1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * Copyright 2019 Google LLC
4 * Copyright (c) Linux Test Project, 2019-2021
5 */
6
7 #include <errno.h>
8 #include <stdlib.h>
9
10 #define TST_NO_DEFAULT_MAIN
11 #include "tst_test.h"
12 #include "tst_af_alg.h"
13 #include "lapi/socket.h"
14
tst_alg_create(void)15 int tst_alg_create(void)
16 {
17 const long ret = socket(AF_ALG, SOCK_SEQPACKET, 0);
18
19 if (ret >= 0)
20 return ret;
21 if (errno == EAFNOSUPPORT)
22 tst_brk(TCONF, "kernel doesn't support AF_ALG");
23 tst_brk(TBROK | TERRNO, "unexpected error creating AF_ALG socket");
24 return -1;
25 }
26
tst_alg_bind_addr(int algfd,const struct sockaddr_alg * addr)27 void tst_alg_bind_addr(int algfd, const struct sockaddr_alg *addr)
28 {
29 const long ret = bind(algfd, (const struct sockaddr *)addr,
30 sizeof(*addr));
31
32 if (ret == 0)
33 return;
34
35 if (errno == ELIBBAD && tst_fips_enabled()) {
36 tst_brk(TCONF,
37 "FIPS enabled => %s algorithm '%s' disabled",
38 addr->salg_type, addr->salg_name);
39 }
40
41 if (errno == ENOENT) {
42 tst_brk(TCONF, "kernel doesn't support %s algorithm '%s'",
43 addr->salg_type, addr->salg_name);
44 }
45
46 tst_brk(TBROK | TERRNO,
47 "unexpected error binding AF_ALG socket to %s algorithm '%s'",
48 addr->salg_type, addr->salg_name);
49 }
50
init_sockaddr_alg(struct sockaddr_alg * addr,const char * algtype,const char * algname)51 static void init_sockaddr_alg(struct sockaddr_alg *addr,
52 const char *algtype, const char *algname)
53 {
54 memset(addr, 0, sizeof(*addr));
55
56 addr->salg_family = AF_ALG;
57
58 strncpy((char *)addr->salg_type, algtype, sizeof(addr->salg_type));
59 if (addr->salg_type[sizeof(addr->salg_type) - 1] != '\0')
60 tst_brk(TBROK, "algorithm type too long: '%s'", algtype);
61
62 strncpy((char *)addr->salg_name, algname, sizeof(addr->salg_name));
63 if (addr->salg_name[sizeof(addr->salg_name) - 1] != '\0')
64 tst_brk(TBROK, "algorithm name too long: '%s'", algname);
65 }
66
tst_alg_bind(int algfd,const char * algtype,const char * algname)67 void tst_alg_bind(int algfd, const char *algtype, const char *algname)
68 {
69 struct sockaddr_alg addr;
70
71 init_sockaddr_alg(&addr, algtype, algname);
72
73 tst_alg_bind_addr(algfd, &addr);
74 }
75
tst_try_alg(const char * algtype,const char * algname)76 int tst_try_alg(const char *algtype, const char *algname)
77 {
78 long ret;
79 int retval = 0;
80 int algfd;
81 struct sockaddr_alg addr;
82
83 algfd = tst_alg_create();
84
85 init_sockaddr_alg(&addr, algtype, algname);
86
87 ret = bind(algfd, (const struct sockaddr *)&addr, sizeof(addr));
88
89 if (ret != 0)
90 retval = errno;
91
92 close(algfd);
93 return retval;
94 }
95
tst_have_alg(const char * algtype,const char * algname)96 bool tst_have_alg(const char *algtype, const char *algname)
97 {
98 int ret;
99
100 ret = tst_try_alg(algtype, algname);
101
102 switch (ret) {
103 case 0:
104 return true;
105 case ENOENT:
106 case EINVAL:
107 tst_res(TCONF, "kernel doesn't have %s algorithm '%s'",
108 algtype, algname);
109 return false;
110 case ELIBBAD:
111 if (tst_fips_enabled()) {
112 tst_res(TCONF,
113 "FIPS enabled => %s algorithm '%s' disabled",
114 algtype, algname);
115 return false;
116 }
117 /* fallthrough */
118 default:
119 errno = ret;
120 tst_brk(TBROK | TERRNO,
121 "unexpected error binding AF_ALG socket to %s algorithm '%s'",
122 algtype, algname);
123 return false;
124 }
125 }
126
tst_require_alg(const char * algtype,const char * algname)127 void tst_require_alg(const char *algtype, const char *algname)
128 {
129 int algfd = tst_alg_create();
130
131 tst_alg_bind(algfd, algtype, algname);
132
133 close(algfd);
134 }
135
tst_alg_setkey(int algfd,const uint8_t * key,unsigned int keylen)136 void tst_alg_setkey(int algfd, const uint8_t *key, unsigned int keylen)
137 {
138 long ret;
139 uint8_t *keybuf = NULL;
140 unsigned int i;
141
142 if (key == NULL) {
143 /* generate a random key */
144 keybuf = SAFE_MALLOC(keylen);
145 for (i = 0; i < keylen; i++)
146 keybuf[i] = rand();
147 key = keybuf;
148 }
149 ret = setsockopt(algfd, SOL_ALG, ALG_SET_KEY, key, keylen);
150 if (ret != 0) {
151 tst_brk(TBROK | TERRNO,
152 "unexpected error setting key (len=%u)", keylen);
153 }
154 free(keybuf);
155 }
156
tst_alg_accept(int algfd)157 int tst_alg_accept(int algfd)
158 {
159 const long ret = accept(algfd, NULL, NULL);
160
161 if (ret < 0) {
162 tst_brk(TBROK | TERRNO,
163 "unexpected error accept()ing AF_ALG request socket");
164 }
165 return ret;
166 }
167
tst_alg_setup(const char * algtype,const char * algname,const uint8_t * key,unsigned int keylen)168 int tst_alg_setup(const char *algtype, const char *algname,
169 const uint8_t *key, unsigned int keylen)
170 {
171 int algfd = tst_alg_create();
172
173 tst_alg_bind(algfd, algtype, algname);
174
175 if (keylen != 0)
176 tst_alg_setkey(algfd, key, keylen);
177
178 return algfd;
179 }
180
tst_alg_setup_reqfd(const char * algtype,const char * algname,const uint8_t * key,unsigned int keylen)181 int tst_alg_setup_reqfd(const char *algtype, const char *algname,
182 const uint8_t *key, unsigned int keylen)
183 {
184 int algfd = tst_alg_setup(algtype, algname, key, keylen);
185 int reqfd = tst_alg_accept(algfd);
186
187 close(algfd);
188 return reqfd;
189 }
190
tst_alg_sendmsg(int reqfd,const void * data,size_t datalen,const struct tst_alg_sendmsg_params * params)191 void tst_alg_sendmsg(int reqfd, const void *data, size_t datalen,
192 const struct tst_alg_sendmsg_params *params)
193 {
194 struct iovec iov = {
195 .iov_base = (void *)data,
196 .iov_len = datalen,
197 };
198 struct msghdr msg = {
199 .msg_iov = &iov,
200 .msg_iovlen = 1,
201 .msg_flags = params->msg_flags,
202 };
203 size_t controllen;
204 uint8_t *control;
205 struct cmsghdr *cmsg;
206 struct af_alg_iv *alg_iv;
207
208 if (params->encrypt && params->decrypt)
209 tst_brk(TBROK, "Both encrypt and decrypt are specified");
210
211 controllen = 0;
212 if (params->encrypt || params->decrypt)
213 controllen += CMSG_SPACE(sizeof(uint32_t));
214 if (params->ivlen)
215 controllen += CMSG_SPACE(sizeof(struct af_alg_iv) +
216 params->ivlen);
217 if (params->assoclen)
218 controllen += CMSG_SPACE(sizeof(uint32_t));
219
220 control = SAFE_MALLOC(controllen);
221 memset(control, 0, controllen);
222 msg.msg_control = control;
223 msg.msg_controllen = controllen;
224 cmsg = CMSG_FIRSTHDR(&msg);
225
226 if (params->encrypt || params->decrypt) {
227 cmsg->cmsg_level = SOL_ALG;
228 cmsg->cmsg_type = ALG_SET_OP;
229 cmsg->cmsg_len = CMSG_LEN(sizeof(uint32_t));
230 *(uint32_t *)CMSG_DATA(cmsg) =
231 params->encrypt ? ALG_OP_ENCRYPT : ALG_OP_DECRYPT;
232 cmsg = CMSG_NXTHDR(&msg, cmsg);
233 }
234 if (params->ivlen) {
235 cmsg->cmsg_level = SOL_ALG;
236 cmsg->cmsg_type = ALG_SET_IV;
237 cmsg->cmsg_len = CMSG_LEN(sizeof(struct af_alg_iv) +
238 params->ivlen);
239 alg_iv = (struct af_alg_iv *)CMSG_DATA(cmsg);
240 alg_iv->ivlen = params->ivlen;
241 memcpy(alg_iv->iv, params->iv, params->ivlen);
242 cmsg = CMSG_NXTHDR(&msg, cmsg);
243 }
244 if (params->assoclen) {
245 cmsg->cmsg_level = SOL_ALG;
246 cmsg->cmsg_type = ALG_SET_AEAD_ASSOCLEN;
247 cmsg->cmsg_len = CMSG_LEN(sizeof(uint32_t));
248 *(uint32_t *)CMSG_DATA(cmsg) = params->assoclen;
249 cmsg = CMSG_NXTHDR(&msg, cmsg);
250 }
251
252 SAFE_SENDMSG(datalen, reqfd, &msg, 0);
253 }
254