]> git.saurik.com Git - apple/security.git/blob - SecurityTests/clxutils/clAppUtils/sslThreading.h
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-57031.1.35.tar.gz
[apple/security.git] / SecurityTests / clxutils / clAppUtils / sslThreading.h
1 /*
2 * sslThreading.h - support for two-threaded SSL client/server tests.
3 */
4
5 #ifndef _SSL_THREADING_H_
6 #define _SSL_THREADING_H_ 1
7
8 #include <Security/SecureTransport.h>
9 #include <Security/Security.h>
10 #include <clAppUtils/ringBufferIo.h>
11
12 #ifdef __cplusplus
13 extern "C" {
14 #endif
15
16 /* "Don't bother verifying" values */
17 #define SSL_PROTOCOL_IGNORE ((SSLProtocol)0x123456)
18 #define SSL_CLIENT_CERT_IGNORE ((SSLClientCertificateState)0x234567)
19 #define SSL_CIPHER_IGNORE ((SSLCipherSuite)0x345678)
20
21 /*
22 * Test params passed to both sslClient() and sslServer()
23 */
24 typedef struct {
25
26 /* client side only */
27 const char *hostName;
28 bool skipHostNameCheck;
29
30 /* common */
31 unsigned short port;
32 RingBuffer *serverToClientRing;
33 RingBuffer *clientToServerRing;
34
35 bool noProtSpec; // if true, don't set protocol in either
36 // fashion
37 SSLProtocol tryVersion; // only used if acceptedProts
38 // NULL
39 const char *acceptedProts;
40 const char *myCertKcName; // required for server,
41 // optional for client
42 const char *password; // optional, to unlock keychain
43 bool idIsTrustedRoot; // cert in KC is trusted root
44 bool disableCertVerify;
45 const char *anchorFile; // to add/replace anchors
46 bool replaceAnchors;
47 SSLAuthenticate authenticate;
48 bool resumeEnable;
49 const SSLCipherSuite *ciphers; // optional array of allowed ciphers,
50 // terminated with SSL_NO_SUCH_CIPHERSUITE
51 bool nonBlocking;
52 const unsigned char *dhParams; // optional Diffie-Hellman params
53 unsigned dhParamsLen;
54
55 /* expected results */
56 OSStatus expectRtn;
57 SSLProtocol expectVersion;
58 SSLClientCertificateState expectCertState;
59 SSLCipherSuite expectCipher;
60
61 /* UI parameters */
62 bool quiet;
63 bool silent;
64 bool verbose;
65
66 /*
67 * Server semaphore:
68 *
69 * -- main thread inits and sets serverReady false
70 * -- main thread starts up server thread
71 * -- server thread inits and sets up a socket for listening
72 * -- server thread sets serverReady true and does pthread_cond_broadcast
73 */
74 pthread_mutex_t pthreadMutex;
75 pthread_cond_t pthreadCond;
76 bool serverReady;
77
78 /*
79 * To ensure error abort is what we expect instead of just
80 * "peer closed their socket", server avoids closing down the
81 * socket until client sets this flag. It's just polled, no
82 * locking. Setting the serverAbort flag skips this
83 * step to facilitate testing cases where server explicitly
84 * drops connection (e.g. in response to an unacceptable
85 * ClientHello).
86 */
87 unsigned clientDone;
88 bool serverAbort;
89
90 /*
91 * Returned and also verified by sslRunSession().
92 * Conditions in which expected value NOT verified are listed
93 * in following comments.
94 *
95 * NegCipher is only verified if (ortn == noErr).
96 */
97 SSLProtocol negVersion; // SSL_PROTOCOL_IGNORE
98 SSLCipherSuite negCipher; // SSL_CIPHER_IGNORE
99 SSLClientCertificateState certState; // SSL_CLIENT_CERT_IGNORE
100 OSStatus ortn; // always checked
101
102 } SslAppTestParams;
103
104 /* client and server in sslClient.cpp and sslServe.cpp */
105 OSStatus sslAppClient(
106 SslAppTestParams *params);
107 OSStatus sslAppServe(
108 SslAppTestParams *params);
109
110 /*
111 * Run one session, with the server in a separate thread.
112 * On entry, serverParams->port is the port we attempt to run on;
113 * the server thread may overwrite that with a different port if it's
114 * unable to open the port we specify. Whatever is left in
115 * serverParams->port is what's used for the client side.
116 */
117 int sslRunSession(
118 SslAppTestParams *serverParams,
119 SslAppTestParams *clientParams,
120 const char *testDesc);
121
122 void sslShowResult(
123 const char *whichSide, // "client" or "server"
124 SslAppTestParams *params);
125
126
127 /*
128 * Macros which do the repetetive setup/run work
129 */
130 #define SSL_THR_SETUP(serverParams, clientParams, clientDefaults, serverDefault) \
131 { \
132 unsigned short serverPort; \
133 serverPort = serverParams.port + 1; \
134 clientParams = clientDefaults; \
135 serverParams = serverDefaults; \
136 serverParams.port = serverPort; \
137 }
138
139 #define SSL_THR_RUN(serverParams, clientParams, desc, ourRtn) \
140 { \
141 thisRtn = sslRunSession(&serverParams, &clientParams, desc); \
142 ourRtn += thisRtn; \
143 if(thisRtn) { \
144 if(testError(clientParams.quiet)) { \
145 goto done; \
146 } \
147 } \
148 }
149
150 #define SSL_THR_RUN_NUM(serverParams, clientParams, desc, ourRtn, testNum) \
151 { \
152 thisRtn = sslRunSession(&serverParams, &clientParams, desc);\
153 ourRtn += thisRtn; \
154 if(thisRtn) { \
155 printf("***Error on test %u\n", testNum); \
156 if(testError(clientParams.quiet)) { \
157 goto done; \
158 } \
159 } \
160 }
161
162 #define THREADING_DEBUG 0
163 #if THREADING_DEBUG
164
165 #define sslThrDebug(side, end) \
166 printf("^^^%s thread %p %s\n", side, pthread_self(), end)
167 #else /* THREADING_DEBUG */
168 #define sslThrDebug(side, end)
169 #endif /* THREADING_DEBUG */
170 #ifdef __cplusplus
171 }
172 #endif
173
174 #endif /* _SSL_THREADING_H_ */
mirror of Security