Lines Matching +full:key +full:- +full:1
1 // SPDX-License-Identifier: GPL-2.0
23 err = add_vrf("ksft-vrf", test_vrf_tabid, test_vrf_ifindex, -1); in setup_vrfs()
27 err = link_set_up("ksft-vrf"); in setup_vrfs()
70 struct tcp_ao_getsockopt key = {}; in test_del_key() local
81 del.set_current = 1; in test_del_key()
85 del.set_rnext = 1; in test_del_key()
91 return -errno; in test_del_key()
97 err = test_get_one_ao(sk, &key, &sockaddr, sizeof(sockaddr), in test_del_key()
100 return -EEXIST; in test_del_key()
101 if (err != -E2BIG) in test_del_key()
108 return -ENOTRECOVERABLE; in test_del_key()
110 return -ENOTRECOVERABLE; in test_del_key()
121 if ((err == -EBUSY && fault(BUSY)) || (err == -EINVAL && fault(CURRNEXT))) { in try_delete_key()
122 test_ok("%s: key deletion was prevented", tst_name); in try_delete_key()
126 test_xfail("%s: failed to delete the key %u:%u %d", in try_delete_key()
132 test_fail("%s: the key was deleted %u:%u %d", tst_name, in try_delete_key()
135 test_ok("%s: the key was deleted", tst_name); in try_delete_key()
139 test_fail("%s: can't delete the key %u:%u %d", tst_name, sndid, rcvid, err); in try_delete_key()
148 ao_info.set_current = 1; in test_set_key()
152 ao_info.set_rnext = 1; in test_set_key()
162 return -ENOTRECOVERABLE; in test_set_key()
164 return -ENOTRECOVERABLE; in test_set_key()
168 static int test_add_current_rnext_key(int sk, const char *key, uint8_t keyflags, in test_add_current_rnext_key() argument
179 strlen(key), key); in test_add_current_rnext_key()
186 return -errno; in test_add_current_rnext_key()
191 static int __try_add_current_rnext_key(int sk, const char *key, uint8_t keyflags, in __try_add_current_rnext_key() argument
199 err = test_add_current_rnext_key(sk, key, keyflags, in_addr, prefix, in __try_add_current_rnext_key()
207 return -ENOTRECOVERABLE; in __try_add_current_rnext_key()
209 return -ENOTRECOVERABLE; in __try_add_current_rnext_key()
213 static void try_add_current_rnext_key(char *tst_name, int sk, const char *key, in try_add_current_rnext_key() argument
221 err = __try_add_current_rnext_key(sk, key, keyflags, in_addr, prefix, in try_add_current_rnext_key()
227 if (err == -EINVAL && fault(CURRNEXT)) { in try_add_current_rnext_key()
239 try_delete_key("closed socket, delete a key", sk, 200, 200, 0, -1, -1, 0); in check_closed_socket()
240 try_delete_key("closed socket, delete all keys", sk, 100, 100, 0, -1, -1, 0); in check_closed_socket()
246 try_delete_key("closed socket, delete current key", sk, 100, 100, 0, -1, -1, FAULT_BUSY); in check_closed_socket()
247 try_delete_key("closed socket, delete rnext key", sk, 200, 200, 0, -1, -1, FAULT_BUSY); in check_closed_socket()
257 try_delete_key("closed socket, delete a key + set current/rnext", sk, 100, 100, 0, 10, 13, 0); in check_closed_socket()
258 try_delete_key("closed socket, force-delete current key", sk, 10, 11, 0, 200, -1, 0); in check_closed_socket()
259 try_delete_key("closed socket, force-delete rnext key", sk, 12, 13, 0, -1, 200, 0); in check_closed_socket()
260 try_delete_key("closed socket, delete current+rnext key", sk, 200, 200, 0, -1, -1, FAULT_BUSY); in check_closed_socket()
266 try_add_current_rnext_key("closed socket, add + change current key", in check_closed_socket()
267 sk, "Laaaa! Lalala-la-la-lalala...", 0, in check_closed_socket()
270 try_add_current_rnext_key("closed socket, add + change rnext key", in check_closed_socket()
271 sk, "Laaaa! Lalala-la-la-lalala...", 0, in check_closed_socket()
288 (ao_info.set_current) ? ao_info.current_key : -1, in assert_no_current_rnext()
289 (ao_info.set_rnext) ? ao_info.rnext : -1); in assert_no_current_rnext()
325 try_delete_key("listen socket, delete a key", sk, 200, 200, 0, -1, -1, 0); in check_listen_socket()
326 try_delete_key("listen socket, delete all keys", sk, 100, 100, 0, -1, -1, 0); in check_listen_socket()
330 err = test_set_key(sk, 100, -1); in check_listen_socket()
331 if (err == -EINVAL) in check_listen_socket()
332 test_ok("listen socket, setting current key not allowed"); in check_listen_socket()
334 test_fail("listen socket, set current key"); in check_listen_socket()
335 err = test_set_key(sk, -1, 200); in check_listen_socket()
336 if (err == -EINVAL) in check_listen_socket()
337 test_ok("listen socket, setting rnext key not allowed"); in check_listen_socket()
339 test_fail("listen socket, set rnext key"); in check_listen_socket()
348 …try_delete_key("listen socket, delete current key from before listen()", sk, 100, 100, 0, -1, -1, … in check_listen_socket()
349 …try_delete_key("listen socket, delete rnext key from before listen()", sk, 200, 200, 0, -1, -1, FA… in check_listen_socket()
361 try_delete_key("listen socket, delete a key + set current/rnext", sk, in check_listen_socket()
363 try_delete_key("listen socket, force-delete current key", sk, in check_listen_socket()
364 10, 11, 0, 200, -1, FAULT_CURRNEXT); in check_listen_socket()
365 try_delete_key("listen socket, force-delete rnext key", sk, in check_listen_socket()
366 12, 13, 0, -1, 200, FAULT_CURRNEXT); in check_listen_socket()
367 try_delete_key("listen socket, delete a key", sk, in check_listen_socket()
368 200, 200, 0, -1, -1, 0); in check_listen_socket()
372 try_add_current_rnext_key("listen socket, add + change current key", in check_listen_socket()
373 sk, "Laaaa! Lalala-la-la-lalala...", 0, in check_listen_socket()
376 try_add_current_rnext_key("listen socket, add + change rnext key", in check_listen_socket()
377 sk, "Laaaa! Lalala-la-la-lalala...", 0, in check_listen_socket()
386 static int fips_checked = -1; in is_fips_enabled()
401 if (fscanf(fenabled, "%d", &enabled) != 1) in is_fips_enabled()
415 uint8_t matches_client : 1,
416 matches_server : 1,
417 matches_vrf : 1,
418 is_current : 1,
419 is_rnext : 1,
420 used_on_server_tx : 1,
421 used_on_client_tx : 1,
422 skip_counters_checks : 1;
436 "hmac(sha224)", "hmac(sha3-512)",
441 const unsigned int test_maclens[] = { 1, 4, 12, 16 };
447 unsigned int ret = BIT(shift) - 1; in make_mask()
454 struct test_key *key = &collection.keys[index]; in init_key_in_collection() local
457 /* Same for randomized and non-randomized test flows */ in init_key_in_collection()
458 key->client_keyid = index; in init_key_in_collection()
459 key->server_keyid = 127 + index; in init_key_in_collection()
460 key->matches_client = 1; in init_key_in_collection()
461 key->matches_server = 1; in init_key_in_collection()
462 key->matches_vrf = 1; in init_key_in_collection()
464 key->len = rand() % (TCP_AO_MAXKEYLEN - TEST_TCP_AO_MINKEYLEN); in init_key_in_collection()
465 key->len += TEST_TCP_AO_MINKEYLEN; in init_key_in_collection()
466 randomize_buffer(key->password, key->len); in init_key_in_collection()
469 key->maclen = (rand() % TEST_MAX_MACLEN) + 1; in init_key_in_collection()
474 key->maclen = test_maclens[index & make_mask(shift, 0)]; in init_key_in_collection()
479 algos_nr -= TEST_NON_FIPS_ALGOS; in init_key_in_collection()
480 key->alg = test_algos[algos_index % algos_nr]; in init_key_in_collection()
503 return -ENOMEM; in init_default_key_collection()
507 while (nr_keys--) in init_default_key_collection()
513 static void test_key_error(const char *msg, struct test_key *key) in test_key_error() argument
515 test_error("%s: key: { %s, %u:%u, %u, %u:%u:%u:%u:%u (%u)}", in test_key_error()
516 msg, key->alg, key->client_keyid, key->server_keyid, in test_key_error()
517 key->maclen, key->matches_client, key->matches_server, in test_key_error()
518 key->matches_vrf, key->is_current, key->is_rnext, key->len); in test_key_error()
544 return -errno; in test_add_key_cr()
560 test_fail("%s: the socket doesn't have current key", tst); in verify_current_rnext()
562 test_fail("%s: current key is not the expected one %d != %u", in verify_current_rnext()
565 test_ok("%s: current key %u as expected", in verify_current_rnext()
570 test_fail("%s: the socket doesn't have rnext key", tst); in verify_current_rnext()
572 test_fail("%s: rnext key is not the expected one %d != %u", in verify_current_rnext()
575 test_ok("%s: rnext key %u as expected", tst, ao_info.rnext); in verify_current_rnext()
586 sk = test_listen_socket(this_ip_addr, port, 1); in key_collection_socket()
593 struct test_key *key = &collection.keys[i]; in key_collection_socket() local
598 if (key->matches_vrf) in key_collection_socket()
603 if (key->matches_client) in key_collection_socket()
605 sndid = key->server_keyid; in key_collection_socket()
606 rcvid = key->client_keyid; in key_collection_socket()
608 if (key->matches_server) in key_collection_socket()
610 sndid = key->client_keyid; in key_collection_socket()
611 rcvid = key->server_keyid; in key_collection_socket()
612 key->used_on_client_tx = set_current = key->is_current; in key_collection_socket()
613 key->used_on_server_tx = set_rnext = key->is_rnext; in key_collection_socket()
616 if (test_add_key_cr(sk, key->password, key->len, in key_collection_socket()
617 *addr, vrf, sndid, rcvid, key->maclen, in key_collection_socket()
618 key->alg, set_current, set_rnext)) in key_collection_socket()
619 test_key_error("setsockopt(TCP_AO_ADD_KEY)", key); in key_collection_socket()
621 test_print("%s [%u/%u] key: { %s, %u:%u, %u, %u:%u:%u:%u (%u)}", in key_collection_socket()
623 key->alg, rcvid, sndid, key->maclen, in key_collection_socket()
624 key->matches_client, key->matches_server, in key_collection_socket()
625 key->is_current, key->is_rnext, key->len); in key_collection_socket()
639 struct test_key *key = &collection.keys[i]; in verify_counters() local
643 if (key->skip_counters_checks) in verify_counters()
646 sndid = key->server_keyid; in verify_counters()
647 rcvid = key->client_keyid; in verify_counters()
648 rx_cnt_expected = key->used_on_client_tx; in verify_counters()
650 sndid = key->client_keyid; in verify_counters()
651 rcvid = key->server_keyid; in verify_counters()
652 rx_cnt_expected = key->used_on_server_tx; in verify_counters()
691 keys->nkeys = collection.nr_keys; in verify_keys()
692 keys->get_all = 1; in verify_keys()
700 struct test_key *key = &collection.keys[i]; in verify_keys() local
708 if (key->matches_client) in verify_keys()
710 sndid = key->server_keyid; in verify_keys()
711 rcvid = key->client_keyid; in verify_keys()
713 if (key->matches_server) in verify_keys()
715 sndid = key->client_keyid; in verify_keys()
716 rcvid = key->server_keyid; in verify_keys()
718 if (!key->matches_vrf) in verify_keys()
724 dump_key = lookup_key(keys, keys->nkeys, sndid, rcvid); in verify_keys()
726 test_fail("%s: key %u:%u %s%s on the socket", in verify_keys()
728 key->matches_vrf ? "" : "[vrf] ", in verify_keys()
736 if (!strcmp("cmac(aes128)", key->alg)) { in verify_keys()
737 is_kdf_aes_128_cmac = (key->len != 16); in verify_keys()
742 if (strcmp(dump_key->alg_name, "cmac(aes)")) { in verify_keys()
743 test_fail("%s: key %u:%u cmac(aes) has unexpected alg %s", in verify_keys()
745 dump_key->alg_name); in verify_keys()
749 } else if (strcmp(dump_key->alg_name, key->alg)) { in verify_keys()
750 test_fail("%s: key %u:%u has unexpected alg %s != %s", in verify_keys()
752 dump_key->alg_name, key->alg); in verify_keys()
757 if (dump_key->keylen != 16) { in verify_keys()
758 test_fail("%s: key %u:%u cmac(aes128) has unexpected len %u", in verify_keys()
760 dump_key->keylen); in verify_keys()
763 } else if (dump_key->keylen != key->len) { in verify_keys()
764 test_fail("%s: key %u:%u changed password len %u != %u", in verify_keys()
766 dump_key->keylen, key->len); in verify_keys()
771 memcmp(dump_key->key, key->password, key->len)) { in verify_keys()
772 test_fail("%s: key %u:%u has different password", in verify_keys()
777 if (dump_key->maclen != key->maclen) { in verify_keys()
778 test_fail("%s: key %u:%u changed maclen %u != %u", in verify_keys()
780 dump_key->maclen, key->maclen); in verify_keys()
801 synchronize_threads(); /* 1: key collection initialized */ in start_server()
870 for (i = current_index + 1; rotations > 0; i++, rotations--) { in server_rotations()
881 collection.keys[i].server_keyid, -1); in server_rotations()
894 synchronize_threads(); /* 1: key collection initialized */ in run_client()
898 int sndid = -1, rcvid = -1; in run_client()
914 current_index = nr_keys - 1; in run_client()
916 rnext_index = nr_keys - 1; in run_client()
917 collection.keys[current_index].used_on_client_tx = 1; in run_client()
918 collection.keys[rnext_index].used_on_server_tx = 1; in run_client()
926 return -1; in run_client()
938 test_error("Failed to init the key collection"); in start_client()
952 current_index = nr_keys - 1; in end_client()
954 rnext_index = nr_keys - 1; in end_client()
970 struct test_key *key; in try_unmatched_keys() local
975 key = &collection.keys[i]; in try_unmatched_keys()
976 if (!key->matches_server) in try_unmatched_keys()
979 if (key->matches_server) in try_unmatched_keys()
982 err = test_add_key_cr(sk, key->password, key->len, wrong_addr, in try_unmatched_keys()
983 0, key->client_keyid, key->server_keyid, in try_unmatched_keys()
984 key->maclen, key->alg, 0, 0); in try_unmatched_keys()
986 test_fail("Added a key with non-matching ip-address for established sk"); in try_unmatched_keys()
989 if (err == -EINVAL) in try_unmatched_keys()
990 test_ok("Can't add a key with non-matching ip-address for established sk"); in try_unmatched_keys()
992 test_error("Failed to add a key"); in try_unmatched_keys()
994 err = test_add_key_cr(sk, key->password, key->len, this_ip_dest, in try_unmatched_keys()
996 key->client_keyid, key->server_keyid, in try_unmatched_keys()
997 key->maclen, key->alg, 0, 0); in try_unmatched_keys()
999 test_fail("Added a key with non-matching VRF for established sk"); in try_unmatched_keys()
1002 if (err == -EINVAL) in try_unmatched_keys()
1003 test_ok("Can't add a key with non-matching VRF for established sk"); in try_unmatched_keys()
1005 test_error("Failed to add a key"); in try_unmatched_keys()
1008 key = &collection.keys[i]; in try_unmatched_keys()
1009 if (!key->matches_client) in try_unmatched_keys()
1012 if (key->matches_client) in try_unmatched_keys()
1014 if (test_set_key(sk, -1, key->server_keyid)) in try_unmatched_keys()
1015 test_error("Can't change the current key"); in try_unmatched_keys()
1017 -1, port, 0, -1, -1, -1, -1, -1, in try_unmatched_keys()
1018 -1, key->server_keyid, -1); in try_unmatched_keys()
1032 test_error("Failed to init the key collection"); in client_non_matching()
1035 /* key (0, 0) matches */ in client_non_matching()
1039 collection.keys[i].matches_vrf = !!((i + 1) % 4); in client_non_matching()
1058 if (test_set_key(sk, collection.keys[rotate_to_index].client_keyid, -1)) in check_current_back()
1059 test_error("Can't change the current key"); in check_current_back()
1061 port, -1, 0, -1, -1, -1, -1, -1, in check_current_back()
1063 collection.keys[current_index].client_keyid, -1); in check_current_back()
1067 * setsockopt(TCP_AO_INFO) and starting to send some data - there in check_current_back()
1075 collection.keys[rotate_to_index].skip_counters_checks = 1; in check_current_back()
1092 for (i = rnext_index + 1; rotations > 0; i++, rotations--) { in roll_over_keys()
1097 -1, port, 0, -1, -1, -1, -1, -1, in roll_over_keys()
1098 i == 0 ? -1 : collection.keys[i - 1].server_keyid, in roll_over_keys()
1099 collection.keys[i].server_keyid, -1); in roll_over_keys()
1100 if (test_set_key(sk, -1, collection.keys[i].server_keyid)) in roll_over_keys()
1101 test_error("Can't change the Rnext key"); in roll_over_keys()
1108 verify_current_rnext(tst_name, sk, -1, in roll_over_keys()
1110 collection.keys[i].used_on_server_tx = 1; in roll_over_keys()
1158 try_server_run("server: Check accept() => established key matching", in server_fn()
1171 port++, 20, -1, -1); in check_established_socket()
1180 try_client_match("client: Check connect() => established key matching", in check_established_socket()
1186 if (inet_pton(TEST_FAMILY, TEST_WRONG_IP, &wrong_addr) != 1) in client_fn()