X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/80e2389990082500d76eb566d4946be3e786c3ef..d8f41ccd20de16f8ebe2ccc84d47bf1cb2b26bbb:/sslViewer/sslThreading.h

diff --git a/sslViewer/sslThreading.h b/sslViewer/sslThreading.h
new file mode 100644
index 00000000..8178b1ea
--- /dev/null
+++ b/sslViewer/sslThreading.h
@@ -0,0 +1,169 @@
+/*
+ * Copyright (c) 2006-2007,2013 Apple Inc. All Rights Reserved.
+ *
+ * sslThreading.h - support for two-threaded SSL client/server tests.
+ */
+ 
+#ifndef _SSL_THREADING_H_
+#define _SSL_THREADING_H_ 1
+
+#include <Security/SecureTransport.h>
+#include <Security/Security.h>
+
+#ifdef	__cplusplus
+extern "C" {
+#endif
+
+/* "Don't bother verifying" values */
+#define SSL_PROTOCOL_IGNORE		((SSLProtocol)0x123456)
+#define SSL_CLIENT_CERT_IGNORE	((SSLClientCertificateState)0x234567)
+#define SSL_CIPHER_IGNORE		((SSLCipherSuite)0x345678)
+
+/*
+ * Test params passed to both sslClient() and sslServer()
+ */
+typedef struct {
+	
+	/* client side only */
+	const char					*hostName;
+	bool						skipHostNameCheck;	
+	
+	/* common */
+	unsigned short				port;
+	SSLProtocol					tryVersion;			// only used if acceptedProts
+													//   NULL
+	const char					*acceptedProts;
+	const char					*myCertKcName;		// required for server, 
+													//   optional for client
+	const char					*password;			// optional, to unlock keychain
+	bool						idIsTrustedRoot;	// cert in KC is trusted root
+	bool						disableCertVerify;
+	const char					*anchorFile;		// to add/replace anchors
+	bool						replaceAnchors;
+	SSLAuthenticate				authenticate;
+	bool						resumeEnable;
+	const SSLCipherSuite 		*ciphers;			// optional array of allowed ciphers, 
+													// terminated with SSL_NO_SUCH_CIPHERSUITE
+	bool						nonBlocking;
+	const unsigned char			*dhParams;			// optional Diffie-Hellman params
+	unsigned					dhParamsLen;
+
+	/* expected results */
+	OSStatus					expectRtn;
+	SSLProtocol					expectVersion;
+	SSLClientCertificateState	expectCertState;
+	SSLCipherSuite				expectCipher;
+	
+	/* UI parameters */
+	bool						quiet;
+	bool						silent;
+	bool						verbose;
+	
+	/* 
+	 * Server semaphore: 
+	 *
+	 * -- main thread inits and sets serverRady false
+	 * -- main thread starts up server thread
+	 * -- server thread inits and sets of a socket for listening
+	 * -- serrver thread sets serverReady true and does pthread_cond_broadcast
+	 */
+	pthread_mutex_t				pthreadMutex;
+	pthread_cond_t				pthreadCond;
+	bool						serverReady;
+	/* 
+	 * To ensure error abort is what we expect instead of just "
+	 * peer closed their socket", server avoids closing down the
+	 * socket until client sets this flag. It's just polled, no
+	 * locking. Setting the serverAbort flag skips this 
+	 * step to facilitate testing cases where server explicitly
+	 * drops connection (e.g. in response to an unacceptable 
+	 * ClientHello). 
+	 */
+	unsigned					clientDone;
+	bool						serverAbort;
+	
+	/* 
+	 * Returned and also verified by sslRunSession().
+	 * Conditions in which expected value NOT verified are listed
+	 * in following comments.
+	 *
+	 * NegCipher is only verified if (ortn == errSecSuccess). 
+	 */
+	SSLProtocol					negVersion;		// SSL_PROTOCOL_IGNORE
+	SSLCipherSuite				negCipher;		// SSL_CIPHER_IGNORE
+	SSLClientCertificateState 	certState;		// SSL_CLIENT_CERT_IGNORE
+	OSStatus					ortn;			// always checked
+
+} SslAppTestParams;
+
+/* client and server in sslClient.cpp and sslServe.cpp */
+OSStatus sslAppClient(
+	SslAppTestParams		*params);
+OSStatus sslAppServe(
+	SslAppTestParams		*params);
+
+/*
+ * Run one session, with the server in a separate thread.
+ * On entry, serverParams->port is the port we attempt to run on;
+ * the server thread may overwrite that with a different port if it's 
+ * unable to open the port we specify. Whatever is left in 
+ * serverParams->port is what's used for the client side. 
+ */
+int sslRunSession(
+	SslAppTestParams	*serverParams,
+	SslAppTestParams 	*clientParams,
+	const char 			*testDesc);
+
+void sslShowResult(
+	char				*whichSide,		// "client" or "server"
+	SslAppTestParams	*params);
+
+
+/*
+ * Macros which do the repetetive setup/run work
+ */
+#define SSL_THR_SETUP(serverParams, clientParams, clientDefaults, serverDefault) \
+{										\
+	unsigned short serverPort;			\
+	serverPort = serverParams.port + 1;	\
+	clientParams = clientDefaults; 		\
+	serverParams = serverDefaults;		\
+	serverParams.port = serverPort;		\
+}
+
+#define SSL_THR_RUN(serverParams, clientParams, desc, ourRtn)	\
+{																\
+	thisRtn = sslRunSession(&serverParams, &clientParams, desc);	\
+	ourRtn += thisRtn;												\
+	if(thisRtn) {													\
+		if(testError(clientParams.quiet)) {						\
+			goto done;											\
+		}														\
+	}															\
+}
+
+#define SSL_THR_RUN_NUM(serverParams, clientParams, desc, ourRtn, testNum)	\
+{																\
+	thisRtn = sslRunSession(&serverParams, &clientParams, desc);\
+	ourRtn += thisRtn;											\
+	if(thisRtn) {												\
+		printf("***Error on test %u\n", testNum);				\
+		if(testError(clientParams.quiet)) {						\
+			goto done;											\
+		}														\
+	}															\
+}
+
+#define THREADING_DEBUG		0
+#if		THREADING_DEBUG
+
+#define sslThrDebug(side, end)	\
+	printf("^^^%s thread %p %s\n", side, pthread_self(), end)
+#else	/* THREADING_DEBUG */
+#define sslThrDebug(side, end)
+#endif	/* THREADING_DEBUG */
+#ifdef	__cplusplus
+}
+#endif
+
+#endif	/* _SSL_THREADING_H_ */