tls.c 7.71 KB
Newer Older
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
/*****************************************************************************
 * tls.c: Transport Layer Security module test
 *****************************************************************************
 * Copyright © 2016 Rémi Denis-Courmont
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU Lesser General Public License as published by
 * the Free Software Foundation; either version 2.1 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public License
 * along with this program; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301, USA.
 *****************************************************************************/

#ifdef HAVE_CONFIG_H
# include "config.h"
#endif

#undef NDEBUG
#include <assert.h>
#include <errno.h>
#include <stdlib.h>
#include <string.h>

#include <sys/types.h>
#include <sys/socket.h>
#include <poll.h>
#include <fcntl.h>
35
#include <unistd.h>
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
36
37
38
39
40

#include <vlc_common.h>
#include <vlc_modules.h>
#include <vlc_tls.h>
#include <vlc_dialog.h>
41
#include "../../../lib/libvlc_internal.h"
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
42
43
44
45
46

#include <vlc/vlc.h>

static int tlspair(int fds[2])
{
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
47
    return vlc_socketpair(PF_LOCAL, SOCK_STREAM, 0, fds, true);
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
48
49
}

Thomas Guillem's avatar
Thomas Guillem committed
50
static void
51
dialog_display_question_cb(void *p_data, vlc_dialog_id *p_id, const char *psz_title,
Thomas Guillem's avatar
Thomas Guillem committed
52
53
                           const char *psz_text, vlc_dialog_question_type i_type,
                           const char *psz_cancel, const char *psz_action1,
54
                           const char *psz_action2)
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
55
{
Thomas Guillem's avatar
Thomas Guillem committed
56
57
58
59
60
61
62
63
64
    (void) psz_title;
    (void) psz_text;
    (void) i_type;
    (void) psz_cancel;
    (void) psz_action1;
    (void) psz_action2;
    int *value = p_data;
    vlc_dialog_id_post_action(p_id, *value);
}
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
65

66
static void dialog_cancel_cb(void *p_data, vlc_dialog_id *id)
Thomas Guillem's avatar
Thomas Guillem committed
67
{
68
    (void)p_data;
Thomas Guillem's avatar
Thomas Guillem committed
69
    vlc_dialog_id_dismiss(id);
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
70
71
72
73
}

static libvlc_instance_t *vlc;
static vlc_object_t *obj;
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
74
75
static vlc_tls_creds_t *server_creds;
static vlc_tls_creds_t *client_creds;
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
76

Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
77
static void *tls_echo(void *data)
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
78
79
80
{
    vlc_tls_t *tls = data;
    struct pollfd ufd;
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
81
    ssize_t val;
82
    char buf[256];
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
83

84
    ufd.fd = vlc_tls_GetFD(tls);
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
85

Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
86
    while ((val = vlc_tls_SessionHandshake(server_creds, tls)) > 0)
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
87
88
89
90
91
92
93
94
95
96
    {
        switch (val)
        {
            case 1:  ufd.events = POLLIN;  break;
            case 2:  ufd.events = POLLOUT; break;
            default: vlc_assert_unreachable();
        }
        poll(&ufd, 1, -1);
    }

Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
    if (val < 0)
        goto error;

    while ((val = vlc_tls_Read(tls, buf, sizeof (buf), false)) > 0)
        if (vlc_tls_Write(tls, buf, val) < val)
            goto error;

    if (val < 0 || vlc_tls_Shutdown(tls, false))
        goto error;

    vlc_tls_Close(tls);
    return tls;
error:
    vlc_tls_Close(tls);
    return NULL;
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
112
113
}

Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
114
static int securepair(vlc_thread_t *th, vlc_tls_t **restrict client,
115
116
                      const char *const *alpnv[2], char **restrict alp)
{
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
117
    vlc_tls_t *server;
118
119
120
121
122
123
    int val;
    int insecurev[2];

    val = tlspair(insecurev);
    assert(val == 0);

124
    server = vlc_tls_ServerSessionCreate(server_creds, insecurev[0], alpnv[0]);
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
125
    assert(server != NULL);
126

Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
127
    val = vlc_clone(th, tls_echo, server, VLC_THREAD_PRIORITY_LOW);
128
129
    assert(val == 0);

130
    *client = vlc_tls_ClientSessionCreateFD(client_creds, insecurev[1],
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
131
132
133
                                          "localhost", "vlc-tls-test",
                                          alpnv[1], alp);
    if (*client == NULL)
134
    {
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
135
        val = vlc_close(insecurev[1]);
136
        assert(val == 0);
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
137
        vlc_join(*th, NULL);
138
139
140
141
142
        return -1;
    }
    return 0;
}

Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
143
144
145
146
147
148
149
150
static const char certpath[] = SRCDIR"/modules/misc/certkey.pem";
static const char *const alpn[] = { "foo", "bar", NULL };

int main(void)
{
    int val;
    int answer = 0;

151
152
153
154
155
156
157
158
    /* Create fake home for stored keys */
    char homedir[] = "/tmp/vlc-test-XXXXXX";
    if (mkdtemp(homedir) != homedir)
    {
        perror("Temporary directory");
        return 77;
    }

159
    assert(!strncmp(homedir, "/tmp/vlc-test-", 14));
160
    setenv("HOME", homedir, 1);
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
161
162
163
164
165
166
    setenv("VLC_PLUGIN_PATH", "../modules", 1);

    vlc = libvlc_new(0, NULL);
    assert(vlc != NULL);
    obj = VLC_OBJECT(vlc->p_libvlc_int);

Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
167
168
169
170
171
172
173
174
    server_creds = vlc_tls_ServerCreate(obj, SRCDIR"/nonexistent", NULL);
    assert(server_creds == NULL);
    server_creds = vlc_tls_ServerCreate(obj, SRCDIR"/samples/empty.voc", NULL);
    assert(server_creds == NULL);
    server_creds = vlc_tls_ServerCreate(obj, certpath, SRCDIR"/nonexistent");
    assert(server_creds == NULL);
    server_creds = vlc_tls_ServerCreate(obj, certpath, NULL);
    if (server_creds == NULL)
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
175
    {
176
177
        libvlc_release(vlc);
        return 77;
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
178
179
    }

Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
180
181
    client_creds = vlc_tls_ClientCreate(obj);
    assert(client_creds != NULL);
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
182

Thomas Guillem's avatar
Thomas Guillem committed
183
184
185
186
187
    vlc_dialog_cbs cbs = {
        .pf_display_question = dialog_display_question_cb,
        .pf_cancel = dialog_cancel_cb,
    };
    vlc_dialog_provider_set_callbacks(obj, &cbs, &answer);
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
188

Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
189
190
    vlc_thread_t th;
    vlc_tls_t *tls;
191
192
    const char *const *alpnv[2] = { alpn + 1, alpn };
    char *alp;
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
193
    void *p;
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
194

195
196
    /* Test unknown certificate */
    answer = 0;
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
197
    val = securepair(&th, &tls, alpnv, &alp);
198
    assert(val == -1);
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
199

200
    /* Accept unknown certificate */
Thomas Guillem's avatar
Thomas Guillem committed
201
    answer = 1;
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
202
    val = securepair(&th, &tls, alpnv, &alp);
203
    assert(val == 0);
204
205
206

    /* SecureTransport, used on apple platforms, does not support ALPN */
#ifndef __APPLE__
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
207
208
209
    assert(alp != NULL);
    assert(!strcmp(alp, "bar"));
    free(alp);
210
#endif
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
211

212
    /* Do some I/O */
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
213
    char buf[12];
214
    struct iovec iov;
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
215

216
217
218
    iov.iov_base = buf;
    iov.iov_len = sizeof (buf);
    val = tls->readv(tls, &iov, 1);
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
219
220
    assert(val == -1 && errno == EAGAIN);

Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
221
    val = vlc_tls_Write(tls, "Hello ", 6);
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
222
    assert(val == 6);
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
223
    val = vlc_tls_Write(tls, "world!", 6);
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
224
225
    assert(val == 6);

Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
226
    val = vlc_tls_Read(tls, buf, sizeof (buf), true);
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
227
228
229
    assert(val == 12);
    assert(!memcmp(buf, "Hello world!", 12));

Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
230
    val = vlc_tls_Shutdown(tls, false);
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
231
    assert(val == 0);
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
232
233
234
    vlc_join(th, &p);
    assert(p != NULL);
    val = vlc_tls_Read(tls, buf, sizeof (buf), false);
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
235
    assert(val == 0);
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
236
    vlc_tls_Close(tls);
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
237

238
239
    /* Test known certificate, ignore ALPN result */
    answer = 0;
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
240
    val = securepair(&th, &tls, alpnv, NULL);
241
    assert(val == 0);
242
243
244
245
246
247

    /* Do a lot of I/O, test congestion handling */
    static unsigned char data[16184];
    size_t bytes = 0;
    unsigned seed = 0;

248
249
250
    iov.iov_base = data;
    iov.iov_len = sizeof (data);

251
252
253
254
255
256
    do
    {
        for (size_t i = 0; i < sizeof (data); i++)
            data[i] = rand_r(&seed);
        bytes += sizeof (data);
    }
257
    while ((val = tls->writev(tls, &iov, 1)) == sizeof (data));
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275

    bytes -= sizeof (data);
    if (val > 0)
        bytes += val;

    fprintf(stderr, "Sent %zu bytes.\n", bytes);
    seed = 0;

    while (bytes > 0)
    {
        unsigned char c = rand_r(&seed);

        val = vlc_tls_Read(tls, buf, 1, false);
        assert(val == 1);
        assert(c == (unsigned char)buf[0]);
        bytes--;
    }

Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
276
277
    vlc_tls_Close(tls);
    vlc_join(th, NULL);
278
279
280

    /* Test known certificate, no ALPN */
    alpnv[0] = alpnv[1] = NULL;
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
281
    val = securepair(&th, &tls, alpnv, NULL);
282
    assert(val == 0);
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
283
284
    vlc_tls_Close(tls);
    vlc_join(th, NULL);
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
285

Thomas Guillem's avatar
Thomas Guillem committed
286
    vlc_dialog_provider_set_callbacks(obj, NULL, NULL);
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
287
288
    vlc_tls_Delete(client_creds);
    vlc_tls_Delete(server_creds);
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
289
    libvlc_release(vlc);
290

291
    if (fork() == 0)
292
        execlp("rm", "rm", "-rf", homedir, (char *)NULL);
293
    return 0;
Rémi Denis-Courmont's avatar
Rémi Denis-Courmont committed
294
}