+++ /dev/null
-/*
- * sslThreading.h - support for two-threaded SSL client/server tests.
- */
-
-#ifndef _SSL_THREADING_H_
-#define _SSL_THREADING_H_ 1
-
-#include <Security/SecureTransport.h>
-#include <Security/Security.h>
-#include <clAppUtils/ringBufferIo.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* "Don't bother verifying" values */
-#define SSL_PROTOCOL_IGNORE ((SSLProtocol)0x123456)
-#define SSL_CLIENT_CERT_IGNORE ((SSLClientCertificateState)0x234567)
-#define SSL_CIPHER_IGNORE ((SSLCipherSuite)0x345678)
-
-/*
- * Test params passed to both sslClient() and sslServer()
- */
-typedef struct {
-
- /* client side only */
- const char *hostName;
- bool skipHostNameCheck;
-
- /* common */
- unsigned short port;
- RingBuffer *serverToClientRing;
- RingBuffer *clientToServerRing;
-
- bool noProtSpec; // if true, don't set protocol in either
- // fashion
- SSLProtocol tryVersion; // only used if acceptedProts
- // NULL
- const char *acceptedProts;
- const char *myCertKcName; // required for server,
- // optional for client
- const char *password; // optional, to unlock keychain
- bool idIsTrustedRoot; // cert in KC is trusted root
- bool disableCertVerify;
- const char *anchorFile; // to add/replace anchors
- bool replaceAnchors;
- SSLAuthenticate authenticate;
- bool resumeEnable;
- const SSLCipherSuite *ciphers; // optional array of allowed ciphers,
- // terminated with SSL_NO_SUCH_CIPHERSUITE
- bool nonBlocking;
- const unsigned char *dhParams; // optional Diffie-Hellman params
- unsigned dhParamsLen;
-
- /* expected results */
- OSStatus expectRtn;
- SSLProtocol expectVersion;
- SSLClientCertificateState expectCertState;
- SSLCipherSuite expectCipher;
-
- /* UI parameters */
- bool quiet;
- bool silent;
- bool verbose;
-
- /*
- * Server semaphore:
- *
- * -- main thread inits and sets serverReady false
- * -- main thread starts up server thread
- * -- server thread inits and sets up a socket for listening
- * -- server thread sets serverReady true and does pthread_cond_broadcast
- */
- pthread_mutex_t pthreadMutex;
- pthread_cond_t pthreadCond;
- bool serverReady;
-
- /*
- * To ensure error abort is what we expect instead of just
- * "peer closed their socket", server avoids closing down the
- * socket until client sets this flag. It's just polled, no
- * locking. Setting the serverAbort flag skips this
- * step to facilitate testing cases where server explicitly
- * drops connection (e.g. in response to an unacceptable
- * ClientHello).
- */
- unsigned clientDone;
- bool serverAbort;
-
- /*
- * Returned and also verified by sslRunSession().
- * Conditions in which expected value NOT verified are listed
- * in following comments.
- *
- * NegCipher is only verified if (ortn == noErr).
- */
- SSLProtocol negVersion; // SSL_PROTOCOL_IGNORE
- SSLCipherSuite negCipher; // SSL_CIPHER_IGNORE
- SSLClientCertificateState certState; // SSL_CLIENT_CERT_IGNORE
- OSStatus ortn; // always checked
-
-} SslAppTestParams;
-
-/* client and server in sslClient.cpp and sslServe.cpp */
-OSStatus sslAppClient(
- SslAppTestParams *params);
-OSStatus sslAppServe(
- SslAppTestParams *params);
-
-/*
- * Run one session, with the server in a separate thread.
- * On entry, serverParams->port is the port we attempt to run on;
- * the server thread may overwrite that with a different port if it's
- * unable to open the port we specify. Whatever is left in
- * serverParams->port is what's used for the client side.
- */
-int sslRunSession(
- SslAppTestParams *serverParams,
- SslAppTestParams *clientParams,
- const char *testDesc);
-
-void sslShowResult(
- const char *whichSide, // "client" or "server"
- SslAppTestParams *params);
-
-
-/*
- * Macros which do the repetetive setup/run work
- */
-#define SSL_THR_SETUP(serverParams, clientParams, clientDefaults, serverDefault) \
-{ \
- unsigned short serverPort; \
- serverPort = serverParams.port + 1; \
- clientParams = clientDefaults; \
- serverParams = serverDefaults; \
- serverParams.port = serverPort; \
-}
-
-#define SSL_THR_RUN(serverParams, clientParams, desc, ourRtn) \
-{ \
- thisRtn = sslRunSession(&serverParams, &clientParams, desc); \
- ourRtn += thisRtn; \
- if(thisRtn) { \
- if(testError(clientParams.quiet)) { \
- goto done; \
- } \
- } \
-}
-
-#define SSL_THR_RUN_NUM(serverParams, clientParams, desc, ourRtn, testNum) \
-{ \
- thisRtn = sslRunSession(&serverParams, &clientParams, desc);\
- ourRtn += thisRtn; \
- if(thisRtn) { \
- printf("***Error on test %u\n", testNum); \
- if(testError(clientParams.quiet)) { \
- goto done; \
- } \
- } \
-}
-
-#define THREADING_DEBUG 0
-#if THREADING_DEBUG
-
-#define sslThrDebug(side, end) \
- printf("^^^%s thread %p %s\n", side, pthread_self(), end)
-#else /* THREADING_DEBUG */
-#define sslThrDebug(side, end)
-#endif /* THREADING_DEBUG */
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _SSL_THREADING_H_ */
projects / apple / security.git / blobdiff