FD.io VPP  v18.04-17-g3a0d853
Vector Packet Processing
tls_mbedtls.c
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2018 Cisco and/or its affiliates.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at:
6  *
7  * http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include <mbedtls/ssl.h>
17 #include <mbedtls/certs.h>
18 #include <mbedtls/entropy.h>
19 #include <mbedtls/ctr_drbg.h>
20 #include <mbedtls/timing.h>
21 #include <mbedtls/debug.h>
22 #include <vnet/plugin/plugin.h>
23 #include <vpp/app/version.h>
24 #include <vnet/tls/tls.h>
25 
26 #define TLS_USE_OUR_MEM_FUNCS 0
27 
28 typedef struct tls_ctx_mbedtls_
29 {
30  tls_ctx_t ctx; /**< First */
32  mbedtls_ssl_context ssl;
33  mbedtls_ssl_config conf;
34  mbedtls_x509_crt srvcert;
35  mbedtls_pk_context pkey;
37 
38 typedef struct mbedtls_main_
39 {
41  mbedtls_ctr_drbg_context *ctr_drbgs;
42  mbedtls_entropy_context *entropy_pools;
43  mbedtls_x509_crt cacert;
47 
49 
50 #if TLS_USE_OUR_MEM_FUNCS
51 #include <mbedtls/platform.h>
52 
53 void *
54 mbedtls_calloc_fn (size_t n, size_t size)
55 {
56  void *ptr;
57  ptr = clib_mem_alloc (n * size);
58  memset (ptr, 0, sizeof (*ptr));
59  return ptr;
60 }
61 
62 void
63 mbedtls_free_fn (void *ptr)
64 {
65  if (ptr)
66  clib_mem_free (ptr);
67 }
68 #endif
69 
70 static u32
72 {
73  u8 thread_index = vlib_get_thread_index ();
76 
77  pool_get (tm->ctx_pool[thread_index], ctx);
78  if (!(*ctx))
79  *ctx = clib_mem_alloc (sizeof (mbedtls_ctx_t));
80 
81  memset (*ctx, 0, sizeof (mbedtls_ctx_t));
82  (*ctx)->ctx.c_thread_index = thread_index;
83  (*ctx)->ctx.tls_ctx_engine = TLS_ENGINE_MBEDTLS;
84  (*ctx)->mbedtls_ctx_index = ctx - tm->ctx_pool[thread_index];
85  return ((*ctx)->mbedtls_ctx_index);
86 }
87 
88 static void
90 {
91  mbedtls_ctx_t *mc = (mbedtls_ctx_t *) ctx;
92 
93  if (mc->ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER && !ctx->is_passive_close)
94  mbedtls_ssl_close_notify (&mc->ssl);
95  if (mc->ssl.conf->endpoint == MBEDTLS_SSL_IS_SERVER)
96  {
97  mbedtls_x509_crt_free (&mc->srvcert);
98  mbedtls_pk_free (&mc->pkey);
99  }
100  mbedtls_ssl_free (&mc->ssl);
101  mbedtls_ssl_config_free (&mc->conf);
102 
103  pool_put_index (mbedtls_main.ctx_pool[ctx->c_thread_index],
104  mc->mbedtls_ctx_index);
105 }
106 
107 static tls_ctx_t *
108 mbedtls_ctx_get (u32 ctx_index)
109 {
110  mbedtls_ctx_t **ctx;
111  ctx = pool_elt_at_index (mbedtls_main.ctx_pool[vlib_get_thread_index ()],
112  ctx_index);
113  return &(*ctx)->ctx;
114 }
115 
116 static tls_ctx_t *
117 mbedtls_ctx_get_w_thread (u32 ctx_index, u8 thread_index)
118 {
119  mbedtls_ctx_t **ctx;
120  ctx = pool_elt_at_index (mbedtls_main.ctx_pool[thread_index], ctx_index);
121  return &(*ctx)->ctx;
122 }
123 
124 static int
126 {
127  u32 thread_index = vlib_get_thread_index ();
129  u8 *pers;
130  int rv;
131  pers = format (0, "vpp thread %u", thread_index);
132 
133  mbedtls_entropy_init (&tm->entropy_pools[thread_index]);
134  mbedtls_ctr_drbg_init (&mbedtls_main.ctr_drbgs[thread_index]);
135  if ((rv = mbedtls_ctr_drbg_seed (&tm->ctr_drbgs[thread_index],
136  mbedtls_entropy_func,
137  &tm->entropy_pools[thread_index],
138  (const unsigned char *) pers,
139  vec_len (pers))) != 0)
140  {
141  vec_free (pers);
142  TLS_DBG (1, " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", rv);
143  return -1;
144  }
145  vec_free (pers);
146  return 0;
147 }
148 
149 mbedtls_ctr_drbg_context *
151 {
152  u8 thread_index = vlib_get_thread_index ();
153  if (PREDICT_FALSE (!mbedtls_main.ctr_drbgs[thread_index].f_entropy))
155  return &mbedtls_main.ctr_drbgs[thread_index];
156 }
157 
158 static int
159 tls_net_send (void *ctx_indexp, const unsigned char *buf, size_t len)
160 {
161  stream_session_t *tls_session;
162  uword ctx_index;
163  tls_ctx_t *ctx;
164  int rv;
165 
166  ctx_index = pointer_to_uword (ctx_indexp);
167  ctx = mbedtls_ctx_get (ctx_index);
168  tls_session = session_get_from_handle (ctx->tls_session_handle);
169  rv = svm_fifo_enqueue_nowait (tls_session->server_tx_fifo, len, buf);
170  if (rv < 0)
171  return MBEDTLS_ERR_SSL_WANT_WRITE;
172  tls_add_vpp_q_evt (tls_session->server_tx_fifo, FIFO_EVENT_APP_TX);
173  return rv;
174 }
175 
176 static int
177 tls_net_recv (void *ctx_indexp, unsigned char *buf, size_t len)
178 {
179  stream_session_t *tls_session;
180  uword ctx_index;
181  tls_ctx_t *ctx;
182  int rv;
183 
184  ctx_index = pointer_to_uword (ctx_indexp);
185  ctx = mbedtls_ctx_get (ctx_index);
186  tls_session = session_get_from_handle (ctx->tls_session_handle);
187  rv = svm_fifo_dequeue_nowait (tls_session->server_rx_fifo, len, buf);
188  return (rv < 0) ? 0 : rv;
189 }
190 
191 static void
192 mbedtls_debug (void *ctx, int level, const char *file, int line,
193  const char *str)
194 {
195  ((void) level);
196  fprintf ((FILE *) ctx, "%s:%04d: %s", file, line, str);
197  fflush ((FILE *) ctx);
198 }
199 
200 static int
202 {
203  mbedtls_ctx_t *mc = (mbedtls_ctx_t *) ctx;
205  void *ctx_ptr;
206  int rv;
207 
208  /*
209  * 1. Setup SSL
210  */
211  mbedtls_ssl_init (&mc->ssl);
212  mbedtls_ssl_config_init (&mc->conf);
213  if ((rv = mbedtls_ssl_config_defaults (&mc->conf, MBEDTLS_SSL_IS_CLIENT,
214  MBEDTLS_SSL_TRANSPORT_STREAM,
215  MBEDTLS_SSL_PRESET_DEFAULT)) != 0)
216  {
217  TLS_DBG (1, "failed\n ! mbedtls_ssl_config_defaults returned %d\n\n",
218  rv);
219  return -1;
220  }
221 
222  mbedtls_ssl_conf_authmode (&mc->conf, MBEDTLS_SSL_VERIFY_OPTIONAL);
223  mbedtls_ssl_conf_ca_chain (&mc->conf, &mm->cacert, NULL);
224  mbedtls_ssl_conf_rng (&mc->conf, mbedtls_ctr_drbg_random,
225  tls_get_ctr_drbg ());
226  mbedtls_ssl_conf_dbg (&mc->conf, mbedtls_debug, stdout);
227 
228  if ((rv = mbedtls_ssl_setup (&mc->ssl, &mc->conf)) != 0)
229  {
230  TLS_DBG (1, "failed\n ! mbedtls_ssl_setup returned %d\n", rv);
231  return -1;
232  }
233 
234  if ((rv = mbedtls_ssl_set_hostname (&mc->ssl,
235  (const char *) ctx->srv_hostname)) != 0)
236  {
237  TLS_DBG (1, "failed\n ! mbedtls_ssl_set_hostname returned %d\n", rv);
238  return -1;
239  }
240 
241  ctx_ptr = uword_to_pointer (mc->mbedtls_ctx_index, void *);
242  mbedtls_ssl_set_bio (&mc->ssl, ctx_ptr, tls_net_send, tls_net_recv, NULL);
243  mbedtls_debug_set_threshold (TLS_DEBUG_LEVEL_CLIENT);
244 
245  /*
246  * 2. Do the first 2 steps in the handshake.
247  */
248  TLS_DBG (1, "Initiating handshake for [%u]%u", ctx->c_thread_index,
249  mc->mbedtls_ctx_index);
250  while (mc->ssl.state != MBEDTLS_SSL_HANDSHAKE_OVER)
251  {
252  rv = mbedtls_ssl_handshake_step (&mc->ssl);
253  if (rv != 0)
254  break;
255  }
256  TLS_DBG (2, "tls state for [%u]%u is %u", ctx->c_thread_index,
257  mc->mbedtls_ctx_index, mc->ssl.state);
258  return 0;
259 }
260 
261 static int
263 {
264  mbedtls_ctx_t *mc = (mbedtls_ctx_t *) ctx;
266  application_t *app;
267  void *ctx_ptr;
268  int rv;
269 
270  mbedtls_ssl_init (&mc->ssl);
271  mbedtls_ssl_config_init (&mc->conf);
272  mbedtls_x509_crt_init (&mc->srvcert);
273  mbedtls_pk_init (&mc->pkey);
274 
275  /*
276  * 1. Cert
277  */
278  app = application_get (ctx->parent_app_index);
279  if (!app->tls_cert || !app->tls_key)
280  {
281  TLS_DBG (1, " failed\n ! tls cert and/or key not configured %d",
282  ctx->parent_app_index);
283  return -1;
284  }
285 
286  rv = mbedtls_x509_crt_parse (&mc->srvcert,
287  (const unsigned char *) app->tls_cert,
288  vec_len (app->tls_cert));
289  if (rv != 0)
290  {
291  TLS_DBG (1, " failed\n ! mbedtls_x509_crt_parse returned %d", rv);
292  goto exit;
293  }
294 
295  rv = mbedtls_pk_parse_key (&mc->pkey,
296  (const unsigned char *) app->tls_key,
297  vec_len (app->tls_key), NULL, 0);
298  if (rv != 0)
299  {
300  TLS_DBG (1, " failed\n ! mbedtls_pk_parse_key returned %d", rv);
301  goto exit;
302  }
303 
304  /*
305  * 2. SSL context config
306  */
307  if ((rv = mbedtls_ssl_config_defaults (&mc->conf, MBEDTLS_SSL_IS_SERVER,
308  MBEDTLS_SSL_TRANSPORT_STREAM,
309  MBEDTLS_SSL_PRESET_DEFAULT)) != 0)
310  {
311  TLS_DBG (1, " failed\n ! mbedtls_ssl_config_defaults returned %d", rv);
312  goto exit;
313  }
314 
315  mbedtls_ssl_conf_rng (&mc->conf, mbedtls_ctr_drbg_random,
316  tls_get_ctr_drbg ());
317  mbedtls_ssl_conf_dbg (&mc->conf, mbedtls_debug, stdout);
318 
319  /* TODO CACHE
320  mbedtls_ssl_conf_session_cache( &ctx->conf, &cache,
321  mbedtls_ssl_cache_get,
322  mbedtls_ssl_cache_set );
323  */
324 
325  mbedtls_ssl_conf_ca_chain (&mc->conf, &mm->cacert, NULL);
326  if ((rv = mbedtls_ssl_conf_own_cert (&mc->conf, &mc->srvcert, &mc->pkey))
327  != 0)
328  {
329  TLS_DBG (1, " failed\n ! mbedtls_ssl_conf_own_cert returned %d", rv);
330  goto exit;
331  }
332 
333  if ((rv = mbedtls_ssl_setup (&mc->ssl, &mc->conf)) != 0)
334  {
335  TLS_DBG (1, " failed\n ! mbedtls_ssl_setup returned %d", rv);
336  goto exit;
337  }
338 
339  mbedtls_ssl_session_reset (&mc->ssl);
340  ctx_ptr = uword_to_pointer (mc->mbedtls_ctx_index, void *);
341  mbedtls_ssl_set_bio (&mc->ssl, ctx_ptr, tls_net_send, tls_net_recv, NULL);
342  mbedtls_debug_set_threshold (TLS_DEBUG_LEVEL_SERVER);
343 
344  /*
345  * 3. Start handshake state machine
346  */
347  TLS_DBG (1, "Initiating handshake for [%u]%u", ctx->c_thread_index,
348  mc->mbedtls_ctx_index);
349  while (mc->ssl.state != MBEDTLS_SSL_HANDSHAKE_OVER)
350  {
351  rv = mbedtls_ssl_handshake_step (&mc->ssl);
352  if (rv != 0)
353  break;
354  }
355 
356  TLS_DBG (2, "tls state for [%u]%u is %u", ctx->c_thread_index,
357  mc->mbedtls_ctx_index, mc->ssl.state);
358  return 0;
359 
360 exit:
361  return -1;
362 }
363 
364 static int
366 {
367  mbedtls_ctx_t *mc = (mbedtls_ctx_t *) ctx;
368  u32 flags;
369  int rv;
370  while (mc->ssl.state != MBEDTLS_SSL_HANDSHAKE_OVER)
371  {
372  rv = mbedtls_ssl_handshake_step (&mc->ssl);
373  if (rv != 0)
374  break;
375  }
376  TLS_DBG (2, "tls state for %u is %u", mc->mbedtls_ctx_index, mc->ssl.state);
377 
378  if (mc->ssl.state != MBEDTLS_SSL_HANDSHAKE_OVER)
379  return 0;
380 
381  /*
382  * Handshake complete
383  */
384  if (mc->ssl.conf->endpoint == MBEDTLS_SSL_IS_CLIENT)
385  {
386  /*
387  * Verify server certificate
388  */
389  if ((flags = mbedtls_ssl_get_verify_result (&mc->ssl)) != 0)
390  {
391  char buf[512];
392  TLS_DBG (1, " failed\n");
393  mbedtls_x509_crt_verify_info (buf, sizeof (buf), " ! ", flags);
394  TLS_DBG (1, "%s\n", buf);
395 
396  /*
397  * Presence of hostname enforces strict certificate verification
398  */
399  if (ctx->srv_hostname)
400  {
401  tls_notify_app_connected (ctx, /* is failed */ 0);
402  return -1;
403  }
404  }
405  tls_notify_app_connected (ctx, /* is failed */ 0);
406  }
407  else
408  {
409  tls_notify_app_accept (ctx);
410  }
411 
412  TLS_DBG (1, "Handshake for %u complete. TLS cipher is %x",
413  mc->mbedtls_ctx_index, mc->ssl.session->ciphersuite);
414  return 0;
415 }
416 
417 static int
419 {
420  mbedtls_ctx_t *mc = (mbedtls_ctx_t *) ctx;
421  u8 thread_index = ctx->c_thread_index;
423  u32 enq_max, deq_max, deq_now;
424  stream_session_t *tls_session;
425  int wrote;
426 
427  ASSERT (mc->ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER);
428 
429  deq_max = svm_fifo_max_dequeue (app_session->server_tx_fifo);
430  if (!deq_max)
431  return 0;
432 
433  tls_session = session_get_from_handle (ctx->tls_session_handle);
434  enq_max = svm_fifo_max_enqueue (tls_session->server_tx_fifo);
435  deq_now = clib_min (deq_max, TLS_CHUNK_SIZE);
436 
437  if (PREDICT_FALSE (enq_max == 0))
438  {
439  tls_add_vpp_q_evt (app_session->server_tx_fifo, FIFO_EVENT_APP_TX);
440  return 0;
441  }
442 
443  vec_validate (mm->tx_bufs[thread_index], deq_now);
444  svm_fifo_peek (app_session->server_tx_fifo, 0, deq_now,
445  mm->tx_bufs[thread_index]);
446 
447  wrote = mbedtls_ssl_write (&mc->ssl, mm->tx_bufs[thread_index], deq_now);
448  if (wrote <= 0)
449  {
450  tls_add_vpp_q_evt (app_session->server_tx_fifo, FIFO_EVENT_APP_TX);
451  return 0;
452  }
453 
454  svm_fifo_dequeue_drop (app_session->server_tx_fifo, wrote);
455  vec_reset_length (mm->tx_bufs[thread_index]);
456  tls_add_vpp_q_evt (tls_session->server_tx_fifo, FIFO_EVENT_APP_TX);
457 
458  if (deq_now < deq_max)
459  tls_add_vpp_q_evt (app_session->server_tx_fifo, FIFO_EVENT_APP_TX);
460 
461  return 0;
462 }
463 
464 static int
466 {
467  mbedtls_ctx_t *mc = (mbedtls_ctx_t *) ctx;
469  u8 thread_index = ctx->c_thread_index;
470  u32 deq_max, enq_max, enq_now;
471  stream_session_t *app_session;
472  int read, enq;
473 
474  if (PREDICT_FALSE (mc->ssl.state != MBEDTLS_SSL_HANDSHAKE_OVER))
475  {
477  return 0;
478  }
479 
480  deq_max = svm_fifo_max_dequeue (tls_session->server_rx_fifo);
481  if (!deq_max)
482  return 0;
483 
484  app_session = session_get_from_handle (ctx->app_session_handle);
485  enq_max = svm_fifo_max_enqueue (app_session->server_rx_fifo);
486  enq_now = clib_min (enq_max, TLS_CHUNK_SIZE);
487 
488  if (PREDICT_FALSE (enq_now == 0))
489  {
490  tls_add_vpp_q_evt (tls_session->server_rx_fifo, FIFO_EVENT_BUILTIN_RX);
491  return 0;
492  }
493 
494  vec_validate (mm->rx_bufs[thread_index], enq_now);
495  read = mbedtls_ssl_read (&mc->ssl, mm->rx_bufs[thread_index], enq_now);
496  if (read <= 0)
497  {
498  tls_add_vpp_q_evt (tls_session->server_rx_fifo, FIFO_EVENT_BUILTIN_RX);
499  return 0;
500  }
501 
502  enq = svm_fifo_enqueue_nowait (app_session->server_rx_fifo, read,
503  mm->rx_bufs[thread_index]);
504  ASSERT (enq == read);
505  vec_reset_length (mm->rx_bufs[thread_index]);
506 
507  if (svm_fifo_max_dequeue (tls_session->server_rx_fifo))
508  tls_add_vpp_q_evt (tls_session->server_rx_fifo, FIFO_EVENT_BUILTIN_RX);
509 
510  if (enq > 0)
511  tls_notify_app_enqueue (ctx, app_session);
512 
513  return enq;
514 }
515 
516 static u8
518 {
519  mbedtls_ctx_t *mc = (mbedtls_ctx_t *) ctx;
520  return (mc->ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER);
521 }
522 
523 const static tls_engine_vft_t mbedtls_engine = {
525  .ctx_free = mbedtls_ctx_free,
526  .ctx_get = mbedtls_ctx_get,
527  .ctx_get_w_thread = mbedtls_ctx_get_w_thread,
528  .ctx_init_server = mbedtls_ctx_init_server,
529  .ctx_init_client = mbedtls_ctx_init_client,
530  .ctx_write = mbedtls_ctx_write,
531  .ctx_read = mbedtls_ctx_read,
532  .ctx_handshake_is_over = mbedtls_handshake_is_over,
533 };
534 
535 int
537 {
538 #if TLS_USE_OUR_MEM_FUNCS
539  mbedtls_platform_set_calloc_free (mbedtls_calloc_fn, mbedtls_free_fn);
540 #endif
541  return 0;
542 }
543 
544 static int
546 {
548  int i;
549 
550  vec_validate (mm->ctr_drbgs, num_threads - 1);
551  vec_validate (mm->entropy_pools, num_threads - 1);
552  for (i = 0; i < num_threads; i++)
553  mm->ctr_drbgs[i].f_entropy = 0;
554 
555  return 0;
556 }
557 
558 int
560 {
562  tls_main_t *tm = vnet_tls_get_main ();
563  int rv;
564 
565  if (access (tm->ca_cert_path, F_OK | R_OK) == -1)
566  {
567  clib_warning ("Could not initialize TLS CA certificates");
568  return -1;
569  }
570 
571  mbedtls_x509_crt_init (&mm->cacert);
572  rv = mbedtls_x509_crt_parse_file (&mm->cacert, tm->ca_cert_path);
573  if (rv < 0)
574  {
575  clib_warning ("Couldn't parse system CA certificates: -0x%x", -rv);
576  }
577  if (tm->use_test_cert_in_ca)
578  {
579  rv = mbedtls_x509_crt_parse (&mm->cacert,
580  (const unsigned char *) test_srv_crt_rsa,
582  if (rv < 0)
583  {
584  clib_warning ("Couldn't parse test certificate: -0x%x", -rv);
585  return -1;
586  }
587  }
588  return (rv < 0 ? -1 : 0);
589 }
590 
591 static clib_error_t *
593 {
596  clib_error_t *error;
597  u32 num_threads;
598 
599  num_threads = 1 /* main thread */ + vtm->n_threads;
600 
601  if ((error = vlib_call_init_function (vm, tls_init)))
602  return error;
603 
604  if (tls_init_ca_chain ())
605  {
606  clib_warning ("failed to initialize TLS CA chain");
607  return 0;
608  }
609  if (tls_init_mem ())
610  {
611  clib_warning ("failed to initialize mem");
612  return 0;
613  }
614  if (tls_init_ctr_drbgs_and_entropy (num_threads))
615  {
616  clib_warning ("failed to initialize entropy and random generators");
617  return 0;
618  }
619 
620  vec_validate (mm->ctx_pool, num_threads - 1);
621  vec_validate (mm->rx_bufs, num_threads - 1);
622  vec_validate (mm->tx_bufs, num_threads - 1);
623 
624  tls_register_engine (&mbedtls_engine, TLS_ENGINE_MBEDTLS);
625  return 0;
626 }
627 
629 
630 /* *INDENT-OFF* */
632  .version = VPP_BUILD_VER,
633  .description = "mbedtls based TLS Engine",
634 };
635 /* *INDENT-ON* */
636 
637 /*
638  * fd.io coding-style-patch-verification: ON
639  *
640  * Local Variables:
641  * eval: (c-set-style "gnu")
642  * End:
643  */
mbedtls_ctr_drbg_context * tls_get_ctr_drbg()
Definition: tls_mbedtls.c:150
tls_main_t * vnet_tls_get_main(void)
Definition: tls.c:783
#define vec_validate(V, I)
Make sure vector is long enough for given index (no header, unspecified alignment) ...
Definition: vec.h:434
mbedtls_x509_crt srvcert
Definition: tls_mbedtls.c:34
mbedtls_ctx_t *** ctx_pool
Definition: tls_mbedtls.c:40
#define clib_min(x, y)
Definition: clib.h:340
static int mbedtls_ctx_write(tls_ctx_t *ctx, stream_session_t *app_session)
Definition: tls_mbedtls.c:418
const u32 test_srv_crt_rsa_len
#define TLS_DEBUG_LEVEL_CLIENT
Definition: tls.h:24
char * ca_cert_path
Definition: tls.h:87
mbedtls_ssl_context ssl
Definition: tls_mbedtls.c:32
static int tls_init_ctr_drbgs_and_entropy(u32 num_threads)
Definition: tls_mbedtls.c:545
#define NULL
Definition: clib.h:55
static mbedtls_main_t mbedtls_main
Definition: tls_mbedtls.c:48
int i
void tls_notify_app_enqueue(tls_ctx_t *ctx, stream_session_t *app_session)
Definition: tls.c:188
u8 use_test_cert_in_ca
Definition: tls.h:86
static u32 svm_fifo_max_enqueue(svm_fifo_t *f)
Definition: svm_fifo.h:106
u8 * format(u8 *s, const char *fmt,...)
Definition: format.c:419
static void mbedtls_ctx_free(tls_ctx_t *ctx)
Definition: tls_mbedtls.c:89
static stream_session_t * session_get_from_handle(session_handle_t handle)
Definition: session.h:287
#define pool_get(P, E)
Allocate an object E from a pool P (unspecified alignment).
Definition: pool.h:227
static int tls_init_ctr_seed_drbgs(void)
Definition: tls_mbedtls.c:125
#define vec_reset_length(v)
Reset vector length to zero NULL-pointer tolerant.
tls_ctx_t ctx
First.
Definition: tls_mbedtls.c:30
static u32 mbedtls_ctx_alloc(void)
Definition: tls_mbedtls.c:71
#define VLIB_INIT_FUNCTION(x)
Definition: init.h:111
static u32 svm_fifo_max_dequeue(svm_fifo_t *f)
Definition: svm_fifo.h:100
static tls_ctx_t * mbedtls_ctx_get_w_thread(u32 ctx_index, u8 thread_index)
Definition: tls_mbedtls.c:117
u8 is_passive_close
Definition: tls.h:70
int svm_fifo_enqueue_nowait(svm_fifo_t *f, u32 max_bytes, const u8 *copy_from_here)
Definition: svm_fifo.c:534
struct _stream_session_t stream_session_t
#define vlib_call_init_function(vm, x)
Definition: init.h:162
static uword pointer_to_uword(const void *p)
Definition: types.h:131
struct tls_ctx_mbedtls_ mbedtls_ctx_t
#define TLS_CHUNK_SIZE
Definition: tls.h:27
static int mbedtls_ctx_handshake_rx(tls_ctx_t *ctx)
Definition: tls_mbedtls.c:365
#define pool_elt_at_index(p, i)
Returns pointer to element at given index.
Definition: pool.h:461
u32 size
mbedtls_pk_context pkey
Definition: tls_mbedtls.c:35
Definition: tls.h:74
int tls_init_ca_chain(void)
Definition: tls_mbedtls.c:559
int tls_notify_app_connected(tls_ctx_t *ctx, u8 is_failed)
Definition: tls.c:226
static u8 mbedtls_handshake_is_over(tls_ctx_t *ctx)
Definition: tls_mbedtls.c:517
#define PREDICT_FALSE(x)
Definition: clib.h:105
int tls_init_mem(void)
Definition: tls_mbedtls.c:536
const char test_srv_crt_rsa[]
static int mbedtls_ctx_read(tls_ctx_t *ctx, stream_session_t *tls_session)
Definition: tls_mbedtls.c:465
Definition: tls.h:52
u32(* ctx_alloc)(void)
Definition: tls.h:92
#define uword_to_pointer(u, type)
Definition: types.h:136
static_always_inline uword vlib_get_thread_index(void)
Definition: threads.h:221
vlib_main_t * vm
Definition: buffer.c:294
static int mbedtls_ctx_init_client(tls_ctx_t *ctx)
Definition: tls_mbedtls.c:201
#define vec_free(V)
Free vector&#39;s memory (no header).
Definition: vec.h:336
mbedtls_x509_crt cacert
Definition: tls_mbedtls.c:43
#define clib_warning(format, args...)
Definition: error.h:59
static int tls_net_send(void *ctx_indexp, const unsigned char *buf, size_t len)
Definition: tls_mbedtls.c:159
struct _application application_t
#define TLS_DBG(_fmt, _args...)
Definition: tls.h:35
void tls_register_engine(const tls_engine_vft_t *vft, tls_engine_type_t type)
Definition: tls.c:706
mbedtls_entropy_context * entropy_pools
Definition: tls_mbedtls.c:42
#define TLS_DEBUG_LEVEL_SERVER
Definition: tls.h:25
#define pool_put_index(p, i)
Free pool element with given index.
Definition: pool.h:296
#define ASSERT(truth)
struct mbedtls_main_ mbedtls_main_t
unsigned int u32
Definition: types.h:88
VLIB_PLUGIN_REGISTER()
static void clib_mem_free(void *p)
Definition: mem.h:179
static void * clib_mem_alloc(uword size)
Definition: mem.h:112
u64 uword
Definition: types.h:112
static int tls_net_recv(void *ctx_indexp, unsigned char *buf, size_t len)
Definition: tls_mbedtls.c:177
int svm_fifo_dequeue_drop(svm_fifo_t *f, u32 max_bytes)
Definition: svm_fifo.c:774
static void mbedtls_debug(void *ctx, int level, const char *file, int line, const char *str)
Definition: tls_mbedtls.c:192
#define vec_len(v)
Number of elements in vector (rvalue-only, NULL tolerant)
unsigned char u8
Definition: types.h:56
application_t * application_get(u32 index)
Definition: application.c:386
static clib_error_t * tls_mbedtls_init(vlib_main_t *vm)
Definition: tls_mbedtls.c:592
int tls_add_vpp_q_evt(svm_fifo_t *f, u8 evt_type)
Definition: tls.c:42
u8 * srv_hostname
Definition: tls.h:71
mbedtls_ssl_config conf
Definition: tls_mbedtls.c:33
int tls_notify_app_accept(tls_ctx_t *ctx)
Definition: tls.c:197
static int mbedtls_ctx_init_server(tls_ctx_t *ctx)
Definition: tls_mbedtls.c:262
static vlib_thread_main_t * vlib_get_thread_main()
Definition: global_funcs.h:32
mbedtls_ctr_drbg_context * ctr_drbgs
Definition: tls_mbedtls.c:41
u32 flags
Definition: vhost-user.h:77
static tls_ctx_t * mbedtls_ctx_get(u32 ctx_index)
Definition: tls_mbedtls.c:108
int svm_fifo_peek(svm_fifo_t *f, u32 relative_offset, u32 max_bytes, u8 *copy_here)
Definition: svm_fifo.c:758
static clib_error_t * tls_init(vlib_main_t *vm)
Definition: tls.c:713
int svm_fifo_dequeue_nowait(svm_fifo_t *f, u32 max_bytes, u8 *copy_here)
Definition: svm_fifo.c:692