1 /*****************************************************************************
2 * tls.c: Transport Layer Security module test
3 *****************************************************************************
4 * Copyright © 2016 Rémi Denis-Courmont
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU Lesser General Public License as published by
8 * the Free Software Foundation; either version 2.1 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public License
17 * along with this program; if not, write to the Free Software Foundation,
18 * Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301, USA.
19 *****************************************************************************/
20
21 #ifdef HAVE_CONFIG_H
22 # include "config.h"
23 #endif
24
25 #undef NDEBUG
26 #include <assert.h>
27 #include <errno.h>
28 #include <stdlib.h>
29 #include <string.h>
30
31 #include <sys/types.h>
32 #include <sys/socket.h>
33 #include <poll.h>
34
35 #include <vlc_common.h>
36 #include <vlc_modules.h>
37 #include <vlc_tls.h>
38 #include "../../../lib/libvlc_internal.h"
39
40 #include <vlc/vlc.h>
41
42 static vlc_tls_creds_t *server_creds;
43 static vlc_tls_creds_t *client_creds;
44
tls_echo(void * data)45 static void *tls_echo(void *data)
46 {
47 vlc_tls_t *tls = data;
48 struct pollfd ufd;
49 ssize_t val;
50 char buf[256];
51
52 ufd.fd = vlc_tls_GetFD(tls);
53
54 while ((val = vlc_tls_SessionHandshake(server_creds, tls)) > 0)
55 {
56 switch (val)
57 {
58 case 1: ufd.events = POLLIN; break;
59 case 2: ufd.events = POLLOUT; break;
60 default: vlc_assert_unreachable();
61 }
62 poll(&ufd, 1, -1);
63 }
64
65 if (val < 0)
66 goto error;
67
68 while ((val = vlc_tls_Read(tls, buf, sizeof (buf), false)) > 0)
69 if (vlc_tls_Write(tls, buf, val) < val)
70 goto error;
71
72 if (val < 0 || vlc_tls_Shutdown(tls, false))
73 goto error;
74
75 vlc_tls_Close(tls);
76 return tls;
77 error:
78 vlc_tls_Close(tls);
79 return NULL;
80 }
81
securepair(vlc_thread_t * th,const char * const salpnv[],const char * const calpnv[],char ** restrict alp)82 static vlc_tls_t *securepair(vlc_thread_t *th,
83 const char *const salpnv[],
84 const char *const calpnv[],
85 char **restrict alp)
86 {
87 vlc_tls_t *socks[2];
88 vlc_tls_t *server, *client;
89 int val;
90
91 val = vlc_tls_SocketPair(PF_LOCAL, 0, socks);
92 assert(val == 0);
93
94 server = vlc_tls_ServerSessionCreate(server_creds, socks[0], salpnv);
95 assert(server != NULL);
96
97 val = vlc_clone(th, tls_echo, server, VLC_THREAD_PRIORITY_LOW);
98 assert(val == 0);
99
100 client = vlc_tls_ClientSessionCreate(client_creds, socks[1],
101 "localhost", "vlc-tls-test",
102 calpnv, alp);
103 if (client == NULL)
104 {
105 vlc_tls_SessionDelete(socks[1]);
106 vlc_join(*th, NULL);
107 return NULL;
108 }
109 return client;
110 }
111
112 #define CERTDIR SRCDIR "/samples/certs"
113 #define CERTFILE CERTDIR "/certkey.pem"
114
115 static const char *const test_cert_argv[] = {
116 "--no-gnutls-system-trust", "--gnutls-dir-trust=" CERTDIR, NULL };
117 static const char *const alpn[] = { "foo", "bar", NULL };
118 static const char *const alpn_bad[] = { "baz", NULL };
119
main(void)120 int main(void)
121 {
122 libvlc_instance_t *vlc;
123 vlc_object_t *obj;
124 vlc_thread_t th;
125 void *p;
126 vlc_tls_t *tls;
127 char *alp;
128 int val;
129
130 setenv("VLC_PLUGIN_PATH", "../modules", 1);
131
132 /*** Tests with normal certs database - server cert not acceptable. ***/
133 vlc = libvlc_new(0, NULL);
134 assert(vlc != NULL);
135 obj = VLC_OBJECT(vlc->p_libvlc_int);
136
137 server_creds = vlc_tls_ServerCreate(obj, SRCDIR"/nonexistent", NULL);
138 assert(server_creds == NULL);
139 server_creds = vlc_tls_ServerCreate(obj, SRCDIR"/samples/empty.voc", NULL);
140 assert(server_creds == NULL);
141 server_creds = vlc_tls_ServerCreate(obj, CERTFILE, SRCDIR"/nonexistent");
142 assert(server_creds == NULL);
143 server_creds = vlc_tls_ServerCreate(obj, CERTFILE, NULL);
144 if (server_creds == NULL)
145 {
146 libvlc_release(vlc);
147 return 77;
148 }
149 vlc_tls_Delete(server_creds);
150
151 server_creds = vlc_tls_ServerCreate(obj, CERTFILE, CERTFILE);
152 assert(server_creds != NULL);
153 client_creds = vlc_tls_ClientCreate(obj);
154 assert(client_creds != NULL);
155
156 /* Test unknown certificate */
157 tls = securepair(&th, alpn, alpn, &alp);
158 assert(tls == NULL);
159 tls = securepair(&th, alpn, alpn, NULL);
160 assert(tls == NULL);
161
162 vlc_tls_Delete(client_creds);
163 vlc_tls_Delete(server_creds);
164 libvlc_release(vlc);
165
166 /*** Tests with test certs database - server cert accepted. ***/
167 vlc = libvlc_new(ARRAY_SIZE(test_cert_argv) - 1, test_cert_argv);
168 if (vlc == NULL)
169 {
170 libvlc_release(vlc);
171 return 77;
172 }
173 obj = VLC_OBJECT(vlc->p_libvlc_int);
174
175 server_creds = vlc_tls_ServerCreate(obj, CERTFILE, NULL);
176 assert(server_creds != NULL);
177 client_creds = vlc_tls_ClientCreate(obj);
178 assert(client_creds != NULL);
179
180 /* Test known certificate */
181 tls = securepair(&th, alpn, alpn, &alp);
182 assert(tls != NULL);
183 assert(alp != NULL);
184 assert(strcmp(alp, alpn[0]) == 0);
185 free(alp);
186
187 /* Do some I/O */
188 char buf[12];
189 struct iovec iov;
190
191 iov.iov_base = buf;
192 iov.iov_len = sizeof (buf);
193 val = tls->readv(tls, &iov, 1);
194 assert(val == -1 && errno == EAGAIN);
195
196 val = vlc_tls_Write(tls, "Hello ", 6);
197 assert(val == 6);
198 val = vlc_tls_Write(tls, "world!", 6);
199 assert(val == 6);
200
201 val = vlc_tls_Read(tls, buf, sizeof (buf), true);
202 assert(val == 12);
203 assert(!memcmp(buf, "Hello world!", 12));
204
205 val = vlc_tls_Shutdown(tls, false);
206 assert(val == 0);
207 vlc_join(th, &p);
208 assert(p != NULL);
209 val = vlc_tls_Read(tls, buf, sizeof (buf), false);
210 assert(val == 0);
211 vlc_tls_Close(tls);
212
213 /* Test known certificate, ignore ALPN result */
214 tls = securepair(&th, alpn, alpn, NULL);
215 assert(tls != NULL);
216
217 /* Do a lot of I/O, test congestion handling */
218 static unsigned char data[16184];
219 size_t bytes = 0;
220 unsigned seed = 0;
221
222 iov.iov_base = data;
223 iov.iov_len = sizeof (data);
224
225 do
226 {
227 for (size_t i = 0; i < sizeof (data); i++)
228 data[i] = rand_r(&seed);
229 bytes += sizeof (data);
230 }
231 while ((val = tls->writev(tls, &iov, 1)) == sizeof (data));
232
233 bytes -= sizeof (data);
234 if (val > 0)
235 bytes += val;
236
237 fprintf(stderr, "Sent %zu bytes.\n", bytes);
238 seed = 0;
239
240 while (bytes > 0)
241 {
242 unsigned char c = rand_r(&seed);
243
244 val = vlc_tls_Read(tls, buf, 1, false);
245 assert(val == 1);
246 assert(c == (unsigned char)buf[0]);
247 bytes--;
248 }
249
250 vlc_tls_Close(tls);
251 vlc_join(th, NULL);
252
253 /* Test known certificate, no ALPN */
254 tls = securepair(&th, alpn, NULL, &alp);
255 assert(tls != NULL);
256 assert(alp == NULL);
257 vlc_tls_Close(tls);
258 vlc_join(th, NULL);
259
260 tls = securepair(&th, NULL, alpn, NULL);
261 assert(tls != NULL);
262 assert(alp == NULL);
263 vlc_tls_Close(tls);
264 vlc_join(th, NULL);
265
266 /* Test ALPN combinations */
267 tls = securepair(&th, alpn, alpn + 1, &alp);
268 assert(tls != NULL);
269 assert(alp != NULL);
270 assert(strcmp(alp, alpn[1]) == 0);
271 free(alp);
272 vlc_tls_Close(tls);
273 vlc_join(th, NULL);
274
275 tls = securepair(&th, alpn + 1, alpn, &alp);
276 assert(tls != NULL);
277 assert(alp != NULL);
278 assert(strcmp(alp, alpn[1]) == 0);
279 free(alp);
280 vlc_tls_Close(tls);
281 vlc_join(th, NULL);
282
283 /* Test ALPN mismatch */
284 tls = securepair(&th, alpn, alpn_bad, &alp);
285 assert(tls != NULL);
286 assert(alp == NULL); /* currently, ALPN is marked optional in hello */
287 vlc_tls_Close(tls);
288 vlc_join(th, NULL);
289
290 vlc_tls_Delete(client_creds);
291 vlc_tls_Delete(server_creds);
292 libvlc_release(vlc);
293
294 return 0;
295 }
296