FD.io VPP  v19.04.4-rc0-5-ge88582fac
Vector Packet Processing
tls.h
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2018-2019 Cisco and/or its affiliates.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at:
6  *
7  * http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
18 #include <vnet/session/session.h>
19 #include <vppinfra/lock.h>
20 
21 #ifndef SRC_VNET_TLS_TLS_H_
22 #define SRC_VNET_TLS_TLS_H_
23 
24 #define TLS_DEBUG 0
25 #define TLS_DEBUG_LEVEL_CLIENT 0
26 #define TLS_DEBUG_LEVEL_SERVER 0
27 
28 #define TLS_CHUNK_SIZE (1 << 14)
29 #define TLS_CA_CERT_PATH "/etc/ssl/certs/ca-certificates.crt"
30 
31 #if TLS_DEBUG
32 #define TLS_DBG(_lvl, _fmt, _args...) \
33  if (_lvl <= TLS_DEBUG) \
34  clib_warning (_fmt, ##_args)
35 #else
36 #define TLS_DBG(_lvl, _fmt, _args...)
37 #endif
38 
39 /* *INDENT-OFF* */
40 typedef CLIB_PACKED (struct tls_cxt_id_
41 {
43  union {
45  u32 parent_app_api_ctx;
46  };
48  u32 ssl_ctx;
50  u8 tcp_is_ip4;
51  u8 tls_engine_id;
52 }) tls_ctx_id_t;
53 /* *INDENT-ON* */
54 
55 STATIC_ASSERT (sizeof (tls_ctx_id_t) <= 42, "ctx id must be less than 42");
56 
57 typedef struct tls_ctx_
58 {
59  union
60  {
62  tls_ctx_id_t c_tls_ctx_id;
63  };
64 #define parent_app_wrk_index c_tls_ctx_id.parent_app_wrk_index
65 #define app_session_handle c_tls_ctx_id.app_session_handle
66 #define tls_session_handle c_tls_ctx_id.tls_session_handle
67 #define listener_ctx_index c_tls_ctx_id.listener_ctx_index
68 #define tcp_is_ip4 c_tls_ctx_id.tcp_is_ip4
69 #define tls_ctx_engine c_tls_ctx_id.tls_engine_id
70 #define tls_ssl_ctx c_tls_ctx_id.ssl_ctx
71 #define tls_ctx_handle c_c_index
72  /* Temporary storage for session open opaque. Overwritten once
73  * underlying tcp connection is established */
74 #define parent_app_api_context c_tls_ctx_id.parent_app_api_ctx
75 
79 } tls_ctx_t;
80 
81 typedef struct tls_main_
82 {
89 
90  /*
91  * Config
92  */
94  char *ca_cert_path;
97 } tls_main_t;
98 
99 typedef struct tls_engine_vft_
100 {
101  u32 (*ctx_alloc) (void);
102  void (*ctx_free) (tls_ctx_t * ctx);
103  tls_ctx_t *(*ctx_get) (u32 ctx_index);
104  tls_ctx_t *(*ctx_get_w_thread) (u32 ctx_index, u8 thread_index);
105  int (*ctx_init_client) (tls_ctx_t * ctx);
106  int (*ctx_init_server) (tls_ctx_t * ctx);
107  int (*ctx_read) (tls_ctx_t * ctx, session_t * tls_session);
108  int (*ctx_write) (tls_ctx_t * ctx, session_t * app_session);
109  u8 (*ctx_handshake_is_over) (tls_ctx_t * ctx);
110  int (*ctx_start_listen) (tls_ctx_t * ctx);
111  int (*ctx_stop_listen) (tls_ctx_t * ctx);
113 
115 void tls_register_engine (const tls_engine_vft_t * vft,
116  tls_engine_type_t type);
122 int tls_notify_app_connected (tls_ctx_t * ctx, u8 is_failed);
123 void tls_notify_app_enqueue (tls_ctx_t * ctx, session_t * app_session);
124 #endif /* SRC_VNET_TLS_TLS_H_ */
125 
126 /*
127  * fd.io coding-style-patch-verification: ON
128  *
129  * Local Variables:
130  * eval: (c-set-style "gnu")
131  * End:
132  */
clib_rwlock_t half_open_rwlock
Definition: tls.h:86
unsigned long u64
Definition: types.h:89
char * ca_cert_path
Definition: tls.h:94
struct tls_main_ tls_main_t
int tls_notify_app_accept(tls_ctx_t *ctx)
Definition: tls.c:190
struct tls_engine_vft_ tls_engine_vft_t
u8 use_test_cert_in_ca
Definition: tls.h:93
unsigned char u8
Definition: types.h:56
#define listener_ctx_index
Definition: tls.h:67
u32 app_index
Definition: tls.h:83
u8 is_passive_close
Definition: tls.h:76
unsigned int u32
Definition: types.h:88
void tls_notify_app_enqueue(tls_ctx_t *ctx, session_t *app_session)
Definition: tls.c:181
int tls_add_vpp_q_builtin_rx_evt(session_t *s)
Definition: tls.c:62
long ctx[MAX_CONNS]
Definition: main.c:144
Definition: tls.h:81
tls_ctx_id_t c_tls_ctx_id
Definition: tls.h:62
u64 first_seg_size
Definition: tls.h:95
Definition: tls.h:57
int tls_add_vpp_q_rx_evt(session_t *s)
Definition: tls.c:54
u32 fifo_size
Definition: tls.h:96
int tls_notify_app_connected(tls_ctx_t *ctx, u8 is_failed)
Definition: tls.c:222
struct tls_ctx_ tls_ctx_t
u8 ** rx_bufs
Definition: tls.h:87
void tls_register_engine(const tls_engine_vft_t *vft, tls_engine_type_t type)
Definition: tls.c:747
struct _transport_connection transport_connection_t
transport_connection_t connection
Definition: tls.h:61
#define app_session_handle
Definition: tls.h:65
#define parent_app_wrk_index
Definition: tls.h:64
int tls_add_vpp_q_builtin_tx_evt(session_t *s)
Definition: tls.c:78
tls_main_t * vnet_tls_get_main(void)
Definition: tls.c:833
tls_ctx_t * half_open_ctx_pool
Definition: tls.h:85
u8 ** tx_bufs
Definition: tls.h:88
u64 session_handle_t
STATIC_ASSERT(sizeof(tls_ctx_id_t)<=42, "ctx id must be less than 42")
u8 * srv_hostname
Definition: tls.h:78
typedef CLIB_PACKED(struct tls_cxt_id_ { u32 parent_app_wrk_index;union { session_handle_t app_session_handle;u32 parent_app_api_ctx;};session_handle_t tls_session_handle;u32 ssl_ctx;u32 listener_ctx_index;u8 tcp_is_ip4;u8 tls_engine_id;}) tls_ctx_id_t
u8 resume
Definition: tls.h:77
#define tcp_is_ip4
Definition: tls.h:68
int tls_add_vpp_q_tx_evt(session_t *s)
Definition: tls.c:70
enum tls_engine_type_ tls_engine_type_t
#define tls_session_handle
Definition: tls.h:66
tls_ctx_t * listener_ctx_pool
Definition: tls.h:84