1  /*
  2   * Copyright (c) 2006-2007,2013 Apple Inc. All Rights Reserved.
  3   *
  4   * sslThreading.h - support for two-threaded SSL client/server tests.
  5   */
  6   
  7  #ifndef _SSL_THREADING_H_
  8  #define _SSL_THREADING_H_ 1
  9  
 10  #include <Security/SecureTransport.h>
 11  #include <Security/Security.h>
 12  
 13  #ifdef	__cplusplus
 14  extern "C" {
 15  #endif
 16  
 17  /* "Don't bother verifying" values */
 18  #define SSL_PROTOCOL_IGNORE		((SSLProtocol)0x123456)
 19  #define SSL_CLIENT_CERT_IGNORE	((SSLClientCertificateState)0x234567)
 20  #define SSL_CIPHER_IGNORE		((SSLCipherSuite)0x345678)
 21  
 22  /*
 23   * Test params passed to both sslClient() and sslServer()
 24   */
 25  typedef struct {
 26  	
 27  	/* client side only */
 28  	const char					*hostName;
 29  	bool						skipHostNameCheck;	
 30  	
 31  	/* common */
 32  	unsigned short				port;
 33  	SSLProtocol					tryVersion;			// only used if acceptedProts
 34  													//   NULL
 35  	const char					*acceptedProts;
 36  	const char					*myCertKcName;		// required for server, 
 37  													//   optional for client
 38  	const char					*password;			// optional, to unlock keychain
 39  	bool						idIsTrustedRoot;	// cert in KC is trusted root
 40  	bool						disableCertVerify;
 41  	const char					*anchorFile;		// to add/replace anchors
 42  	bool						replaceAnchors;
 43  	SSLAuthenticate				authenticate;
 44  	bool						resumeEnable;
 45  	const SSLCipherSuite 		*ciphers;			// optional array of allowed ciphers, 
 46  													// terminated with SSL_NO_SUCH_CIPHERSUITE
 47  	bool						nonBlocking;
 48  	const unsigned char			*dhParams;			// optional Diffie-Hellman params
 49  	unsigned					dhParamsLen;
 50  
 51  	/* expected results */
 52  	OSStatus					expectRtn;
 53  	SSLProtocol					expectVersion;
 54  	SSLClientCertificateState	expectCertState;
 55  	SSLCipherSuite				expectCipher;
 56  	
 57  	/* UI parameters */
 58  	bool						quiet;
 59  	bool						silent;
 60  	bool						verbose;
 61  	
 62  	/* 
 63  	 * Server semaphore: 
 64  	 *
 65  	 * -- main thread inits and sets serverRady false
 66  	 * -- main thread starts up server thread
 67  	 * -- server thread inits and sets of a socket for listening
 68  	 * -- serrver thread sets serverReady true and does pthread_cond_broadcast
 69  	 */
 70  	pthread_mutex_t				pthreadMutex;
 71  	pthread_cond_t				pthreadCond;
 72  	bool						serverReady;
 73  	/* 
 74  	 * To ensure error abort is what we expect instead of just "
 75  	 * peer closed their socket", server avoids closing down the
 76  	 * socket until client sets this flag. It's just polled, no
 77  	 * locking. Setting the serverAbort flag skips this 
 78  	 * step to facilitate testing cases where server explicitly
 79  	 * drops connection (e.g. in response to an unacceptable 
 80  	 * ClientHello). 
 81  	 */
 82  	unsigned					clientDone;
 83  	bool						serverAbort;
 84  	
 85  	/* 
 86  	 * Returned and also verified by sslRunSession().
 87  	 * Conditions in which expected value NOT verified are listed
 88  	 * in following comments.
 89  	 *
 90  	 * NegCipher is only verified if (ortn == errSecSuccess). 
 91  	 */
 92  	SSLProtocol					negVersion;		// SSL_PROTOCOL_IGNORE
 93  	SSLCipherSuite				negCipher;		// SSL_CIPHER_IGNORE
 94  	SSLClientCertificateState 	certState;		// SSL_CLIENT_CERT_IGNORE
 95  	OSStatus					ortn;			// always checked
 96  
 97  } SslAppTestParams;
 98  
 99  /* client and server in sslClient.cpp and sslServe.cpp */
100  OSStatus sslAppClient(
101  	SslAppTestParams		*params);
102  OSStatus sslAppServe(
103  	SslAppTestParams		*params);
104  
105  /*
106   * Run one session, with the server in a separate thread.
107   * On entry, serverParams->port is the port we attempt to run on;
108   * the server thread may overwrite that with a different port if it's 
109   * unable to open the port we specify. Whatever is left in 
110   * serverParams->port is what's used for the client side. 
111   */
112  int sslRunSession(
113  	SslAppTestParams	*serverParams,
114  	SslAppTestParams 	*clientParams,
115  	const char 			*testDesc);
116  
117  void sslShowResult(
118  	char				*whichSide,		// "client" or "server"
119  	SslAppTestParams	*params);
120  
121  
122  /*
123   * Macros which do the repetetive setup/run work
124   */
125  #define SSL_THR_SETUP(serverParams, clientParams, clientDefaults, serverDefault) \
126  {										\
127  	unsigned short serverPort;			\
128  	serverPort = serverParams.port + 1;	\
129  	clientParams = clientDefaults; 		\
130  	serverParams = serverDefaults;		\
131  	serverParams.port = serverPort;		\
132  }
133  
134  #define SSL_THR_RUN(serverParams, clientParams, desc, ourRtn)	\
135  {																\
136  	thisRtn = sslRunSession(&serverParams, &clientParams, desc);	\
137  	ourRtn += thisRtn;												\
138  	if(thisRtn) {													\
139  		if(testError(clientParams.quiet)) {						\
140  			goto done;											\
141  		}														\
142  	}															\
143  }
144  
145  #define SSL_THR_RUN_NUM(serverParams, clientParams, desc, ourRtn, testNum)	\
146  {																\
147  	thisRtn = sslRunSession(&serverParams, &clientParams, desc);\
148  	ourRtn += thisRtn;											\
149  	if(thisRtn) {												\
150  		printf("***Error on test %u\n", testNum);				\
151  		if(testError(clientParams.quiet)) {						\
152  			goto done;											\
153  		}														\
154  	}															\
155  }
156  
157  #define THREADING_DEBUG		0
158  #if		THREADING_DEBUG
159  
160  #define sslThrDebug(side, end)	\
161  	printf("^^^%s thread %p %s\n", side, pthread_self(), end)
162  #else	/* THREADING_DEBUG */
163  #define sslThrDebug(side, end)
164  #endif	/* THREADING_DEBUG */
165  #ifdef	__cplusplus
166  }
167  #endif
168  
169  #endif	/* _SSL_THREADING_H_ */