)");
err = dequeueMessageForNodeIgnoringBuffers(
node, &inputBuffers, &outputBuffers, &msg, DEFAULT_TIMEOUT);
EXPECT(err == OK
&& msg.type == omx_message::EVENT
&& msg.u.event_data.event == OMX_EventCmdComplete
&& msg.u.event_data.data1 == OMX_CommandStateSet
&& msg.u.event_data.data2 == OMX_StateIdle,
"Component did not properly transition to from executing to "
"idle state.");
for (size_t i = 0; i < inputBuffers.size(); ++i) {
EXPECT((inputBuffers[i].mFlags & kBufferBusy) == 0,
"Not all input buffers have been returned to us by the "
"time we received the transition-to-idle complete "
"notification.");
}
for (size_t i = 0; i < outputBuffers.size(); ++i) {
EXPECT((outputBuffers[i].mFlags & kBufferBusy) == 0,
"Not all output buffers have been returned to us by the "
"time we received the transition-to-idle complete "
"notification.");
}
// Initiate transition Idle->Loaded
err = mOMX->sendCommand(node, OMX_CommandStateSet, OMX_StateLoaded);
EXPECT_SUCCESS(err, "sendCommand(go-to-Loaded)");
// Make sure node doesn't just transition to loaded before we are done
// freeing all input and output buffers.
err = dequeueMessageForNode(node, &msg, DEFAULT_TIMEOUT);
CHECK_EQ(err, TIMED_OUT);
for (size_t i = 0; i < inputBuffers.size(); ++i) {
err = mOMX->freeBuffer(node, 0, inputBuffers[i].mID);
EXPECT_SUCCESS(err, "freeBuffer");
}
err = dequeueMessageForNode(node, &msg, DEFAULT_TIMEOUT);
CHECK_EQ(err, TIMED_OUT);
for (size_t i = 0; i < outputBuffers.size(); ++i) {
err = mOMX->freeBuffer(node, 1, outputBuffers[i].mID);
EXPECT_SUCCESS(err, "freeBuffer");
}
err = dequeueMessageForNode(node, &msg, DEFAULT_TIMEOUT);
EXPECT(err == OK
&& msg.type == omx_message::EVENT
&& msg.u.event_data.event == OMX_EventCmdComplete
&& msg.u.event_data.data1 == OMX_CommandStateSet
&& msg.u.event_data.data2 == OMX_StateLoaded,
"Component did not properly transition to from idle to "
"loaded state after freeing all input and output buffers.");
err = mOMX->freeNode(node);
EXPECT_SUCCESS(err, "freeNode");
reaper.disarm();
node = 0;
return OK;
}
int main(int argc, char **argv)
{
struct s2n_connection *conn;
uint8_t mac_key[] = "sample mac key";
uint8_t rc4_key[] = "123456789012345";
struct s2n_blob key_iv = {.data = rc4_key,.size = sizeof(rc4_key) };
uint8_t random_data[S2N_SMALL_FRAGMENT_LENGTH + 1];
struct s2n_blob r = {.data = random_data, .size = sizeof(random_data)};
BEGIN_TEST();
EXPECT_NOT_NULL(conn = s2n_connection_new(S2N_SERVER));
EXPECT_SUCCESS(s2n_get_urandom_data(&r));
/* Peer and we are in sync */
conn->server = &conn->active;
/* test the RC4 cipher with a SHA1 hash */
conn->active.cipher_suite->cipher = &s2n_rc4;
conn->active.cipher_suite->hmac_alg = S2N_HMAC_SHA1;
EXPECT_SUCCESS(conn->active.cipher_suite->cipher->init(&conn->active.server_key));
EXPECT_SUCCESS(conn->active.cipher_suite->cipher->init(&conn->active.client_key));
EXPECT_SUCCESS(conn->active.cipher_suite->cipher->get_decryption_key(&conn->active.client_key, &key_iv));
EXPECT_SUCCESS(conn->active.cipher_suite->cipher->get_encryption_key(&conn->active.server_key, &key_iv));
EXPECT_SUCCESS(s2n_hmac_init(&conn->active.client_record_mac, S2N_HMAC_SHA1, mac_key, sizeof(mac_key)));
EXPECT_SUCCESS(s2n_hmac_init(&conn->active.server_record_mac, S2N_HMAC_SHA1, mac_key, sizeof(mac_key)));
conn->actual_protocol_version = S2N_TLS11;
for (int i = 0; i <= S2N_SMALL_FRAGMENT_LENGTH + 1; i++) {
struct s2n_blob in = {.data = random_data,.size = i };
int bytes_written;
EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->out));
EXPECT_SUCCESS(bytes_written = s2n_record_write(conn, TLS_APPLICATION_DATA, &in));
if (i <= S2N_SMALL_FRAGMENT_LENGTH - 20) {
EXPECT_EQUAL(bytes_written, i);
} else {
EXPECT_EQUAL(bytes_written, S2N_SMALL_FRAGMENT_LENGTH - 20);
}
uint16_t predicted_length = bytes_written + 20;
EXPECT_EQUAL(conn->out.blob.data[0], TLS_APPLICATION_DATA);
EXPECT_EQUAL(conn->out.blob.data[1], 3);
EXPECT_EQUAL(conn->out.blob.data[2], 2);
EXPECT_EQUAL(conn->out.blob.data[3], (predicted_length >> 8) & 0xff);
EXPECT_EQUAL(conn->out.blob.data[4], predicted_length & 0xff);
/* The data should be encrypted */
if (bytes_written > 10) {
EXPECT_NOT_EQUAL(memcmp(conn->out.blob.data + 5, random_data, bytes_written), 0);
}
/* Copy the encrypted out data to the in data */
EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->in));
EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->header_in));
EXPECT_SUCCESS(s2n_stuffer_copy(&conn->out, &conn->header_in, 5))
EXPECT_SUCCESS(s2n_stuffer_copy(&conn->out, &conn->in, s2n_stuffer_data_available(&conn->out)))
/* Check that the data looks right */
EXPECT_EQUAL(bytes_written + 20, s2n_stuffer_data_available(&conn->in));
/* Let's decrypt it */
uint8_t content_type;
uint16_t fragment_length;
EXPECT_SUCCESS(s2n_record_header_parse(conn, &content_type, &fragment_length));
EXPECT_SUCCESS(s2n_record_parse(conn));
EXPECT_EQUAL(content_type, TLS_APPLICATION_DATA);
EXPECT_EQUAL(fragment_length, predicted_length);
EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->header_in));
EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->in));
}
EXPECT_SUCCESS(conn->active.cipher_suite->cipher->destroy_key(&conn->active.server_key));
EXPECT_SUCCESS(conn->active.cipher_suite->cipher->destroy_key(&conn->active.client_key));
EXPECT_SUCCESS(s2n_connection_free(conn));
END_TEST();
}
int main(int argc, char **argv)
{
char buffer[0xffff];
struct s2n_connection *conn;
struct s2n_config *config;
s2n_blocked_status blocked;
int status;
pid_t pid;
int server_to_client[2];
int client_to_server[2];
const char *protocols[] = { "http/1.1", "spdy/3.1" };
const char *mismatch_protocols[] = { "spdy/2" };
BEGIN_TEST();
EXPECT_SUCCESS(setenv("S2N_ENABLE_CLIENT_MODE", "1", 0));
EXPECT_NOT_NULL(config = s2n_config_new());
EXPECT_SUCCESS(s2n_config_set_protocol_preferences(config, protocols, 2));
EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key(config, certificate, private_key));
EXPECT_SUCCESS(s2n_config_add_dhparams(config, dhparams));
/** Test no client ALPN request */
/* Create a pipe */
EXPECT_SUCCESS(pipe(server_to_client));
EXPECT_SUCCESS(pipe(client_to_server));
/* Create a child process */
pid = fork();
if (pid == 0) {
/* This is the child process, close the read end of the pipe */
EXPECT_SUCCESS(close(client_to_server[0]));
EXPECT_SUCCESS(close(server_to_client[1]));
/* Send the client hello with no ALPN extensions, and validate we didn't
* negotiate an application protocol */
mock_client(client_to_server[1], server_to_client[0], NULL, 0, NULL);
}
/* This is the parent */
EXPECT_SUCCESS(close(client_to_server[1]));
EXPECT_SUCCESS(close(server_to_client[0]));
EXPECT_NOT_NULL(conn = s2n_connection_new(S2N_SERVER));
EXPECT_SUCCESS(s2n_connection_set_config(conn, config));
/* Set up the connection to read from the fd */
EXPECT_SUCCESS(s2n_connection_set_read_fd(conn, client_to_server[0]));
EXPECT_SUCCESS(s2n_connection_set_write_fd(conn, server_to_client[1]));
/* Negotiate the handshake. */
EXPECT_SUCCESS(s2n_negotiate(conn, &blocked));
/* Expect NULL negotiated protocol */
EXPECT_EQUAL(s2n_get_application_protocol(conn), NULL);
for (int i = 1; i < 0xffff; i += 100) {
char * ptr = buffer;
int bytes_read = 0;
int size = i;
do {
EXPECT_SUCCESS(bytes_read = s2n_recv(conn, ptr, size, &blocked));
size -= bytes_read;
ptr += bytes_read;
} while(size);
for (int j = 0; j < i; j++) {
EXPECT_EQUAL(buffer[j], 33);
}
}
EXPECT_SUCCESS(s2n_shutdown(conn, &blocked));
EXPECT_SUCCESS(s2n_connection_free(conn));
/* Clean up */
EXPECT_EQUAL(waitpid(-1, &status, 0), pid);
EXPECT_EQUAL(status, 0);
/* Test a matching ALPN request */
/* Create a pipe */
EXPECT_SUCCESS(pipe(server_to_client));
EXPECT_SUCCESS(pipe(client_to_server));
/* Create a child process */
pid = fork();
if (pid == 0) {
/* This is the child process, close the read end of the pipe */
EXPECT_SUCCESS(close(client_to_server[0]));
EXPECT_SUCCESS(close(server_to_client[1]));
/* Clients ALPN preferences match our preferences, so we pick the
* most preffered server one */
mock_client(client_to_server[1], server_to_client[0], protocols, 2, protocols[0]);
}
/* This is the parent */
EXPECT_SUCCESS(close(client_to_server[1]));
EXPECT_SUCCESS(close(server_to_client[0]));
EXPECT_NOT_NULL(conn = s2n_connection_new(S2N_SERVER));
EXPECT_SUCCESS(s2n_connection_set_config(conn, config));
/* Set up the connection to read from the fd */
EXPECT_SUCCESS(s2n_connection_set_read_fd(conn, client_to_server[0]));
EXPECT_SUCCESS(s2n_connection_set_write_fd(conn, server_to_client[1]));
/* Negotiate the handshake. */
EXPECT_SUCCESS(s2n_negotiate(conn, &blocked));
/* Expect our most prefered negotiated protocol */
EXPECT_STRING_EQUAL(s2n_get_application_protocol(conn), protocols[0]);
for (int i = 1; i < 0xffff; i += 100) {
char * ptr = buffer;
int bytes_read = 0;
int size = i;
do {
EXPECT_SUCCESS(bytes_read = s2n_recv(conn, ptr, size, &blocked));
size -= bytes_read;
ptr += bytes_read;
} while(size);
for (int j = 0; j < i; j++) {
EXPECT_EQUAL(buffer[j], 33);
}
}
EXPECT_SUCCESS(s2n_shutdown(conn, &blocked));
EXPECT_SUCCESS(s2n_connection_free(conn));
/* Clean up */
EXPECT_EQUAL(waitpid(-1, &status, 0), pid);
EXPECT_EQUAL(status, 0);
/* Test a lower prefered matching ALPN request */
/* Create a pipe */
EXPECT_SUCCESS(pipe(server_to_client));
EXPECT_SUCCESS(pipe(client_to_server));
/* Create a child process */
pid = fork();
if (pid == 0) {
/* This is the child process, close the read end of the pipe */
EXPECT_SUCCESS(close(client_to_server[0]));
EXPECT_SUCCESS(close(server_to_client[1]));
/* Client only advertises our second choice, so we should negotiate it */
mock_client(client_to_server[1], server_to_client[0], &protocols[1], 1, protocols[1]);
}
/* This is the parent */
EXPECT_SUCCESS(close(client_to_server[1]));
EXPECT_SUCCESS(close(server_to_client[0]));
EXPECT_NOT_NULL(conn = s2n_connection_new(S2N_SERVER));
EXPECT_SUCCESS(s2n_connection_set_config(conn, config));
/* Set up the connection to read from the fd */
EXPECT_SUCCESS(s2n_connection_set_read_fd(conn, client_to_server[0]));
EXPECT_SUCCESS(s2n_connection_set_write_fd(conn, server_to_client[1]));
/* Negotiate the handshake. */
EXPECT_SUCCESS(s2n_negotiate(conn, &blocked));
for (int i = 1; i < 0xffff; i += 100) {
char * ptr = buffer;
int bytes_read = 0;
int size = i;
do {
EXPECT_SUCCESS(bytes_read = s2n_recv(conn, ptr, size, &blocked));
size -= bytes_read;
ptr += bytes_read;
} while(size);
for (int j = 0; j < i; j++) {
EXPECT_EQUAL(buffer[j], 33);
}
}
/* Expect our least prefered negotiated protocol */
EXPECT_STRING_EQUAL(s2n_get_application_protocol(conn), protocols[1]);
EXPECT_SUCCESS(s2n_shutdown(conn, &blocked));
EXPECT_SUCCESS(s2n_connection_free(conn));
/* Clean up */
EXPECT_EQUAL(waitpid(-1, &status, 0), pid);
EXPECT_EQUAL(status, 0);
/* Test a non-matching ALPN request */
/* Create a pipe */
EXPECT_SUCCESS(pipe(server_to_client));
EXPECT_SUCCESS(pipe(client_to_server));
/* Create a child process */
pid = fork();
if (pid == 0) {
/* This is the child process, close the read end of the pipe */
EXPECT_SUCCESS(close(client_to_server[0]));
EXPECT_SUCCESS(close(server_to_client[1]));
/* Client doesn't support any of our protocols, so we shouldn't complete
* the handshake */
mock_client(client_to_server[1], server_to_client[0], mismatch_protocols, 1, NULL);
}
/* This is the parent */
EXPECT_SUCCESS(close(client_to_server[1]));
EXPECT_SUCCESS(close(server_to_client[0]));
EXPECT_NOT_NULL(conn = s2n_connection_new(S2N_SERVER));
EXPECT_SUCCESS(s2n_connection_set_config(conn, config));
/* Set up the connection to read from the fd */
EXPECT_SUCCESS(s2n_connection_set_read_fd(conn, client_to_server[0]));
EXPECT_SUCCESS(s2n_connection_set_write_fd(conn, server_to_client[1]));
/* s2n_negotiate will fail, which ordinarily would delay with a sleep.
* Remove the sleep and fake the delay with a mock time routine */
EXPECT_SUCCESS(s2n_connection_set_blinding(conn, S2N_SELF_SERVICE_BLINDING));
EXPECT_SUCCESS(s2n_config_set_nanoseconds_since_epoch_callback(config, mock_nanoseconds_since_epoch, NULL));
/* Negotiate the handshake. */
EXPECT_FAILURE(s2n_negotiate(conn, &blocked));
/* Expect NULL negotiated protocol */
EXPECT_EQUAL(s2n_get_application_protocol(conn), NULL);
EXPECT_SUCCESS(s2n_shutdown(conn, &blocked));
EXPECT_SUCCESS(s2n_connection_free(conn));
/* Close the pipes */
EXPECT_SUCCESS(close(client_to_server[0]));
EXPECT_SUCCESS(close(server_to_client[1]));
/* Clean up */
EXPECT_EQUAL(waitpid(-1, &status, 0), pid);
EXPECT_NOT_EQUAL(status, 0);
EXPECT_SUCCESS(s2n_config_free(config));
END_TEST();
return 0;
}
