mirror of
https://github.com/darlinghq/darling-security.git
synced 2024-11-23 12:09:41 +00:00
170 lines
4.9 KiB
C
170 lines
4.9 KiB
C
/*
|
|
* Copyright (c) 2006-2007,2013 Apple Inc. All Rights Reserved.
|
|
*
|
|
* sslThreading.h - support for two-threaded SSL client/server tests.
|
|
*/
|
|
|
|
#ifndef _SSL_THREADING_H_
|
|
#define _SSL_THREADING_H_ 1
|
|
|
|
#include <Security/SecureTransport.h>
|
|
#include <Security/Security.h>
|
|
|
|
#ifdef __cplusplus
|
|
extern "C" {
|
|
#endif
|
|
|
|
/* "Don't bother verifying" values */
|
|
#define SSL_PROTOCOL_IGNORE ((SSLProtocol)0x123456)
|
|
#define SSL_CLIENT_CERT_IGNORE ((SSLClientCertificateState)0x234567)
|
|
#define SSL_CIPHER_IGNORE ((SSLCipherSuite)0x345678)
|
|
|
|
/*
|
|
* Test params passed to both sslClient() and sslServer()
|
|
*/
|
|
typedef struct {
|
|
|
|
/* client side only */
|
|
const char *hostName;
|
|
bool skipHostNameCheck;
|
|
|
|
/* common */
|
|
unsigned short port;
|
|
SSLProtocol tryVersion; // only used if acceptedProts
|
|
// NULL
|
|
const char *acceptedProts;
|
|
const char *myCertKcName; // required for server,
|
|
// optional for client
|
|
const char *password; // optional, to unlock keychain
|
|
bool idIsTrustedRoot; // cert in KC is trusted root
|
|
bool disableCertVerify;
|
|
const char *anchorFile; // to add/replace anchors
|
|
bool replaceAnchors;
|
|
SSLAuthenticate authenticate;
|
|
bool resumeEnable;
|
|
const SSLCipherSuite *ciphers; // optional array of allowed ciphers,
|
|
// terminated with SSL_NO_SUCH_CIPHERSUITE
|
|
bool nonBlocking;
|
|
const unsigned char *dhParams; // optional Diffie-Hellman params
|
|
unsigned dhParamsLen;
|
|
|
|
/* expected results */
|
|
OSStatus expectRtn;
|
|
SSLProtocol expectVersion;
|
|
SSLClientCertificateState expectCertState;
|
|
SSLCipherSuite expectCipher;
|
|
|
|
/* UI parameters */
|
|
bool quiet;
|
|
bool silent;
|
|
bool verbose;
|
|
|
|
/*
|
|
* Server semaphore:
|
|
*
|
|
* -- main thread inits and sets serverRady false
|
|
* -- main thread starts up server thread
|
|
* -- server thread inits and sets of a socket for listening
|
|
* -- serrver thread sets serverReady true and does pthread_cond_broadcast
|
|
*/
|
|
pthread_mutex_t pthreadMutex;
|
|
pthread_cond_t pthreadCond;
|
|
bool serverReady;
|
|
/*
|
|
* To ensure error abort is what we expect instead of just "
|
|
* peer closed their socket", server avoids closing down the
|
|
* socket until client sets this flag. It's just polled, no
|
|
* locking. Setting the serverAbort flag skips this
|
|
* step to facilitate testing cases where server explicitly
|
|
* drops connection (e.g. in response to an unacceptable
|
|
* ClientHello).
|
|
*/
|
|
unsigned clientDone;
|
|
bool serverAbort;
|
|
|
|
/*
|
|
* Returned and also verified by sslRunSession().
|
|
* Conditions in which expected value NOT verified are listed
|
|
* in following comments.
|
|
*
|
|
* NegCipher is only verified if (ortn == errSecSuccess).
|
|
*/
|
|
SSLProtocol negVersion; // SSL_PROTOCOL_IGNORE
|
|
SSLCipherSuite negCipher; // SSL_CIPHER_IGNORE
|
|
SSLClientCertificateState certState; // SSL_CLIENT_CERT_IGNORE
|
|
OSStatus ortn; // always checked
|
|
|
|
} SslAppTestParams;
|
|
|
|
/* client and server in sslClient.cpp and sslServe.cpp */
|
|
OSStatus sslAppClient(
|
|
SslAppTestParams *params);
|
|
OSStatus sslAppServe(
|
|
SslAppTestParams *params);
|
|
|
|
/*
|
|
* Run one session, with the server in a separate thread.
|
|
* On entry, serverParams->port is the port we attempt to run on;
|
|
* the server thread may overwrite that with a different port if it's
|
|
* unable to open the port we specify. Whatever is left in
|
|
* serverParams->port is what's used for the client side.
|
|
*/
|
|
int sslRunSession(
|
|
SslAppTestParams *serverParams,
|
|
SslAppTestParams *clientParams,
|
|
const char *testDesc);
|
|
|
|
void sslShowResult(
|
|
char *whichSide, // "client" or "server"
|
|
SslAppTestParams *params);
|
|
|
|
|
|
/*
|
|
* Macros which do the repetetive setup/run work
|
|
*/
|
|
#define SSL_THR_SETUP(serverParams, clientParams, clientDefaults, serverDefault) \
|
|
{ \
|
|
unsigned short serverPort; \
|
|
serverPort = serverParams.port + 1; \
|
|
clientParams = clientDefaults; \
|
|
serverParams = serverDefaults; \
|
|
serverParams.port = serverPort; \
|
|
}
|
|
|
|
#define SSL_THR_RUN(serverParams, clientParams, desc, ourRtn) \
|
|
{ \
|
|
thisRtn = sslRunSession(&serverParams, &clientParams, desc); \
|
|
ourRtn += thisRtn; \
|
|
if(thisRtn) { \
|
|
if(testError(clientParams.quiet)) { \
|
|
goto done; \
|
|
} \
|
|
} \
|
|
}
|
|
|
|
#define SSL_THR_RUN_NUM(serverParams, clientParams, desc, ourRtn, testNum) \
|
|
{ \
|
|
thisRtn = sslRunSession(&serverParams, &clientParams, desc);\
|
|
ourRtn += thisRtn; \
|
|
if(thisRtn) { \
|
|
printf("***Error on test %u\n", testNum); \
|
|
if(testError(clientParams.quiet)) { \
|
|
goto done; \
|
|
} \
|
|
} \
|
|
}
|
|
|
|
#define THREADING_DEBUG 0
|
|
#if THREADING_DEBUG
|
|
|
|
#define sslThrDebug(side, end) \
|
|
printf("^^^%s thread %p %s\n", side, pthread_self(), end)
|
|
#else /* THREADING_DEBUG */
|
|
#define sslThrDebug(side, end)
|
|
#endif /* THREADING_DEBUG */
|
|
#ifdef __cplusplus
|
|
}
|
|
#endif
|
|
|
|
#endif /* _SSL_THREADING_H_ */
|