tls.c 7.37 KB
Newer Older
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
/*****************************************************************************
 * tls.c: Transport Layer Security module test
 *****************************************************************************
 * Copyright © 2016 Rémi Denis-Courmont
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU Lesser General Public License as published by
 * the Free Software Foundation; either version 2.1 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public License
 * along with this program; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301, USA.
 *****************************************************************************/

#ifdef HAVE_CONFIG_H
# include "config.h"
#endif

#undef NDEBUG
#include <assert.h>
#include <errno.h>
#include <stdlib.h>
#include <string.h>

#include <sys/types.h>
#include <sys/socket.h>
#include <poll.h>
#include <fcntl.h>
35
#include <unistd.h>
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
36
37
38
39
40

#include <vlc_common.h>
#include <vlc_modules.h>
#include <vlc_tls.h>
#include <vlc_dialog.h>
41
#include "../../../lib/libvlc_internal.h"
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
42
43
44
45
46

#include <vlc/vlc.h>

static int tlspair(int fds[2])
{
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
47
    return vlc_socketpair(PF_LOCAL, SOCK_STREAM, 0, fds, true);
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
}

static int question_callback(vlc_object_t *obj, const char *varname,
                             vlc_value_t old, vlc_value_t cur, void *data)
{
    dialog_question_t *q = cur.p_address;
    int *value = data;

    q->answer = *value;

    assert(obj == VLC_OBJECT(obj->p_libvlc));
    assert(!strcmp(varname, "dialog-question"));
    (void) old;
    return VLC_SUCCESS;
}

static libvlc_instance_t *vlc;
static vlc_object_t *obj;
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
66
67
static vlc_tls_creds_t *server_creds;
static vlc_tls_creds_t *client_creds;
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
68

Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
69
static void *tls_echo(void *data)
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
70
71
72
{
    vlc_tls_t *tls = data;
    struct pollfd ufd;
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
73
    ssize_t val;
74
    char buf[256];
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
75

76
    ufd.fd = vlc_tls_GetFD(tls);
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
77

Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
78
    while ((val = vlc_tls_SessionHandshake(server_creds, tls)) > 0)
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
79
80
81
82
83
84
85
86
87
88
    {
        switch (val)
        {
            case 1:  ufd.events = POLLIN;  break;
            case 2:  ufd.events = POLLOUT; break;
            default: vlc_assert_unreachable();
        }
        poll(&ufd, 1, -1);
    }

Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
    if (val < 0)
        goto error;

    while ((val = vlc_tls_Read(tls, buf, sizeof (buf), false)) > 0)
        if (vlc_tls_Write(tls, buf, val) < val)
            goto error;

    if (val < 0 || vlc_tls_Shutdown(tls, false))
        goto error;

    vlc_tls_Close(tls);
    return tls;
error:
    vlc_tls_Close(tls);
    return NULL;
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
104
105
}

Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
106
static int securepair(vlc_thread_t *th, vlc_tls_t **restrict client,
107
108
                      const char *const *alpnv[2], char **restrict alp)
{
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
109
    vlc_tls_t *server;
110
111
112
113
114
115
    int val;
    int insecurev[2];

    val = tlspair(insecurev);
    assert(val == 0);

116
    server = vlc_tls_ServerSessionCreate(server_creds, insecurev[0], alpnv[0]);
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
117
    assert(server != NULL);
118

Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
119
    val = vlc_clone(th, tls_echo, server, VLC_THREAD_PRIORITY_LOW);
120
121
    assert(val == 0);

122
    *client = vlc_tls_ClientSessionCreateFD(client_creds, insecurev[1],
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
123
124
125
                                          "localhost", "vlc-tls-test",
                                          alpnv[1], alp);
    if (*client == NULL)
126
127
128
    {
        val = close(insecurev[1]);
        assert(val == 0);
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
129
        vlc_join(*th, NULL);
130
131
132
133
134
        return -1;
    }
    return 0;
}

Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
135
136
137
138
139
140
141
142
static const char certpath[] = SRCDIR"/modules/misc/certkey.pem";
static const char *const alpn[] = { "foo", "bar", NULL };

int main(void)
{
    int val;
    int answer = 0;

143
144
145
146
147
148
149
150
    /* Create fake home for stored keys */
    char homedir[] = "/tmp/vlc-test-XXXXXX";
    if (mkdtemp(homedir) != homedir)
    {
        perror("Temporary directory");
        return 77;
    }

151
    assert(!strncmp(homedir, "/tmp/vlc-test-", 14));
152
    setenv("HOME", homedir, 1);
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
153
154
155
156
157
158
    setenv("VLC_PLUGIN_PATH", "../modules", 1);

    vlc = libvlc_new(0, NULL);
    assert(vlc != NULL);
    obj = VLC_OBJECT(vlc->p_libvlc_int);

Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
159
160
161
162
163
164
165
166
    server_creds = vlc_tls_ServerCreate(obj, SRCDIR"/nonexistent", NULL);
    assert(server_creds == NULL);
    server_creds = vlc_tls_ServerCreate(obj, SRCDIR"/samples/empty.voc", NULL);
    assert(server_creds == NULL);
    server_creds = vlc_tls_ServerCreate(obj, certpath, SRCDIR"/nonexistent");
    assert(server_creds == NULL);
    server_creds = vlc_tls_ServerCreate(obj, certpath, NULL);
    if (server_creds == NULL)
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
167
    {
168
169
        libvlc_release(vlc);
        return 77;
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
170
171
    }

Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
172
173
    client_creds = vlc_tls_ClientCreate(obj);
    assert(client_creds != NULL);
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
174

175
176
177
    var_Create(obj, "dialog-question", VLC_VAR_ADDRESS);
    var_AddCallback(obj, "dialog-question", question_callback, &answer);
    dialog_Register(obj);
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
178

Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
179
180
    vlc_thread_t th;
    vlc_tls_t *tls;
181
182
    const char *const *alpnv[2] = { alpn + 1, alpn };
    char *alp;
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
183
    void *p;
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
184

185
186
    /* Test unknown certificate */
    answer = 0;
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
187
    val = securepair(&th, &tls, alpnv, &alp);
188
    assert(val == -1);
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
189

190
191
    /* Accept unknown certificate */
    answer = 2;
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
192
    val = securepair(&th, &tls, alpnv, &alp);
193
    assert(val == 0);
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
194
195
196
197
    assert(alp != NULL);
    assert(!strcmp(alp, "bar"));
    free(alp);

198
    /* Do some I/O */
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
199
    char buf[12];
200
    struct iovec iov;
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
201

202
203
204
    iov.iov_base = buf;
    iov.iov_len = sizeof (buf);
    val = tls->readv(tls, &iov, 1);
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
205
206
    assert(val == -1 && errno == EAGAIN);

Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
207
    val = vlc_tls_Write(tls, "Hello ", 6);
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
208
    assert(val == 6);
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
209
    val = vlc_tls_Write(tls, "world!", 6);
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
210
211
    assert(val == 6);

Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
212
    val = vlc_tls_Read(tls, buf, sizeof (buf), true);
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
213
214
215
    assert(val == 12);
    assert(!memcmp(buf, "Hello world!", 12));

Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
216
    val = vlc_tls_Shutdown(tls, false);
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
217
    assert(val == 0);
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
218
219
220
    vlc_join(th, &p);
    assert(p != NULL);
    val = vlc_tls_Read(tls, buf, sizeof (buf), false);
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
221
    assert(val == 0);
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
222
    vlc_tls_Close(tls);
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
223

224
225
    /* Test known certificate, ignore ALPN result */
    answer = 0;
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
226
    val = securepair(&th, &tls, alpnv, NULL);
227
    assert(val == 0);
228
229
230
231
232
233

    /* Do a lot of I/O, test congestion handling */
    static unsigned char data[16184];
    size_t bytes = 0;
    unsigned seed = 0;

234
235
236
    iov.iov_base = data;
    iov.iov_len = sizeof (data);

237
238
239
240
241
242
    do
    {
        for (size_t i = 0; i < sizeof (data); i++)
            data[i] = rand_r(&seed);
        bytes += sizeof (data);
    }
243
    while ((val = tls->writev(tls, &iov, 1)) == sizeof (data));
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261

    bytes -= sizeof (data);
    if (val > 0)
        bytes += val;

    fprintf(stderr, "Sent %zu bytes.\n", bytes);
    seed = 0;

    while (bytes > 0)
    {
        unsigned char c = rand_r(&seed);

        val = vlc_tls_Read(tls, buf, 1, false);
        assert(val == 1);
        assert(c == (unsigned char)buf[0]);
        bytes--;
    }

Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
262
263
    vlc_tls_Close(tls);
    vlc_join(th, NULL);
264
265
266

    /* Test known certificate, no ALPN */
    alpnv[0] = alpnv[1] = NULL;
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
267
    val = securepair(&th, &tls, alpnv, NULL);
268
    assert(val == 0);
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
269
270
    vlc_tls_Close(tls);
    vlc_join(th, NULL);
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
271
272
273

    dialog_Unregister(obj);
    var_DelCallback(obj, "dialog-question", question_callback, &answer);
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
274
275
    vlc_tls_Delete(client_creds);
    vlc_tls_Delete(server_creds);
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
276
    libvlc_release(vlc);
277

278
    if (fork() == 0)
279
        execlp("rm", "rm", "-rf", homedir, (char *)NULL);
280
    return 0;
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
281
}