1/* 2 * Copyright (c) 2006-2007,2013 Apple Inc. All Rights Reserved. 3 * 4 * sslThreading.h - support for two-threaded SSL client/server tests. 5 */ 6 7#ifndef _SSL_THREADING_H_ 8#define _SSL_THREADING_H_ 1 9 10#include <Security/SecureTransport.h> 11#include <Security/Security.h> 12 13#ifdef __cplusplus 14extern "C" { 15#endif 16 17/* "Don't bother verifying" values */ 18#define SSL_PROTOCOL_IGNORE ((SSLProtocol)0x123456) 19#define SSL_CLIENT_CERT_IGNORE ((SSLClientCertificateState)0x234567) 20#define SSL_CIPHER_IGNORE ((SSLCipherSuite)0x345678) 21 22/* 23 * Test params passed to both sslClient() and sslServer() 24 */ 25typedef struct { 26 27 /* client side only */ 28 const char *hostName; 29 bool skipHostNameCheck; 30 31 /* common */ 32 unsigned short port; 33 SSLProtocol tryVersion; // only used if acceptedProts 34 // NULL 35 const char *acceptedProts; 36 const char *myCertKcName; // required for server, 37 // optional for client 38 const char *password; // optional, to unlock keychain 39 bool idIsTrustedRoot; // cert in KC is trusted root 40 bool disableCertVerify; 41 const char *anchorFile; // to add/replace anchors 42 bool replaceAnchors; 43 SSLAuthenticate authenticate; 44 bool resumeEnable; 45 const SSLCipherSuite *ciphers; // optional array of allowed ciphers, 46 // terminated with SSL_NO_SUCH_CIPHERSUITE 47 bool nonBlocking; 48 const unsigned char *dhParams; // optional Diffie-Hellman params 49 unsigned dhParamsLen; 50 51 /* expected results */ 52 OSStatus expectRtn; 53 SSLProtocol expectVersion; 54 SSLClientCertificateState expectCertState; 55 SSLCipherSuite expectCipher; 56 57 /* UI parameters */ 58 bool quiet; 59 bool silent; 60 bool verbose; 61 62 /* 63 * Server semaphore: 64 * 65 * -- main thread inits and sets serverRady false 66 * -- main thread starts up server thread 67 * -- server thread inits and sets of a socket for listening 68 * -- serrver thread sets serverReady true and does pthread_cond_broadcast 69 */ 70 pthread_mutex_t pthreadMutex; 71 pthread_cond_t pthreadCond; 72 bool serverReady; 73 /* 74 * To ensure error abort is what we expect instead of just " 75 * peer closed their socket", server avoids closing down the 76 * socket until client sets this flag. It's just polled, no 77 * locking. Setting the serverAbort flag skips this 78 * step to facilitate testing cases where server explicitly 79 * drops connection (e.g. in response to an unacceptable 80 * ClientHello). 81 */ 82 unsigned clientDone; 83 bool serverAbort; 84 85 /* 86 * Returned and also verified by sslRunSession(). 87 * Conditions in which expected value NOT verified are listed 88 * in following comments. 89 * 90 * NegCipher is only verified if (ortn == errSecSuccess). 91 */ 92 SSLProtocol negVersion; // SSL_PROTOCOL_IGNORE 93 SSLCipherSuite negCipher; // SSL_CIPHER_IGNORE 94 SSLClientCertificateState certState; // SSL_CLIENT_CERT_IGNORE 95 OSStatus ortn; // always checked 96 97} SslAppTestParams; 98 99/* client and server in sslClient.cpp and sslServe.cpp */ 100OSStatus sslAppClient( 101 SslAppTestParams *params); 102OSStatus sslAppServe( 103 SslAppTestParams *params); 104 105/* 106 * Run one session, with the server in a separate thread. 107 * On entry, serverParams->port is the port we attempt to run on; 108 * the server thread may overwrite that with a different port if it's 109 * unable to open the port we specify. Whatever is left in 110 * serverParams->port is what's used for the client side. 111 */ 112int sslRunSession( 113 SslAppTestParams *serverParams, 114 SslAppTestParams *clientParams, 115 const char *testDesc); 116 117void sslShowResult( 118 char *whichSide, // "client" or "server" 119 SslAppTestParams *params); 120 121 122/* 123 * Macros which do the repetetive setup/run work 124 */ 125#define SSL_THR_SETUP(serverParams, clientParams, clientDefaults, serverDefault) \ 126{ \ 127 unsigned short serverPort; \ 128 serverPort = serverParams.port + 1; \ 129 clientParams = clientDefaults; \ 130 serverParams = serverDefaults; \ 131 serverParams.port = serverPort; \ 132} 133 134#define SSL_THR_RUN(serverParams, clientParams, desc, ourRtn) \ 135{ \ 136 thisRtn = sslRunSession(&serverParams, &clientParams, desc); \ 137 ourRtn += thisRtn; \ 138 if(thisRtn) { \ 139 if(testError(clientParams.quiet)) { \ 140 goto done; \ 141 } \ 142 } \ 143} 144 145#define SSL_THR_RUN_NUM(serverParams, clientParams, desc, ourRtn, testNum) \ 146{ \ 147 thisRtn = sslRunSession(&serverParams, &clientParams, desc);\ 148 ourRtn += thisRtn; \ 149 if(thisRtn) { \ 150 printf("***Error on test %u\n", testNum); \ 151 if(testError(clientParams.quiet)) { \ 152 goto done; \ 153 } \ 154 } \ 155} 156 157#define THREADING_DEBUG 0 158#if THREADING_DEBUG 159 160#define sslThrDebug(side, end) \ 161 printf("^^^%s thread %p %s\n", side, pthread_self(), end) 162#else /* THREADING_DEBUG */ 163#define sslThrDebug(side, end) 164#endif /* THREADING_DEBUG */ 165#ifdef __cplusplus 166} 167#endif 168 169#endif /* _SSL_THREADING_H_ */ 170