[apple/security.git] / sslViewer / sslThreading.h

/*
 * Copyright (c) 2006-2007,2013 Apple Inc. All Rights Reserved.
 *
 * sslThreading.h - support for two-threaded SSL client/server tests.
 */
 
#ifndef _SSL_THREADING_H_
#define _SSL_THREADING_H_ 1

#include <Security/SecureTransport.h>
#include <Security/Security.h>

#ifdef	__cplusplus
extern "C" {
#endif

/* "Don't bother verifying" values */
#define SSL_PROTOCOL_IGNORE		((SSLProtocol)0x123456)
#define SSL_CLIENT_CERT_IGNORE	((SSLClientCertificateState)0x234567)
#define SSL_CIPHER_IGNORE		((SSLCipherSuite)0x345678)

/*
 * Test params passed to both sslClient() and sslServer()
 */
typedef struct {
	
	/* client side only */
	const char					*hostName;
	bool						skipHostNameCheck;	
	
	/* common */
	unsigned short				port;
	SSLProtocol					tryVersion;			// only used if acceptedProts
													//   NULL
	const char					*acceptedProts;
	const char					*myCertKcName;		// required for server, 
													//   optional for client
	const char					*password;			// optional, to unlock keychain
	bool						idIsTrustedRoot;	// cert in KC is trusted root
	bool						disableCertVerify;
	const char					*anchorFile;		// to add/replace anchors
	bool						replaceAnchors;
	SSLAuthenticate				authenticate;
	bool						resumeEnable;
	const SSLCipherSuite 		*ciphers;			// optional array of allowed ciphers, 
													// terminated with SSL_NO_SUCH_CIPHERSUITE
	bool						nonBlocking;
	const unsigned char			*dhParams;			// optional Diffie-Hellman params
	unsigned					dhParamsLen;

	/* expected results */
	OSStatus					expectRtn;
	SSLProtocol					expectVersion;
	SSLClientCertificateState	expectCertState;
	SSLCipherSuite				expectCipher;
	
	/* UI parameters */
	bool						quiet;
	bool						silent;
	bool						verbose;
	
	/* 
	 * Server semaphore: 
	 *
	 * -- main thread inits and sets serverRady false
	 * -- main thread starts up server thread
	 * -- server thread inits and sets of a socket for listening
	 * -- serrver thread sets serverReady true and does pthread_cond_broadcast
	 */
	pthread_mutex_t				pthreadMutex;
	pthread_cond_t				pthreadCond;
	bool						serverReady;
	/* 
	 * To ensure error abort is what we expect instead of just "
	 * peer closed their socket", server avoids closing down the
	 * socket until client sets this flag. It's just polled, no
	 * locking. Setting the serverAbort flag skips this 
	 * step to facilitate testing cases where server explicitly
	 * drops connection (e.g. in response to an unacceptable 
	 * ClientHello). 
	 */
	unsigned					clientDone;
	bool						serverAbort;
	
	/* 
	 * Returned and also verified by sslRunSession().
	 * Conditions in which expected value NOT verified are listed
	 * in following comments.
	 *
	 * NegCipher is only verified if (ortn == errSecSuccess). 
	 */
	SSLProtocol					negVersion;		// SSL_PROTOCOL_IGNORE
	SSLCipherSuite				negCipher;		// SSL_CIPHER_IGNORE
	SSLClientCertificateState 	certState;		// SSL_CLIENT_CERT_IGNORE
	OSStatus					ortn;			// always checked

} SslAppTestParams;

/* client and server in sslClient.cpp and sslServe.cpp */
OSStatus sslAppClient(
	SslAppTestParams		*params);
OSStatus sslAppServe(
	SslAppTestParams		*params);

/*
 * Run one session, with the server in a separate thread.
 * On entry, serverParams->port is the port we attempt to run on;
 * the server thread may overwrite that with a different port if it's 
 * unable to open the port we specify. Whatever is left in 
 * serverParams->port is what's used for the client side. 
 */
int sslRunSession(
	SslAppTestParams	*serverParams,
	SslAppTestParams 	*clientParams,
	const char 			*testDesc);

void sslShowResult(
	char				*whichSide,		// "client" or "server"
	SslAppTestParams	*params);


/*
 * Macros which do the repetetive setup/run work
 */
#define SSL_THR_SETUP(serverParams, clientParams, clientDefaults, serverDefault) \
{										\
	unsigned short serverPort;			\
	serverPort = serverParams.port + 1;	\
	clientParams = clientDefaults; 		\
	serverParams = serverDefaults;		\
	serverParams.port = serverPort;		\
}

#define SSL_THR_RUN(serverParams, clientParams, desc, ourRtn)	\
{																\
	thisRtn = sslRunSession(&serverParams, &clientParams, desc);	\
	ourRtn += thisRtn;												\
	if(thisRtn) {													\
		if(testError(clientParams.quiet)) {						\
			goto done;											\
		}														\
	}															\
}

#define SSL_THR_RUN_NUM(serverParams, clientParams, desc, ourRtn, testNum)	\
{																\
	thisRtn = sslRunSession(&serverParams, &clientParams, desc);\
	ourRtn += thisRtn;											\
	if(thisRtn) {												\
		printf("***Error on test %u\n", testNum);				\
		if(testError(clientParams.quiet)) {						\
			goto done;											\
		}														\
	}															\
}

#define THREADING_DEBUG		0
#if		THREADING_DEBUG

#define sslThrDebug(side, end)	\
	printf("^^^%s thread %p %s\n", side, pthread_self(), end)
#else	/* THREADING_DEBUG */
#define sslThrDebug(side, end)
#endif	/* THREADING_DEBUG */
#ifdef	__cplusplus
}
#endif

#endif	/* _SSL_THREADING_H_ */
Commit	Line	Data
d8f41ccd A	1	/*
	2	* Copyright (c) 2006-2007,2013 Apple Inc. All Rights Reserved.
	3	*
	4	* sslThreading.h - support for two-threaded SSL client/server tests.
	5	*/
	6
	7	#ifndef _SSL_THREADING_H_
	8	#define _SSL_THREADING_H_ 1
	9
	10	#include <Security/SecureTransport.h>
	11	#include <Security/Security.h>
	12
	13	#ifdef __cplusplus
	14	extern "C" {
	15	#endif
	16
	17	/* "Don't bother verifying" values */
	18	#define SSL_PROTOCOL_IGNORE ((SSLProtocol)0x123456)
	19	#define SSL_CLIENT_CERT_IGNORE ((SSLClientCertificateState)0x234567)
	20	#define SSL_CIPHER_IGNORE ((SSLCipherSuite)0x345678)
	21
	22	/*
	23	* Test params passed to both sslClient() and sslServer()
	24	*/
	25	typedef struct {
	26
	27	/* client side only */
	28	const char *hostName;
	29	bool skipHostNameCheck;
	30
	31	/* common */
	32	unsigned short port;
	33	SSLProtocol tryVersion; // only used if acceptedProts
	34	// NULL
	35	const char *acceptedProts;
	36	const char *myCertKcName; // required for server,
	37	// optional for client
	38	const char *password; // optional, to unlock keychain
	39	bool idIsTrustedRoot; // cert in KC is trusted root
	40	bool disableCertVerify;
	41	const char *anchorFile; // to add/replace anchors
	42	bool replaceAnchors;
	43	SSLAuthenticate authenticate;
	44	bool resumeEnable;
	45	const SSLCipherSuite *ciphers; // optional array of allowed ciphers,
	46	// terminated with SSL_NO_SUCH_CIPHERSUITE
	47	bool nonBlocking;
	48	const unsigned char *dhParams; // optional Diffie-Hellman params
	49	unsigned dhParamsLen;
	50
	51	/* expected results */
	52	OSStatus expectRtn;
	53	SSLProtocol expectVersion;
	54	SSLClientCertificateState expectCertState;
	55	SSLCipherSuite expectCipher;
	56
	57	/* UI parameters */
	58	bool quiet;
	59	bool silent;
	60	bool verbose;
	61
	62	/*
	63	* Server semaphore:
	64	*
65	* -- main thread inits and sets serverRady false
66	* -- main thread starts up server thread
67	* -- server thread inits and sets of a socket for listening
68	* -- serrver thread sets serverReady true and does pthread_cond_broadcast
69	*/
70	pthread_mutex_t pthreadMutex;
71	pthread_cond_t pthreadCond;
72	bool serverReady;
73	/*
74	* To ensure error abort is what we expect instead of just "
75	* peer closed their socket", server avoids closing down the
76	* socket until client sets this flag. It's just polled, no
77	* locking. Setting the serverAbort flag skips this
78	* step to facilitate testing cases where server explicitly
79	* drops connection (e.g. in response to an unacceptable
80	* ClientHello).
81	*/
82	unsigned clientDone;
83	bool serverAbort;
84
85	/*
86	* Returned and also verified by sslRunSession().
87	* Conditions in which expected value NOT verified are listed
88	* in following comments.
89	*
90	* NegCipher is only verified if (ortn == errSecSuccess).
91	*/
92	SSLProtocol negVersion; // SSL_PROTOCOL_IGNORE
93	SSLCipherSuite negCipher; // SSL_CIPHER_IGNORE
94	SSLClientCertificateState certState; // SSL_CLIENT_CERT_IGNORE
95	OSStatus ortn; // always checked
96
97	} SslAppTestParams;
98
99	/* client and server in sslClient.cpp and sslServe.cpp */
100	OSStatus sslAppClient(
101	SslAppTestParams *params);
102	OSStatus sslAppServe(
103	SslAppTestParams *params);
104
105	/*
106	* Run one session, with the server in a separate thread.
107	* On entry, serverParams->port is the port we attempt to run on;
108	* the server thread may overwrite that with a different port if it's
109	* unable to open the port we specify. Whatever is left in
110	* serverParams->port is what's used for the client side.
111	*/
112	int sslRunSession(
113	SslAppTestParams *serverParams,
114	SslAppTestParams *clientParams,
115	const char *testDesc);
116
117	void sslShowResult(
118	char *whichSide, // "client" or "server"
119	SslAppTestParams *params);
120
121
122	/*
123	* Macros which do the repetetive setup/run work
124	*/
125	#define SSL_THR_SETUP(serverParams, clientParams, clientDefaults, serverDefault) \
126	{ \
127	unsigned short serverPort; \
128	serverPort = serverParams.port + 1; \
129	clientParams = clientDefaults; \
130	serverParams = serverDefaults; \
131	serverParams.port = serverPort; \
132	}
133
134	#define SSL_THR_RUN(serverParams, clientParams, desc, ourRtn) \
135	{ \
136	thisRtn = sslRunSession(&serverParams, &clientParams, desc); \
137	ourRtn += thisRtn; \
138	if(thisRtn) { \
139	if(testError(clientParams.quiet)) { \
140	goto done; \
141	} \
142	} \
143	}
144
145	#define SSL_THR_RUN_NUM(serverParams, clientParams, desc, ourRtn, testNum) \
146	{ \
147	thisRtn = sslRunSession(&serverParams, &clientParams, desc);\
148	ourRtn += thisRtn; \
149	if(thisRtn) { \
150	printf("***Error on test %u\n", testNum); \
151	if(testError(clientParams.quiet)) { \
152	goto done; \
153	} \
154	} \
155	}
156
157	#define THREADING_DEBUG 0
158	#if THREADING_DEBUG
159
160	#define sslThrDebug(side, end) \
161	printf("^^^%s thread %p %s\n", side, pthread_self(), end)
162	#else /* THREADING_DEBUG */
163	#define sslThrDebug(side, end)
164	#endif /* THREADING_DEBUG */
165	#ifdef __cplusplus
166	}
167	#endif
168
169	#endif /* _SSL_THREADING_H_ */