1/*
2 * Copyright (c) 2006-2007,2013 Apple Inc. All Rights Reserved.
3 *
4 * sslThreading.h - support for two-threaded SSL client/server tests.
5 */
6
7#ifndef _SSL_THREADING_H_
8#define _SSL_THREADING_H_ 1
9
10#include <Security/SecureTransport.h>
11#include <Security/Security.h>
12
13#ifdef	__cplusplus
14extern "C" {
15#endif
16
17/* "Don't bother verifying" values */
18#define SSL_PROTOCOL_IGNORE		((SSLProtocol)0x123456)
19#define SSL_CLIENT_CERT_IGNORE	((SSLClientCertificateState)0x234567)
20#define SSL_CIPHER_IGNORE		((SSLCipherSuite)0x345678)
21
22/*
23 * Test params passed to both sslClient() and sslServer()
24 */
25typedef struct {
26
27	/* client side only */
28	const char					*hostName;
29	bool						skipHostNameCheck;
30
31	/* common */
32	unsigned short				port;
33	SSLProtocol					tryVersion;			// only used if acceptedProts
34													//   NULL
35	const char					*acceptedProts;
36	const char					*myCertKcName;		// required for server,
37													//   optional for client
38	const char					*password;			// optional, to unlock keychain
39	bool						idIsTrustedRoot;	// cert in KC is trusted root
40	bool						disableCertVerify;
41	const char					*anchorFile;		// to add/replace anchors
42	bool						replaceAnchors;
43	SSLAuthenticate				authenticate;
44	bool						resumeEnable;
45	const SSLCipherSuite 		*ciphers;			// optional array of allowed ciphers,
46													// terminated with SSL_NO_SUCH_CIPHERSUITE
47	bool						nonBlocking;
48	const unsigned char			*dhParams;			// optional Diffie-Hellman params
49	unsigned					dhParamsLen;
50
51	/* expected results */
52	OSStatus					expectRtn;
53	SSLProtocol					expectVersion;
54	SSLClientCertificateState	expectCertState;
55	SSLCipherSuite				expectCipher;
56
57	/* UI parameters */
58	bool						quiet;
59	bool						silent;
60	bool						verbose;
61
62	/*
63	 * Server semaphore:
64	 *
65	 * -- main thread inits and sets serverRady false
66	 * -- main thread starts up server thread
67	 * -- server thread inits and sets of a socket for listening
68	 * -- serrver thread sets serverReady true and does pthread_cond_broadcast
69	 */
70	pthread_mutex_t				pthreadMutex;
71	pthread_cond_t				pthreadCond;
72	bool						serverReady;
73	/*
74	 * To ensure error abort is what we expect instead of just "
75	 * peer closed their socket", server avoids closing down the
76	 * socket until client sets this flag. It's just polled, no
77	 * locking. Setting the serverAbort flag skips this
78	 * step to facilitate testing cases where server explicitly
79	 * drops connection (e.g. in response to an unacceptable
80	 * ClientHello).
81	 */
82	unsigned					clientDone;
83	bool						serverAbort;
84
85	/*
86	 * Returned and also verified by sslRunSession().
87	 * Conditions in which expected value NOT verified are listed
88	 * in following comments.
89	 *
90	 * NegCipher is only verified if (ortn == errSecSuccess).
91	 */
92	SSLProtocol					negVersion;		// SSL_PROTOCOL_IGNORE
93	SSLCipherSuite				negCipher;		// SSL_CIPHER_IGNORE
94	SSLClientCertificateState 	certState;		// SSL_CLIENT_CERT_IGNORE
95	OSStatus					ortn;			// always checked
96
97} SslAppTestParams;
98
99/* client and server in sslClient.cpp and sslServe.cpp */
100OSStatus sslAppClient(
101	SslAppTestParams		*params);
102OSStatus sslAppServe(
103	SslAppTestParams		*params);
104
105/*
106 * Run one session, with the server in a separate thread.
107 * On entry, serverParams->port is the port we attempt to run on;
108 * the server thread may overwrite that with a different port if it's
109 * unable to open the port we specify. Whatever is left in
110 * serverParams->port is what's used for the client side.
111 */
112int sslRunSession(
113	SslAppTestParams	*serverParams,
114	SslAppTestParams 	*clientParams,
115	const char 			*testDesc);
116
117void sslShowResult(
118	char				*whichSide,		// "client" or "server"
119	SslAppTestParams	*params);
120
121
122/*
123 * Macros which do the repetetive setup/run work
124 */
125#define SSL_THR_SETUP(serverParams, clientParams, clientDefaults, serverDefault) \
126{										\
127	unsigned short serverPort;			\
128	serverPort = serverParams.port + 1;	\
129	clientParams = clientDefaults; 		\
130	serverParams = serverDefaults;		\
131	serverParams.port = serverPort;		\
132}
133
134#define SSL_THR_RUN(serverParams, clientParams, desc, ourRtn)	\
135{																\
136	thisRtn = sslRunSession(&serverParams, &clientParams, desc);	\
137	ourRtn += thisRtn;												\
138	if(thisRtn) {													\
139		if(testError(clientParams.quiet)) {						\
140			goto done;											\
141		}														\
142	}															\
143}
144
145#define SSL_THR_RUN_NUM(serverParams, clientParams, desc, ourRtn, testNum)	\
146{																\
147	thisRtn = sslRunSession(&serverParams, &clientParams, desc);\
148	ourRtn += thisRtn;											\
149	if(thisRtn) {												\
150		printf("***Error on test %u\n", testNum);				\
151		if(testError(clientParams.quiet)) {						\
152			goto done;											\
153		}														\
154	}															\
155}
156
157#define THREADING_DEBUG		0
158#if		THREADING_DEBUG
159
160#define sslThrDebug(side, end)	\
161	printf("^^^%s thread %p %s\n", side, pthread_self(), end)
162#else	/* THREADING_DEBUG */
163#define sslThrDebug(side, end)
164#endif	/* THREADING_DEBUG */
165#ifdef	__cplusplus
166}
167#endif
168
169#endif	/* _SSL_THREADING_H_ */
170