]> git.saurik.com Git - apple/security.git/blob - sslViewer/sslThreading.h
Security-58286.41.2.tar.gz
[apple/security.git] / sslViewer / sslThreading.h
1 /*
2 * Copyright (c) 2006-2007,2013 Apple Inc. All Rights Reserved.
3 *
4 * sslThreading.h - support for two-threaded SSL client/server tests.
5 */
6
7 #ifndef _SSL_THREADING_H_
8 #define _SSL_THREADING_H_ 1
9
10 #include <Security/SecureTransport.h>
11 #include <Security/Security.h>
12
13 #ifdef __cplusplus
14 extern "C" {
15 #endif
16
17 /* "Don't bother verifying" values */
18 #define SSL_PROTOCOL_IGNORE ((SSLProtocol)0x123456)
19 #define SSL_CLIENT_CERT_IGNORE ((SSLClientCertificateState)0x234567)
20 #define SSL_CIPHER_IGNORE ((SSLCipherSuite)0x345678)
21
22 /*
23 * Test params passed to both sslClient() and sslServer()
24 */
25 typedef struct {
26
27 /* client side only */
28 const char *hostName;
29 bool skipHostNameCheck;
30
31 /* common */
32 unsigned short port;
33 SSLProtocol tryVersion; // only used if acceptedProts
34 // NULL
35 const char *acceptedProts;
36 const char *myCertKcName; // required for server,
37 // optional for client
38 const char *password; // optional, to unlock keychain
39 bool idIsTrustedRoot; // cert in KC is trusted root
40 bool disableCertVerify;
41 const char *anchorFile; // to add/replace anchors
42 bool replaceAnchors;
43 SSLAuthenticate authenticate;
44 bool resumeEnable;
45 const SSLCipherSuite *ciphers; // optional array of allowed ciphers,
46 // terminated with SSL_NO_SUCH_CIPHERSUITE
47 bool nonBlocking;
48 const unsigned char *dhParams; // optional Diffie-Hellman params
49 unsigned dhParamsLen;
50
51 /* expected results */
52 OSStatus expectRtn;
53 SSLProtocol expectVersion;
54 SSLClientCertificateState expectCertState;
55 SSLCipherSuite expectCipher;
56
57 /* UI parameters */
58 bool quiet;
59 bool silent;
60 bool verbose;
61
62 /*
63 * Server semaphore:
64 *
65 * -- main thread inits and sets serverRady false
66 * -- main thread starts up server thread
67 * -- server thread inits and sets of a socket for listening
68 * -- serrver thread sets serverReady true and does pthread_cond_broadcast
69 */
70 pthread_mutex_t pthreadMutex;
71 pthread_cond_t pthreadCond;
72 bool serverReady;
73 /*
74 * To ensure error abort is what we expect instead of just "
75 * peer closed their socket", server avoids closing down the
76 * socket until client sets this flag. It's just polled, no
77 * locking. Setting the serverAbort flag skips this
78 * step to facilitate testing cases where server explicitly
79 * drops connection (e.g. in response to an unacceptable
80 * ClientHello).
81 */
82 unsigned clientDone;
83 bool serverAbort;
84
85 /*
86 * Returned and also verified by sslRunSession().
87 * Conditions in which expected value NOT verified are listed
88 * in following comments.
89 *
90 * NegCipher is only verified if (ortn == errSecSuccess).
91 */
92 SSLProtocol negVersion; // SSL_PROTOCOL_IGNORE
93 SSLCipherSuite negCipher; // SSL_CIPHER_IGNORE
94 SSLClientCertificateState certState; // SSL_CLIENT_CERT_IGNORE
95 OSStatus ortn; // always checked
96
97 } SslAppTestParams;
98
99 /* client and server in sslClient.cpp and sslServe.cpp */
100 OSStatus sslAppClient(
101 SslAppTestParams *params);
102 OSStatus sslAppServe(
103 SslAppTestParams *params);
104
105 /*
106 * Run one session, with the server in a separate thread.
107 * On entry, serverParams->port is the port we attempt to run on;
108 * the server thread may overwrite that with a different port if it's
109 * unable to open the port we specify. Whatever is left in
110 * serverParams->port is what's used for the client side.
111 */
112 int sslRunSession(
113 SslAppTestParams *serverParams,
114 SslAppTestParams *clientParams,
115 const char *testDesc);
116
117 void sslShowResult(
118 char *whichSide, // "client" or "server"
119 SslAppTestParams *params);
120
121
122 /*
123 * Macros which do the repetetive setup/run work
124 */
125 #define SSL_THR_SETUP(serverParams, clientParams, clientDefaults, serverDefault) \
126 { \
127 unsigned short serverPort; \
128 serverPort = serverParams.port + 1; \
129 clientParams = clientDefaults; \
130 serverParams = serverDefaults; \
131 serverParams.port = serverPort; \
132 }
133
134 #define SSL_THR_RUN(serverParams, clientParams, desc, ourRtn) \
135 { \
136 thisRtn = sslRunSession(&serverParams, &clientParams, desc); \
137 ourRtn += thisRtn; \
138 if(thisRtn) { \
139 if(testError(clientParams.quiet)) { \
140 goto done; \
141 } \
142 } \
143 }
144
145 #define SSL_THR_RUN_NUM(serverParams, clientParams, desc, ourRtn, testNum) \
146 { \
147 thisRtn = sslRunSession(&serverParams, &clientParams, desc);\
148 ourRtn += thisRtn; \
149 if(thisRtn) { \
150 printf("***Error on test %u\n", testNum); \
151 if(testError(clientParams.quiet)) { \
152 goto done; \
153 } \
154 } \
155 }
156
157 #define THREADING_DEBUG 0
158 #if THREADING_DEBUG
159
160 #define sslThrDebug(side, end) \
161 printf("^^^%s thread %p %s\n", side, pthread_self(), end)
162 #else /* THREADING_DEBUG */
163 #define sslThrDebug(side, end)
164 #endif /* THREADING_DEBUG */
165 #ifdef __cplusplus
166 }
167 #endif
168
169 #endif /* _SSL_THREADING_H_ */