From nobody Thu Dec 08 00:58:03 2022 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4NSG3b5nljz4kK9h; Thu, 8 Dec 2022 00:58:03 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4NSG3b5W3Zz4KcS; Thu, 8 Dec 2022 00:58:03 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1670461083; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=PHgmc8NZeF5Fpn5NDluprg6lVJasryyE6EUqhJqmP/M=; b=JnChi8uESBjvH7SYKEFl3+vHtFWRjVMv3lYBLadP6kEU1sfJ+na+IhMj0guN1AvhKQ0o7D q0abSgg56AkZgrIubqnwa03KPOsngLXayaUA616qrJKqQIzsJUw/RuNQ4TgBeOr08iuOqE FbzwisyDTHtKmy5I10ofio4teZYWqK881/jjbw0rVnNbw7grdK/1wxXW72Y5SsMTU0K5AQ gl6kwSukT0Teuc2S8V1w3jL/IfpB01bNyMwGG8x/RgAmzLgX/dHcPlNTs2c7MPNg70Pc+w vyc+ptoSGxQlO/xyhAtQUbXAJZO18vuY0VX7zS6SzOaLSBbSi4FYclHM42285Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1670461083; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=PHgmc8NZeF5Fpn5NDluprg6lVJasryyE6EUqhJqmP/M=; b=KWVIDtwAkhZYuDdxBAt0up2jVNS/PoiPhCfOTgG3ZgpdwASXkOM7peNQtm7ujlmRIYMx1C 8YS2+3QGf2Lwe6C6HuM6HUvzitYT4XMkxDAzPPpyZg6NNufVPC6ATvfzyGw0qXf9O70/+H zsJN0iHcKj0bS68SlCny3WiUFmzS58UVDzpjG4Bni/LhiUEGnt2sG8HM3AXuXyRwUOa2qv 5BptOAviDvnw0uhvF98kyvb0HmFDjQEdtfPQ2Qh0LvJ4dpeiKM1CKAU+8/mRABa2lEgDe7 gYemfjihq2UsRQ31G9MJEeouepYJAMEizEQdKzuRRluhifeKjTnkpeLh9oHnwQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1670461083; a=rsa-sha256; cv=none; b=i6XpETPf+J4egaEKA5kT6SOBwud+GsrW3Bmyxuki296J/oAGFz0l5zKBLRnDwIA4bqcx7s JkJqYbUJzIBXs4UawimfKUoR2jztMoYaWOTVmezvd85ql8kF5SEBZ0zs+UMjkSeJKU7rny LaWQJcG9cLG+C2GtK2UqqTCLLBEFsyh1UHZKuwmeNFWo/D3pH3czDXLT5BtXhNrKyt3R6N nZmpXtyANywAkqxSxCItttnt3MF++6mQNs3LWcBSLBE4SUGP0QnMwBkh09qwGbXE9m8xOi 1/KUwLgVPR4TC7QB/V3nOrcB297zHVw40wfLsAQ8GuFdL31eSmuRk+GbDTaOwQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4NSG3b48QXzcpH; Thu, 8 Dec 2022 00:58:03 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 2B80w3Yp059043; Thu, 8 Dec 2022 00:58:03 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 2B80w3p5059042; Thu, 8 Dec 2022 00:58:03 GMT (envelope-from git) Date: Thu, 8 Dec 2022 00:58:03 GMT Message-Id: <202212080058.2B80w3p5059042@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: John Baldwin Subject: git: 70bb22868d53 - main - ktls_test: Add debug option to hexdump keys, nonces, and buffers. List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jhb X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 70bb22868d534435fd8d84173f264b48acacd501 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by jhb: URL: https://cgit.FreeBSD.org/src/commit/?id=70bb22868d534435fd8d84173f264b48acacd501 commit 70bb22868d534435fd8d84173f264b48acacd501 Author: John Baldwin AuthorDate: 2022-12-08 00:57:28 +0000 Commit: John Baldwin CommitDate: 2022-12-08 00:57:28 +0000 ktls_test: Add debug option to hexdump keys, nonces, and buffers. Reviewed by: markj Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D37509 --- tests/sys/kern/Makefile | 2 +- tests/sys/kern/ktls_test.c | 228 ++++++++++++++++++++++++++++++--------------- 2 files changed, 153 insertions(+), 77 deletions(-) diff --git a/tests/sys/kern/Makefile b/tests/sys/kern/Makefile index 00baa5c99fae..dec2384bc80b 100644 --- a/tests/sys/kern/Makefile +++ b/tests/sys/kern/Makefile @@ -70,7 +70,7 @@ LIBADD.sys_getrandom+= pthread LIBADD.ptrace_test+= pthread LIBADD.unix_seqpacket_test+= pthread LIBADD.kcov+= pthread -LIBADD.ktls_test+= crypto +LIBADD.ktls_test+= crypto util LIBADD.sendfile_helper+= pthread LIBADD.fdgrowtable_test+= util pthread kvm procstat LIBADD.sigwait+= rt diff --git a/tests/sys/kern/ktls_test.c b/tests/sys/kern/ktls_test.c index 09fb96ed11e8..ee575597f1f2 100644 --- a/tests/sys/kern/ktls_test.c +++ b/tests/sys/kern/ktls_test.c @@ -38,6 +38,7 @@ #include #include #include +#include #include #include #include @@ -95,6 +96,30 @@ check_tls_mode(const atf_tc_t *tc, int s, int sockopt) } } +static void __printflike(2, 3) +debug(const atf_tc_t *tc, const char *fmt, ...) +{ + if (!atf_tc_get_config_var_as_bool_wd(tc, "ktls.debug", false)) + return; + + va_list ap; + va_start(ap, fmt); + vprintf(fmt, ap); + va_end(ap); +} + +static void +debug_hexdump(const atf_tc_t *tc, const void *buf, int length, + const char *label) +{ + if (!atf_tc_get_config_var_as_bool_wd(tc, "ktls.debug", false)) + return; + + if (label != NULL) + printf("%s:\n", label); + hexdump(buf, length, NULL, 0); +} + static char rdigit(void) { @@ -509,8 +534,8 @@ aead_decrypt(const EVP_CIPHER *cipher, const char *key, const char *nonce, } static void -build_tls_enable(int cipher_alg, size_t cipher_key_len, int auth_alg, - int minor, uint64_t seqno, struct tls_enable *en) +build_tls_enable(const atf_tc_t *tc, int cipher_alg, size_t cipher_key_len, + int auth_alg, int minor, uint64_t seqno, struct tls_enable *en) { u_int auth_key_len, iv_len; @@ -551,8 +576,13 @@ build_tls_enable(int cipher_alg, size_t cipher_key_len, int auth_alg, break; } en->cipher_key = alloc_buffer(cipher_key_len); + debug_hexdump(tc, en->cipher_key, cipher_key_len, "cipher key"); en->iv = alloc_buffer(iv_len); + if (iv_len != 0) + debug_hexdump(tc, en->iv, iv_len, "iv"); en->auth_key = alloc_buffer(auth_key_len); + if (auth_key_len != 0) + debug_hexdump(tc, en->auth_key, auth_key_len, "auth key"); en->cipher_algorithm = cipher_alg; en->cipher_key_len = cipher_key_len; en->iv_len = iv_len; @@ -561,6 +591,7 @@ build_tls_enable(int cipher_alg, size_t cipher_key_len, int auth_alg, en->tls_vmajor = TLS_MAJOR_VER_ONE; en->tls_vminor = minor; be64enc(en->rec_seq, seqno); + debug(tc, "seqno: %ju\n", (uintmax_t)seqno); } static void @@ -750,8 +781,9 @@ tls_13_nonce(struct tls_enable *en, uint64_t seqno, char *nonce) * have sufficient room ('avail'), fail the test. */ static size_t -decrypt_tls_aes_cbc_mte(struct tls_enable *en, uint64_t seqno, const void *src, - size_t len, void *dst, size_t avail, uint8_t *record_type) +decrypt_tls_aes_cbc_mte(const atf_tc_t *tc, struct tls_enable *en, + uint64_t seqno, const void *src, size_t len, void *dst, size_t avail, + uint8_t *record_type) { const struct tls_record_layer *hdr; struct tls_mac_data aad; @@ -765,6 +797,8 @@ decrypt_tls_aes_cbc_mte(struct tls_enable *en, uint64_t seqno, const void *src, mac_len = tls_mac_len(en); ATF_REQUIRE(hdr->tls_vmajor == TLS_MAJOR_VER_ONE); ATF_REQUIRE(hdr->tls_vminor == en->tls_vminor); + debug(tc, "decrypting MTE record seqno %ju:\n", (uintmax_t)seqno); + debug_hexdump(tc, src, len, NULL); /* First, decrypt the outer payload into a temporary buffer. */ payload_len = len - hdr_len; @@ -773,8 +807,10 @@ decrypt_tls_aes_cbc_mte(struct tls_enable *en, uint64_t seqno, const void *src, iv = en->iv; else iv = (void *)(hdr + 1); + debug_hexdump(tc, iv, AES_BLOCK_LEN, "iv"); ATF_REQUIRE(cbc_decrypt(tls_EVP_CIPHER(en), en->cipher_key, iv, (const u_char *)src + hdr_len, buf, payload_len)); + debug_hexdump(tc, buf, payload_len, "decrypted buffer"); /* * Copy the last encrypted block to use as the IV for the next @@ -797,6 +833,7 @@ decrypt_tls_aes_cbc_mte(struct tls_enable *en, uint64_t seqno, const void *src, /* Verify HMAC. */ payload_len -= mac_len; tls_mte_aad(en, payload_len, hdr, seqno, &aad); + debug_hexdump(tc, &aad, sizeof(aad), "aad"); ATF_REQUIRE(verify_hash(tls_EVP_MD(en), en->auth_key, en->auth_key_len, &aad, sizeof(aad), buf, payload_len, buf + payload_len)); @@ -807,8 +844,8 @@ decrypt_tls_aes_cbc_mte(struct tls_enable *en, uint64_t seqno, const void *src, } static size_t -decrypt_tls_12_aead(struct tls_enable *en, uint64_t seqno, const void *src, - size_t len, void *dst, uint8_t *record_type) +decrypt_tls_12_aead(const atf_tc_t *tc, struct tls_enable *en, uint64_t seqno, + const void *src, size_t len, void *dst, uint8_t *record_type) { const struct tls_record_layer *hdr; struct tls_aead_data aad; @@ -822,12 +859,16 @@ decrypt_tls_12_aead(struct tls_enable *en, uint64_t seqno, const void *src, payload_len = len - (hdr_len + mac_len); ATF_REQUIRE(hdr->tls_vmajor == TLS_MAJOR_VER_ONE); ATF_REQUIRE(hdr->tls_vminor == TLS_MINOR_VER_TWO); + debug(tc, "decrypting TLS 1.2 record seqno %ju:\n", (uintmax_t)seqno); + debug_hexdump(tc, src, len, NULL); tls_12_aead_aad(en, payload_len, hdr, seqno, &aad); + debug_hexdump(tc, &aad, sizeof(aad), "aad"); if (en->cipher_algorithm == CRYPTO_AES_NIST_GCM_16) tls_12_gcm_nonce(en, hdr, nonce); else tls_13_nonce(en, seqno, nonce); + debug_hexdump(tc, nonce, sizeof(nonce), "nonce"); ATF_REQUIRE(aead_decrypt(tls_EVP_CIPHER(en), en->cipher_key, nonce, &aad, sizeof(aad), (const char *)src + hdr_len, dst, payload_len, @@ -838,8 +879,8 @@ decrypt_tls_12_aead(struct tls_enable *en, uint64_t seqno, const void *src, } static size_t -decrypt_tls_13_aead(struct tls_enable *en, uint64_t seqno, const void *src, - size_t len, void *dst, uint8_t *record_type) +decrypt_tls_13_aead(const atf_tc_t *tc, struct tls_enable *en, uint64_t seqno, + const void *src, size_t len, void *dst, uint8_t *record_type) { const struct tls_record_layer *hdr; struct tls_aead_data_13 aad; @@ -856,9 +897,13 @@ decrypt_tls_13_aead(struct tls_enable *en, uint64_t seqno, const void *src, ATF_REQUIRE(hdr->tls_type == TLS_RLTYPE_APP); ATF_REQUIRE(hdr->tls_vmajor == TLS_MAJOR_VER_ONE); ATF_REQUIRE(hdr->tls_vminor == TLS_MINOR_VER_TWO); + debug(tc, "decrypting TLS 1.3 record seqno %ju:\n", (uintmax_t)seqno); + debug_hexdump(tc, src, len, NULL); tls_13_aad(en, hdr, seqno, &aad); + debug_hexdump(tc, &aad, sizeof(aad), "aad"); tls_13_nonce(en, seqno, nonce); + debug_hexdump(tc, nonce, sizeof(nonce), "nonce"); /* * Have to use a temporary buffer for the output due to the @@ -869,6 +914,7 @@ decrypt_tls_13_aead(struct tls_enable *en, uint64_t seqno, const void *src, ATF_REQUIRE(aead_decrypt(tls_EVP_CIPHER(en), en->cipher_key, nonce, &aad, sizeof(aad), (const char *)src + hdr_len, buf, payload_len, (const char *)src + hdr_len + payload_len, mac_len)); + debug_hexdump(tc, buf, payload_len, "decrypted buffer"); /* Trim record type. */ *record_type = buf[payload_len - 1]; @@ -881,8 +927,8 @@ decrypt_tls_13_aead(struct tls_enable *en, uint64_t seqno, const void *src, } static size_t -decrypt_tls_aead(struct tls_enable *en, uint64_t seqno, const void *src, - size_t len, void *dst, size_t avail, uint8_t *record_type) +decrypt_tls_aead(const atf_tc_t *tc, struct tls_enable *en, uint64_t seqno, + const void *src, size_t len, void *dst, size_t avail, uint8_t *record_type) { const struct tls_record_layer *hdr; size_t payload_len; @@ -894,10 +940,10 @@ decrypt_tls_aead(struct tls_enable *en, uint64_t seqno, const void *src, ATF_REQUIRE(payload_len <= avail); if (en->tls_vminor == TLS_MINOR_VER_TWO) { - ATF_REQUIRE(decrypt_tls_12_aead(en, seqno, src, len, dst, + ATF_REQUIRE(decrypt_tls_12_aead(tc, en, seqno, src, len, dst, record_type) == payload_len); } else { - ATF_REQUIRE(decrypt_tls_13_aead(en, seqno, src, len, dst, + ATF_REQUIRE(decrypt_tls_13_aead(tc, en, seqno, src, len, dst, record_type) == payload_len); } @@ -905,14 +951,14 @@ decrypt_tls_aead(struct tls_enable *en, uint64_t seqno, const void *src, } static size_t -decrypt_tls_record(struct tls_enable *en, uint64_t seqno, const void *src, - size_t len, void *dst, size_t avail, uint8_t *record_type) +decrypt_tls_record(const atf_tc_t *tc, struct tls_enable *en, uint64_t seqno, + const void *src, size_t len, void *dst, size_t avail, uint8_t *record_type) { if (en->cipher_algorithm == CRYPTO_AES_CBC) - return (decrypt_tls_aes_cbc_mte(en, seqno, src, len, dst, avail, - record_type)); + return (decrypt_tls_aes_cbc_mte(tc, en, seqno, src, len, dst, + avail, record_type)); else - return (decrypt_tls_aead(en, seqno, src, len, dst, avail, + return (decrypt_tls_aead(tc, en, seqno, src, len, dst, avail, record_type)); } @@ -924,9 +970,9 @@ decrypt_tls_record(struct tls_enable *en, uint64_t seqno, const void *src, * cipher suite. */ static size_t -encrypt_tls_aes_cbc_mte(struct tls_enable *en, uint8_t record_type, - uint64_t seqno, const void *src, size_t len, void *dst, size_t avail, - size_t padding) +encrypt_tls_aes_cbc_mte(const atf_tc_t *tc, struct tls_enable *en, + uint8_t record_type, uint64_t seqno, const void *src, size_t len, void *dst, + size_t avail, size_t padding) { struct tls_record_layer *hdr; struct tls_mac_data aad; @@ -939,6 +985,7 @@ encrypt_tls_aes_cbc_mte(struct tls_enable *en, uint8_t record_type, hdr = dst; buf = dst; + debug(tc, "encrypting MTE record seqno %ju:\n", (uintmax_t)seqno); hdr_len = tls_header_len(en); mac_len = tls_mac_len(en); padding += (AES_BLOCK_LEN - (len + mac_len) % AES_BLOCK_LEN); @@ -954,12 +1001,15 @@ encrypt_tls_aes_cbc_mte(struct tls_enable *en, uint8_t record_type, iv = (char *)(hdr + 1); for (i = 0; i < AES_BLOCK_LEN; i++) iv[i] = rdigit(); + debug_hexdump(tc, iv, AES_BLOCK_LEN, "explicit IV"); /* Copy plaintext to ciphertext region. */ memcpy(buf + hdr_len, src, len); /* Compute HMAC. */ tls_mte_aad(en, len, hdr, seqno, &aad); + debug_hexdump(tc, &aad, sizeof(aad), "aad"); + debug_hexdump(tc, src, len, "plaintext"); ATF_REQUIRE(compute_hash(tls_EVP_MD(en), en->auth_key, en->auth_key_len, &aad, sizeof(aad), src, len, buf + hdr_len + len, &digest_len)); ATF_REQUIRE(digest_len == mac_len); @@ -967,17 +1017,19 @@ encrypt_tls_aes_cbc_mte(struct tls_enable *en, uint8_t record_type, /* Store padding. */ for (i = 0; i < padding; i++) buf[hdr_len + len + mac_len + i] = padding - 1; + debug_hexdump(tc, buf + hdr_len + len, mac_len + padding, "MAC and padding"); /* Encrypt the record. */ ATF_REQUIRE(cbc_encrypt(tls_EVP_CIPHER(en), en->cipher_key, iv, buf + hdr_len, buf + hdr_len, len + mac_len + padding)); + debug_hexdump(tc, dst, record_len, "encrypted record"); return (record_len); } static size_t -encrypt_tls_12_aead(struct tls_enable *en, uint8_t record_type, uint64_t seqno, - const void *src, size_t len, void *dst) +encrypt_tls_12_aead(const atf_tc_t *tc, struct tls_enable *en, + uint8_t record_type, uint64_t seqno, const void *src, size_t len, void *dst) { struct tls_record_layer *hdr; struct tls_aead_data aad; @@ -986,6 +1038,7 @@ encrypt_tls_12_aead(struct tls_enable *en, uint8_t record_type, uint64_t seqno, hdr = dst; + debug(tc, "encrypting TLS 1.2 record seqno %ju:\n", (uintmax_t)seqno); hdr_len = tls_header_len(en); mac_len = tls_mac_len(en); record_len = hdr_len + len + mac_len; @@ -998,21 +1051,26 @@ encrypt_tls_12_aead(struct tls_enable *en, uint8_t record_type, uint64_t seqno, memcpy(hdr + 1, &seqno, sizeof(seqno)); tls_12_aead_aad(en, len, hdr, seqno, &aad); + debug_hexdump(tc, &aad, sizeof(aad), "aad"); if (en->cipher_algorithm == CRYPTO_AES_NIST_GCM_16) tls_12_gcm_nonce(en, hdr, nonce); else tls_13_nonce(en, seqno, nonce); + debug_hexdump(tc, nonce, sizeof(nonce), "nonce"); + debug_hexdump(tc, src, len, "plaintext"); ATF_REQUIRE(aead_encrypt(tls_EVP_CIPHER(en), en->cipher_key, nonce, &aad, sizeof(aad), src, (char *)dst + hdr_len, len, (char *)dst + hdr_len + len, mac_len)); + debug_hexdump(tc, dst, record_len, "encrypted record"); return (record_len); } static size_t -encrypt_tls_13_aead(struct tls_enable *en, uint8_t record_type, uint64_t seqno, - const void *src, size_t len, void *dst, size_t padding) +encrypt_tls_13_aead(const atf_tc_t *tc, struct tls_enable *en, + uint8_t record_type, uint64_t seqno, const void *src, size_t len, void *dst, + size_t padding) { struct tls_record_layer *hdr; struct tls_aead_data_13 aad; @@ -1022,6 +1080,7 @@ encrypt_tls_13_aead(struct tls_enable *en, uint8_t record_type, uint64_t seqno, hdr = dst; + debug(tc, "encrypting TLS 1.3 record seqno %ju:\n", (uintmax_t)seqno); hdr_len = tls_header_len(en); mac_len = tls_mac_len(en); record_len = hdr_len + len + 1 + padding + mac_len; @@ -1032,7 +1091,9 @@ encrypt_tls_13_aead(struct tls_enable *en, uint8_t record_type, uint64_t seqno, hdr->tls_length = htons(record_len - sizeof(*hdr)); tls_13_aad(en, hdr, seqno, &aad); + debug_hexdump(tc, &aad, sizeof(aad), "aad"); tls_13_nonce(en, seqno, nonce); + debug_hexdump(tc, nonce, sizeof(nonce), "nonce"); /* * Have to use a temporary buffer for the input so that the record @@ -1042,10 +1103,12 @@ encrypt_tls_13_aead(struct tls_enable *en, uint8_t record_type, uint64_t seqno, memcpy(buf, src, len); buf[len] = record_type; memset(buf + len + 1, 0, padding); + debug_hexdump(tc, buf, len + 1 + padding, "plaintext + type + padding"); ATF_REQUIRE(aead_encrypt(tls_EVP_CIPHER(en), en->cipher_key, nonce, &aad, sizeof(aad), buf, (char *)dst + hdr_len, len + 1 + padding, (char *)dst + hdr_len + len + 1 + padding, mac_len)); + debug_hexdump(tc, dst, record_len, "encrypted record"); free(buf); @@ -1053,8 +1116,9 @@ encrypt_tls_13_aead(struct tls_enable *en, uint8_t record_type, uint64_t seqno, } static size_t -encrypt_tls_aead(struct tls_enable *en, uint8_t record_type, uint64_t seqno, - const void *src, size_t len, void *dst, size_t avail, size_t padding) +encrypt_tls_aead(const atf_tc_t *tc, struct tls_enable *en, + uint8_t record_type, uint64_t seqno, const void *src, size_t len, void *dst, + size_t avail, size_t padding) { size_t record_len; @@ -1063,24 +1127,25 @@ encrypt_tls_aead(struct tls_enable *en, uint8_t record_type, uint64_t seqno, if (en->tls_vminor == TLS_MINOR_VER_TWO) { ATF_REQUIRE(padding == 0); - ATF_REQUIRE(encrypt_tls_12_aead(en, record_type, seqno, src, + ATF_REQUIRE(encrypt_tls_12_aead(tc, en, record_type, seqno, src, len, dst) == record_len); } else - ATF_REQUIRE(encrypt_tls_13_aead(en, record_type, seqno, src, + ATF_REQUIRE(encrypt_tls_13_aead(tc, en, record_type, seqno, src, len, dst, padding) == record_len); return (record_len); } static size_t -encrypt_tls_record(struct tls_enable *en, uint8_t record_type, uint64_t seqno, - const void *src, size_t len, void *dst, size_t avail, size_t padding) +encrypt_tls_record(const atf_tc_t *tc, struct tls_enable *en, + uint8_t record_type, uint64_t seqno, const void *src, size_t len, void *dst, + size_t avail, size_t padding) { if (en->cipher_algorithm == CRYPTO_AES_CBC) - return (encrypt_tls_aes_cbc_mte(en, record_type, seqno, src, + return (encrypt_tls_aes_cbc_mte(tc, en, record_type, seqno, src, len, dst, avail, padding)); else - return (encrypt_tls_aead(en, record_type, seqno, src, len, + return (encrypt_tls_aead(tc, en, record_type, seqno, src, len, dst, avail, padding)); } @@ -1097,6 +1162,7 @@ test_ktls_transmit_app_data(const atf_tc_t *tc, struct tls_enable *en, uint8_t record_type; plaintext = alloc_buffer(len); + debug_hexdump(tc, plaintext, len, "plaintext"); decrypted = malloc(len); outbuf_cap = tls_header_len(en) + TLS_MAX_MSG_SIZE_V10_2 + tls_trailer_len(en); @@ -1154,6 +1220,14 @@ test_ktls_transmit_app_data(const atf_tc_t *tc, struct tls_enable *en, ATF_REQUIRE_MSG(rv > 0, "failed to read from socket"); outbuf_len += rv; + + if (outbuf_len == + sizeof(struct tls_record_layer)) { + debug(tc, "TLS header for seqno %ju:\n", + (uintmax_t)seqno); + debug_hexdump(tc, outbuf, outbuf_len, + NULL); + } } if (outbuf_len < sizeof(struct tls_record_layer)) @@ -1161,6 +1235,8 @@ test_ktls_transmit_app_data(const atf_tc_t *tc, struct tls_enable *en, record_len = sizeof(struct tls_record_layer) + ntohs(hdr->tls_length); + debug(tc, "record_len %zu outbuf_cap %zu\n", + record_len, outbuf_cap); ATF_REQUIRE(record_len <= outbuf_cap); ATF_REQUIRE(record_len > outbuf_len); rv = read(ev.ident, outbuf + outbuf_len, @@ -1171,8 +1247,8 @@ test_ktls_transmit_app_data(const atf_tc_t *tc, struct tls_enable *en, outbuf_len += rv; if (outbuf_len == record_len) { - decrypted_len += decrypt_tls_record(en, seqno, - outbuf, outbuf_len, + decrypted_len += decrypt_tls_record(tc, en, + seqno, outbuf, outbuf_len, decrypted + decrypted_len, len - decrypted_len, &record_type); ATF_REQUIRE(record_type == TLS_RLTYPE_APP); @@ -1266,8 +1342,8 @@ test_ktls_transmit_control(const atf_tc_t *tc, struct tls_enable *en, payload_len); ATF_REQUIRE(rv == (ssize_t)payload_len); - rv = decrypt_tls_record(en, seqno, outbuf, record_len, decrypted, len, - &record_type); + rv = decrypt_tls_record(tc, en, seqno, outbuf, record_len, decrypted, + len, &record_type); ATF_REQUIRE_MSG((ssize_t)len == rv, "read %zd decrypted bytes, but wrote %zu", rv, len); @@ -1333,7 +1409,7 @@ test_ktls_transmit_empty_fragment(const atf_tc_t *tc, struct tls_enable *en, payload_len); ATF_REQUIRE(rv == (ssize_t)payload_len); - rv = decrypt_tls_record(en, seqno, outbuf, record_len, NULL, 0, + rv = decrypt_tls_record(tc, en, seqno, outbuf, record_len, NULL, 0, &record_type); ATF_REQUIRE_MSG(rv == 0, @@ -1436,7 +1512,7 @@ test_ktls_receive_app_data(const atf_tc_t *tc, struct tls_enable *en, todo = len - written; if (todo > TLS_MAX_MSG_SIZE_V10_2 - padding) todo = TLS_MAX_MSG_SIZE_V10_2 - padding; - outbuf_len = encrypt_tls_record(en, + outbuf_len = encrypt_tls_record(tc, en, TLS_RLTYPE_APP, seqno, plaintext + written, todo, outbuf, outbuf_cap, padding); outbuf_sent = 0; @@ -1535,7 +1611,7 @@ test_ktls_receive_corrupted_record(const atf_tc_t *tc, struct tls_enable *en, fd_set_blocking(sockets[0]); fd_set_blocking(sockets[1]); - outbuf_len = encrypt_tls_record(en, TLS_RLTYPE_APP, seqno, + outbuf_len = encrypt_tls_record(tc, en, TLS_RLTYPE_APP, seqno, plaintext, len, outbuf, outbuf_cap, 0); /* A negative offset is an offset from the end. */ @@ -1624,7 +1700,7 @@ test_ktls_receive_truncated_record(const atf_tc_t *tc, struct tls_enable *en, fd_set_blocking(sockets[0]); fd_set_blocking(sockets[1]); - outbuf_len = encrypt_tls_record(en, TLS_RLTYPE_APP, seqno, + outbuf_len = encrypt_tls_record(tc, en, TLS_RLTYPE_APP, seqno, plaintext, len, outbuf, outbuf_cap, 0); rv = write(sockets[1], outbuf, outbuf_len / 2); @@ -1665,7 +1741,7 @@ test_ktls_receive_bad_major(const atf_tc_t *tc, struct tls_enable *en, fd_set_blocking(sockets[0]); fd_set_blocking(sockets[1]); - outbuf_len = encrypt_tls_record(en, TLS_RLTYPE_APP, seqno, + outbuf_len = encrypt_tls_record(tc, en, TLS_RLTYPE_APP, seqno, plaintext, len, outbuf, outbuf_cap, 0); hdr = (void *)outbuf; @@ -1707,7 +1783,7 @@ test_ktls_receive_bad_minor(const atf_tc_t *tc, struct tls_enable *en, fd_set_blocking(sockets[0]); fd_set_blocking(sockets[1]); - outbuf_len = encrypt_tls_record(en, TLS_RLTYPE_APP, seqno, + outbuf_len = encrypt_tls_record(tc, en, TLS_RLTYPE_APP, seqno, plaintext, len, outbuf, outbuf_cap, 0); hdr = (void *)outbuf; @@ -1750,7 +1826,7 @@ test_ktls_receive_bad_type(const atf_tc_t *tc, struct tls_enable *en, fd_set_blocking(sockets[0]); fd_set_blocking(sockets[1]); - outbuf_len = encrypt_tls_record(en, 0x21 /* Alert */, seqno, + outbuf_len = encrypt_tls_record(tc, en, 0x21 /* Alert */, seqno, plaintext, len, outbuf, outbuf_cap, 0); hdr = (void *)outbuf; @@ -1875,8 +1951,8 @@ ATF_TC_BODY(ktls_transmit_##cipher_name##_##name, tc) \ \ ATF_REQUIRE_KTLS(); \ seqno = random(); \ - build_tls_enable(cipher_alg, key_size, auth_alg, minor, seqno, \ - &en); \ + build_tls_enable(tc, cipher_alg, key_size, auth_alg, minor, \ + seqno, &en); \ test_ktls_transmit_app_data(tc, &en, seqno, len); \ free_tls_enable(&en); \ } @@ -1895,8 +1971,8 @@ ATF_TC_BODY(ktls_transmit_##cipher_name##_##name, tc) \ \ ATF_REQUIRE_KTLS(); \ seqno = random(); \ - build_tls_enable(cipher_alg, key_size, auth_alg, minor, seqno, \ - &en); \ + build_tls_enable(tc, cipher_alg, key_size, auth_alg, minor, \ + seqno, &en); \ test_ktls_transmit_control(tc, &en, seqno, type, len); \ free_tls_enable(&en); \ } @@ -1915,8 +1991,8 @@ ATF_TC_BODY(ktls_transmit_##cipher_name##_empty_fragment, tc) \ \ ATF_REQUIRE_KTLS(); \ seqno = random(); \ - build_tls_enable(cipher_alg, key_size, auth_alg, minor, seqno, \ - &en); \ + build_tls_enable(tc, cipher_alg, key_size, auth_alg, minor, \ + seqno, &en); \ test_ktls_transmit_empty_fragment(tc, &en, seqno); \ free_tls_enable(&en); \ } @@ -2072,8 +2148,8 @@ ATF_TC_BODY(ktls_transmit_invalid_##name, tc) \ \ ATF_REQUIRE_KTLS(); \ seqno = random(); \ - build_tls_enable(cipher_alg, key_size, auth_alg, minor, seqno, \ - &en); \ + build_tls_enable(tc, cipher_alg, key_size, auth_alg, minor, \ + seqno, &en); \ test_ktls_invalid_transmit_cipher_suite(tc, &en); \ free_tls_enable(&en); \ } @@ -2121,8 +2197,8 @@ ATF_TC_BODY(ktls_receive_##cipher_name##_##name, tc) \ \ ATF_REQUIRE_KTLS(); \ seqno = random(); \ - build_tls_enable(cipher_alg, key_size, auth_alg, minor, seqno, \ - &en); \ + build_tls_enable(tc, cipher_alg, key_size, auth_alg, minor, \ + seqno, &en); \ test_ktls_receive_app_data(tc, &en, seqno, len, padding); \ free_tls_enable(&en); \ } @@ -2141,8 +2217,8 @@ ATF_TC_BODY(ktls_receive_##cipher_name##_bad_data, tc) \ \ ATF_REQUIRE_KTLS(); \ seqno = random(); \ - build_tls_enable(cipher_alg, key_size, auth_alg, minor, seqno, \ - &en); \ + build_tls_enable(tc, cipher_alg, key_size, auth_alg, minor, \ + seqno, &en); \ test_ktls_receive_corrupted_data(tc, &en, seqno, len); \ free_tls_enable(&en); \ } @@ -2161,8 +2237,8 @@ ATF_TC_BODY(ktls_receive_##cipher_name##_bad_mac, tc) \ \ ATF_REQUIRE_KTLS(); \ seqno = random(); \ - build_tls_enable(cipher_alg, key_size, auth_alg, minor, seqno, \ - &en); \ + build_tls_enable(tc, cipher_alg, key_size, auth_alg, minor, \ + seqno, &en); \ test_ktls_receive_corrupted_mac(tc, &en, seqno, len); \ free_tls_enable(&en); \ } @@ -2181,8 +2257,8 @@ ATF_TC_BODY(ktls_receive_##cipher_name##_truncated_record, tc) \ \ ATF_REQUIRE_KTLS(); \ seqno = random(); \ - build_tls_enable(cipher_alg, key_size, auth_alg, minor, seqno, \ - &en); \ + build_tls_enable(tc, cipher_alg, key_size, auth_alg, minor, \ + seqno, &en); \ test_ktls_receive_truncated_record(tc, &en, seqno, len); \ free_tls_enable(&en); \ } @@ -2201,8 +2277,8 @@ ATF_TC_BODY(ktls_receive_##cipher_name##_bad_major, tc) \ \ ATF_REQUIRE_KTLS(); \ seqno = random(); \ - build_tls_enable(cipher_alg, key_size, auth_alg, minor, seqno, \ - &en); \ + build_tls_enable(tc, cipher_alg, key_size, auth_alg, minor, \ + seqno, &en); \ test_ktls_receive_bad_major(tc, &en, seqno, len); \ free_tls_enable(&en); \ } @@ -2221,8 +2297,8 @@ ATF_TC_BODY(ktls_receive_##cipher_name##_bad_minor, tc) \ \ ATF_REQUIRE_KTLS(); \ seqno = random(); \ - build_tls_enable(cipher_alg, key_size, auth_alg, minor, seqno, \ - &en); \ + build_tls_enable(tc, cipher_alg, key_size, auth_alg, minor, \ + seqno, &en); \ test_ktls_receive_bad_minor(tc, &en, seqno, len); \ free_tls_enable(&en); \ } @@ -2241,8 +2317,8 @@ ATF_TC_BODY(ktls_receive_##cipher_name##_##name, tc) \ \ ATF_REQUIRE_KTLS(); \ seqno = random(); \ - build_tls_enable(cipher_alg, key_size, auth_alg, minor, seqno, \ - &en); \ + build_tls_enable(tc, cipher_alg, key_size, auth_alg, minor, \ + seqno, &en); \ test_ktls_receive_bad_size(tc, &en, seqno, (len)); \ free_tls_enable(&en); \ } @@ -2409,8 +2485,8 @@ ATF_TC_BODY(ktls_receive_##cipher_name##_bad_padding, tc) \ \ ATF_REQUIRE_KTLS(); \ seqno = random(); \ - build_tls_enable(cipher_alg, key_size, auth_alg, minor, seqno, \ - &en); \ + build_tls_enable(tc, cipher_alg, key_size, auth_alg, minor, \ + seqno, &en); \ test_ktls_receive_corrupted_padding(tc, &en, seqno, len); \ free_tls_enable(&en); \ } @@ -2466,8 +2542,8 @@ ATF_TC_BODY(ktls_receive_##cipher_name##_bad_iv, tc) \ \ ATF_REQUIRE_KTLS(); \ seqno = random(); \ - build_tls_enable(cipher_alg, key_size, auth_alg, minor, seqno, \ - &en); \ + build_tls_enable(tc, cipher_alg, key_size, auth_alg, minor, \ + seqno, &en); \ test_ktls_receive_corrupted_iv(tc, &en, seqno, 64); \ free_tls_enable(&en); \ } @@ -2509,8 +2585,8 @@ ATF_TC_BODY(ktls_receive_##cipher_name##_bad_type, tc) \ \ ATF_REQUIRE_KTLS(); \ seqno = random(); \ - build_tls_enable(cipher_alg, key_size, auth_alg, minor, seqno, \ - &en); \ + build_tls_enable(tc, cipher_alg, key_size, auth_alg, minor, \ + seqno, &en); \ test_ktls_receive_bad_type(tc, &en, seqno, len); \ free_tls_enable(&en); \ } @@ -2569,8 +2645,8 @@ ATF_TC_BODY(ktls_receive_invalid_##name, tc) \ \ ATF_REQUIRE_KTLS(); \ seqno = random(); \ - build_tls_enable(cipher_alg, key_size, auth_alg, minor, seqno, \ - &en); \ + build_tls_enable(tc, cipher_alg, key_size, auth_alg, minor, \ + seqno, &en); \ test_ktls_invalid_receive_cipher_suite(tc, &en); \ free_tls_enable(&en); \ } @@ -2609,8 +2685,8 @@ ATF_TC_BODY(ktls_receive_unsupported_##name, tc) \ \ ATF_REQUIRE_KTLS(); \ seqno = random(); \ - build_tls_enable(cipher_alg, key_size, auth_alg, minor, seqno, \ - &en); \ + build_tls_enable(tc, cipher_alg, key_size, auth_alg, minor, \ + seqno, &en); \ test_ktls_unsupported_receive_cipher_suite(tc, &en); \ free_tls_enable(&en); \ } @@ -2643,7 +2719,7 @@ ATF_TC_BODY(ktls_sendto_baddst, tc) s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); ATF_REQUIRE(s >= 0); - build_tls_enable(CRYPTO_AES_NIST_GCM_16, 128 / 8, 0, + build_tls_enable(tc, CRYPTO_AES_NIST_GCM_16, 128 / 8, 0, TLS_MINOR_VER_THREE, (uint64_t)random(), &en); ATF_REQUIRE(setsockopt(s, IPPROTO_TCP, TCP_TXTLS_ENABLE, &en,