From 120382b7ec08a3acaa69a8ebdf19dc54e810f3d4 Mon Sep 17 00:00:00 2001
From: Boris Glimcher <Boris.Glimcher@emc.com>
Date: Tue, 3 May 2022 18:28:20 +0300
Subject: [PATCH] test/sock: Fixing hexstr2buf for PSK

Adding more unit tests using standard openssl

The unfortunate small sleep is needed due to issue:
https://www.mail-archive.com/openssl-users@openssl.org/msg02937.html

Change-Id: I6f55453f12371bec6a402ba4c1d20e21aed73cf4
Signed-off-by: Boris Glimcher <Boris.Glimcher@emc.com>
Reviewed-on: https://review.spdk.io/gerrit/c/spdk/spdk/+/12625
Community-CI: Mellanox Build Bot
Community-CI: Broadcom CI <spdk-ci.pdl@broadcom.com>
Tested-by: SPDK CI Jenkins <sys_sgci@intel.com>
Reviewed-by: Ben Walker <benjamin.walker@intel.com>
Reviewed-by: Jim Harris <james.r.harris@intel.com>
Reviewed-by: Shuhei Matsumoto <smatsumoto@nvidia.com>
---
 module/sock/posix/posix.c   | 49 +++++++++++++++++++++++++++++++------
 test/iscsi_tgt/sock/sock.sh | 47 +++++++++++++++++++++++++++++++++++
 2 files changed, 89 insertions(+), 7 deletions(-)

diff --git a/module/sock/posix/posix.c b/module/sock/posix/posix.c
index 1b4513a33..01e951126 100644
--- a/module/sock/posix/posix.c
+++ b/module/sock/posix/posix.c
@@ -428,21 +428,38 @@ posix_sock_tls_psk_server_cb(SSL *ssl,
 			     unsigned char *psk,
 			     unsigned int max_psk_len)
 {
+	long key_len;
+	unsigned char *default_psk;
+
+	if (PSK_KEY == NULL) {
+		SPDK_ERRLOG("PSK is not set\n");
+		goto err;
+	}
 	SPDK_DEBUGLOG(sock_posix, "Length of Client's PSK ID %lu\n", strlen(PSK_ID));
+	if (id == NULL) {
+		SPDK_ERRLOG("Received empty PSK ID\n");
+		goto err;
+	}
+	SPDK_DEBUGLOG(sock_posix,  "Received PSK ID '%s'\n", id);
 	if (strcmp(PSK_ID, id) != 0) {
 		SPDK_ERRLOG("Unknown Client's PSK ID\n");
 		goto err;
 	}
 
 	SPDK_DEBUGLOG(sock_posix, "Length of Client's PSK KEY %u\n", max_psk_len);
-	if (strlen(PSK_KEY) > max_psk_len) {
-		SPDK_ERRLOG("Insufficient buffer size to copy PSK_KEY\n");
+	default_psk = OPENSSL_hexstr2buf(PSK_KEY, &key_len);
+	if (default_psk == NULL) {
+		SPDK_ERRLOG("Could not unhexlify PSK\n");
+		goto err;
+	}
+	if (key_len > max_psk_len) {
+		SPDK_ERRLOG("Insufficient buffer size to copy PSK\n");
 		goto err;
 	}
 
-	memcpy(psk, PSK_KEY, strlen(PSK_KEY));
+	memcpy(psk, default_psk, key_len);
 
-	return strlen(PSK_KEY);
+	return key_len;
 
 err:
 	return 0;
@@ -455,16 +472,34 @@ posix_sock_tls_psk_client_cb(SSL *ssl, const char *hint,
 			     unsigned char *psk,
 			     unsigned int max_psk_len)
 {
+	long key_len;
+	unsigned char *default_psk;
+
+	if (hint) {
+		SPDK_DEBUGLOG(sock_posix,  "Received PSK identity hint '%s'\n", hint);
+	}
+
+	if (PSK_KEY == NULL) {
+		SPDK_ERRLOG("PSK is not set\n");
+		goto err;
+	}
+	default_psk = OPENSSL_hexstr2buf(PSK_KEY, &key_len);
+	if (default_psk == NULL) {
+		SPDK_ERRLOG("Could not unhexlify PSK\n");
+		goto err;
+	}
 	if ((strlen(PSK_ID) + 1 > max_identity_len)
-	    || (strlen(PSK_KEY) > max_psk_len)) {
+	    || (key_len > max_psk_len)) {
 		SPDK_ERRLOG("PSK ID or Key buffer is not sufficient\n");
 		goto err;
 	}
 	spdk_strcpy_pad(identity, PSK_ID, strlen(PSK_ID), 0);
-	memcpy(psk, PSK_KEY, strlen(PSK_KEY));
+	SPDK_DEBUGLOG(sock_posix, "Sending PSK identity '%s'\n", identity);
+
+	memcpy(psk, default_psk, key_len);
 	SPDK_DEBUGLOG(sock_posix, "Provided out-of-band (OOB) PSK for TLS1.3 client\n");
 
-	return strlen(PSK_KEY);
+	return key_len;
 
 err:
 	return 0;
diff --git a/test/iscsi_tgt/sock/sock.sh b/test/iscsi_tgt/sock/sock.sh
index a7b7811d6..59d8a7151 100755
--- a/test/iscsi_tgt/sock/sock.sh
+++ b/test/iscsi_tgt/sock/sock.sh
@@ -66,6 +66,8 @@ iscsitestinit
 
 HELLO_SOCK_APP="${TARGET_NS_CMD[*]} $SPDK_EXAMPLE_DIR/hello_sock"
 SOCAT_APP="socat"
+OPENSSL_APP="openssl"
+PSK_ID="nqn.2014-08.org.nvmexpress:uuid:f81d4fae-7dec-11d0-a765-00a0c91e6bf6"
 
 # ----------------
 # Test client path
@@ -110,6 +112,51 @@ killprocess $server_pid || true
 
 timing_exit sock_client
 
+# ----------------
+# Test SSL server path
+# ----------------
+timing_enter sock_ssl_server
+echo "Testing SSL server path"
+
+# start echo server using hello_sock echo server
+$HELLO_SOCK_APP -H $TARGET_IP -P $ISCSI_PORT -S -N "ssl" &
+server_pid=$!
+trap 'killprocess $server_pid; iscsitestfini; exit 1' SIGINT SIGTERM EXIT
+waitforlisten $server_pid
+
+# send message using hello_sock client
+message="**MESSAGE:This is a test message from the hello_sock client with ssl**"
+response=$(echo $message | $HELLO_SOCK_APP -H $TARGET_IP -P $ISCSI_PORT -N "ssl")
+if ! echo "$response" | grep -q "$message"; then
+	exit 1
+fi
+
+# send message using openssl client using TLS 1.3
+message="**MESSAGE:This is a test message from the openssl client using TLS 1.3**"
+response=$( (
+	echo -ne $message
+	sleep 2
+) | $OPENSSL_APP s_client -debug -state -tlsextdebug -tls1_3 -psk_identity $PSK_ID -psk "1234567890ABCDEF" -connect $TARGET_IP:$ISCSI_PORT)
+if ! echo "$response" | grep -q "$message"; then
+	exit 1
+fi
+
+# send message using openssl client using TLS 1.2
+message="**MESSAGE:This is a test message from the openssl client using TLS 1.2**"
+response=$( (
+	echo -ne $message
+	sleep 2
+) | $OPENSSL_APP s_client -debug -state -tlsextdebug -tls1_2 -psk_identity $PSK_ID -psk "1234567890ABCDEF" -connect $TARGET_IP:$ISCSI_PORT)
+if ! echo "$response" | grep -q "$message"; then
+	exit 1
+fi
+
+trap '-' SIGINT SIGTERM EXIT
+# NOTE: socat returns code 143 on SIGINT
+killprocess $server_pid || true
+
+timing_exit sock_ssl_server
+
 # ----------------
 # Test server path
 # ----------------