FD.io VPP  v18.07.1-19-g511ce25
Vector Packet Processing
tls.h
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2018 Cisco and/or its affiliates.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at:
6  *
7  * http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 
18 #include <vppinfra/lock.h>
19 
20 #ifndef SRC_VNET_TLS_TLS_H_
21 #define SRC_VNET_TLS_TLS_H_
22 
23 #define TLS_DEBUG 0
24 #define TLS_DEBUG_LEVEL_CLIENT 0
25 #define TLS_DEBUG_LEVEL_SERVER 0
26 
27 #define TLS_CHUNK_SIZE (1 << 14)
28 #define TLS_CA_CERT_PATH "/etc/ssl/certs/ca-certificates.crt"
29 
30 #if TLS_DEBUG
31 #define TLS_DBG(_lvl, _fmt, _args...) \
32  if (_lvl <= TLS_DEBUG) \
33  clib_warning (_fmt, ##_args)
34 #else
35 #define TLS_DBG(_fmt, _args...)
36 #endif
37 
38 /* *INDENT-OFF* */
39 typedef CLIB_PACKED (struct tls_cxt_id_
40 {
45  u8 tcp_is_ip4;
46  u8 tls_engine_id;
47 }) tls_ctx_id_t;
48 /* *INDENT-ON* */
49 
50 STATIC_ASSERT (sizeof (tls_ctx_id_t) <= 42, "ctx id must be less than 42");
51 
52 typedef struct tls_ctx_
53 {
54  union
55  {
57  tls_ctx_id_t c_tls_ctx_id;
58  };
59 #define parent_app_index c_tls_ctx_id.parent_app_index
60 #define app_session_handle c_tls_ctx_id.app_session_handle
61 #define tls_session_handle c_tls_ctx_id.tls_session_handle
62 #define listener_ctx_index c_tls_ctx_id.listener_ctx_index
63 #define tcp_is_ip4 c_tls_ctx_id.tcp_is_ip4
64 #define tls_ctx_engine c_tls_ctx_id.tls_engine_id
65 #define tls_ctx_handle c_c_index
66  /* Temporary storage for session open opaque. Overwritten once
67  * underlying tcp connection is established */
68 #define parent_app_api_context c_s_index
69 
73 } tls_ctx_t;
74 
75 typedef struct tls_main_
76 {
83 
84  /*
85  * Config
86  */
88  char *ca_cert_path;
89 } tls_main_t;
90 
91 typedef struct tls_engine_vft_
92 {
93  u32 (*ctx_alloc) (void);
94  void (*ctx_free) (tls_ctx_t * ctx);
95  tls_ctx_t *(*ctx_get) (u32 ctx_index);
96  tls_ctx_t *(*ctx_get_w_thread) (u32 ctx_index, u8 thread_index);
97  int (*ctx_init_client) (tls_ctx_t * ctx);
98  int (*ctx_init_server) (tls_ctx_t * ctx);
99  int (*ctx_read) (tls_ctx_t * ctx, stream_session_t * tls_session);
100  int (*ctx_write) (tls_ctx_t * ctx, stream_session_t * app_session);
101  u8 (*ctx_handshake_is_over) (tls_ctx_t * ctx);
103 
104 typedef enum tls_engine_type_
105 {
111 
113 void tls_register_engine (const tls_engine_vft_t * vft,
114  tls_engine_type_t type);
115 int tls_add_vpp_q_evt (svm_fifo_t * f, u8 evt_type);
117 int tls_notify_app_connected (tls_ctx_t * ctx, u8 is_failed);
118 void tls_notify_app_enqueue (tls_ctx_t * ctx, stream_session_t * app_session);
119 #endif /* SRC_VNET_TLS_TLS_H_ */
120 /*
121  * fd.io coding-style-patch-verification: ON
122  *
123  * Local Variables:
124  * eval: (c-set-style "gnu")
125  * End:
126  */
enum tls_engine_type_ tls_engine_type_t
struct _transport_connection transport_connection_t
clib_rwlock_t half_open_rwlock
Definition: tls.h:80
char * ca_cert_path
Definition: tls.h:88
struct tls_main_ tls_main_t
int tls_notify_app_accept(tls_ctx_t *ctx)
Definition: tls.c:197
struct tls_engine_vft_ tls_engine_vft_t
u8 use_test_cert_in_ca
Definition: tls.h:87
u64 session_handle_t
Definition: session.h:91
unsigned char u8
Definition: types.h:56
#define listener_ctx_index
Definition: tls.h:62
struct _svm_fifo svm_fifo_t
void tls_notify_app_enqueue(tls_ctx_t *ctx, stream_session_t *app_session)
Definition: tls.c:188
u32 app_index
Definition: tls.h:77
u8 is_passive_close
Definition: tls.h:70
#define parent_app_index
Definition: tls.h:59
unsigned int u32
Definition: types.h:88
struct _stream_session_t stream_session_t
int tls_add_vpp_q_evt(svm_fifo_t *f, u8 evt_type)
Definition: tls.c:42
Definition: tls.h:75
tls_ctx_id_t c_tls_ctx_id
Definition: tls.h:57
Definition: tls.h:52
int tls_notify_app_connected(tls_ctx_t *ctx, u8 is_failed)
Definition: tls.c:226
struct tls_ctx_ tls_ctx_t
u8 ** rx_bufs
Definition: tls.h:81
void tls_register_engine(const tls_engine_vft_t *vft, tls_engine_type_t type)
Definition: tls.c:703
transport_connection_t connection
Definition: tls.h:56
#define app_session_handle
Definition: tls.h:60
long ctx[MAX_CONNS]
Definition: main.c:126
tls_main_t * vnet_tls_get_main(void)
Definition: tls.c:780
tls_ctx_t * half_open_ctx_pool
Definition: tls.h:79
u8 ** tx_bufs
Definition: tls.h:82
u8 * srv_hostname
Definition: tls.h:72
u8 resume
Definition: tls.h:71
#define tcp_is_ip4
Definition: tls.h:63
tls_engine_type_
Definition: tls.h:104
typedef CLIB_PACKED(struct tls_cxt_id_{u32 parent_app_index;session_handle_t app_session_handle;session_handle_t tls_session_handle;u32 listener_ctx_index;u8 tcp_is_ip4;u8 tls_engine_id;}) tls_ctx_id_t
#define tls_session_handle
Definition: tls.h:61
tls_ctx_t * listener_ctx_pool
Definition: tls.h:78
STATIC_ASSERT(sizeof(tls_ctx_id_t)<=42,"ctx id must be less than 42")