FD.io VPP  v20.09-64-g4f7b92f0a
Vector Packet Processing
tls.h
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2018-2019 Cisco and/or its affiliates.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at:
6  *
7  * http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
18 #include <vnet/session/session.h>
19 #include <vppinfra/lock.h>
20 
21 #ifndef SRC_VNET_TLS_TLS_H_
22 #define SRC_VNET_TLS_TLS_H_
23 
24 #define TLS_DEBUG 0
25 #define TLS_DEBUG_LEVEL_CLIENT 0
26 #define TLS_DEBUG_LEVEL_SERVER 0
27 
28 #define TLS_CHUNK_SIZE (1 << 14)
29 #define TLS_CA_CERT_PATH "/etc/ssl/certs/ca-certificates.crt"
30 
31 #if TLS_DEBUG
32 #define TLS_DBG(_lvl, _fmt, _args...) \
33  if (_lvl <= TLS_DEBUG) \
34  clib_warning (_fmt, ##_args)
35 #else
36 #define TLS_DBG(_lvl, _fmt, _args...)
37 #endif
38 
39 /* *INDENT-OFF* */
40 typedef struct tls_cxt_id_
41 {
42  union {
45  };
52 } tls_ctx_id_t;
53 /* *INDENT-ON* */
54 
56  "ctx id must be less than TRANSPORT_CONN_ID_LEN");
57 
58 typedef struct tls_ctx_
59 {
60  union
61  {
64  };
65 #define parent_app_wrk_index c_tls_ctx_id.parent_app_wrk_index
66 #define app_session_handle c_tls_ctx_id.app_session_handle
67 #define tls_session_handle c_tls_ctx_id.tls_session_handle
68 #define listener_ctx_index c_tls_ctx_id.listener_ctx_index
69 #define tcp_is_ip4 c_tls_ctx_id.tcp_is_ip4
70 #define tls_ctx_engine c_tls_ctx_id.tls_engine_id
71 #define tls_ssl_ctx c_tls_ctx_id.ssl_ctx
72 #define tls_ctx_handle c_c_index
73  /* Temporary storage for session open opaque. Overwritten once
74  * underlying tcp connection is established */
75 #define parent_app_api_context c_tls_ctx_id.parent_app_api_ctx
76 
84 } tls_ctx_t;
85 
86 typedef struct tls_main_
87 {
94 
95  /*
96  * Config
97  */
99  char *ca_cert_path;
102 } tls_main_t;
103 
104 typedef struct tls_engine_vft_
105 {
106  u32 (*ctx_alloc) (void);
107  void (*ctx_free) (tls_ctx_t * ctx);
108  tls_ctx_t *(*ctx_get) (u32 ctx_index);
109  tls_ctx_t *(*ctx_get_w_thread) (u32 ctx_index, u8 thread_index);
110  int (*ctx_init_client) (tls_ctx_t * ctx);
111  int (*ctx_init_server) (tls_ctx_t * ctx);
112  int (*ctx_read) (tls_ctx_t * ctx, session_t * tls_session);
113  int (*ctx_write) (tls_ctx_t * ctx, session_t * app_session,
115  u8 (*ctx_handshake_is_over) (tls_ctx_t * ctx);
116  int (*ctx_start_listen) (tls_ctx_t * ctx);
117  int (*ctx_stop_listen) (tls_ctx_t * ctx);
118  int (*ctx_transport_close) (tls_ctx_t * ctx);
119  int (*ctx_app_close) (tls_ctx_t * ctx);
121 
123 void tls_register_engine (const tls_engine_vft_t * vft,
131 void tls_notify_app_enqueue (tls_ctx_t * ctx, session_t * app_session);
133 #endif /* SRC_VNET_TLS_TLS_H_ */
134 
135 /*
136  * fd.io coding-style-patch-verification: ON
137  *
138  * Local Variables:
139  * eval: (c-set-style "gnu")
140  * End:
141  */
STATIC_ASSERT(sizeof(tls_ctx_id_t)<=TRANSPORT_CONN_ID_LEN, "ctx id must be less than TRANSPORT_CONN_ID_LEN")
struct tls_cxt_id_ tls_ctx_id_t
u8 no_app_session
Definition: tls.h:80
clib_rwlock_t half_open_rwlock
Definition: tls.h:91
u32 ssl_ctx
Definition: tls.h:48
unsigned long u64
Definition: types.h:89
char * ca_cert_path
Definition: tls.h:99
struct tls_main_ tls_main_t
int tls_notify_app_accept(tls_ctx_t *ctx)
Definition: tls.c:181
u32 parent_app_api_ctx
Definition: tls.h:44
u32 listener_ctx_index
Definition: tls.h:49
u8 tcp_is_ip4
Definition: tls.h:50
struct tls_engine_vft_ tls_engine_vft_t
u8 use_test_cert_in_ca
Definition: tls.h:98
u32 parent_app_wrk_index
Definition: tls.h:47
unsigned char u8
Definition: types.h:56
session_handle_t tls_session_handle
Definition: tls.h:46
int tls_notify_app_connected(tls_ctx_t *ctx, session_error_t err)
Definition: tls.c:211
u32 app_index
Definition: tls.h:88
void tls_disconnect_transport(tls_ctx_t *ctx)
Definition: tls.c:30
u8 is_passive_close
Definition: tls.h:77
unsigned int u32
Definition: types.h:88
void tls_notify_app_enqueue(tls_ctx_t *ctx, session_t *app_session)
Definition: tls.c:172
u8 tls_engine_id
Definition: tls.h:51
int tls_add_vpp_q_builtin_rx_evt(session_t *s)
Definition: tls.c:62
vl_api_fib_path_type_t type
Definition: fib_types.api:123
long ctx[MAX_CONNS]
Definition: main.c:144
Definition: tls.h:86
tls_ctx_id_t c_tls_ctx_id
Definition: tls.h:63
u64 first_seg_size
Definition: tls.h:100
Definition: tls.h:58
u32 ckpair_index
Definition: tls.h:83
int tls_add_vpp_q_rx_evt(session_t *s)
Definition: tls.c:54
u32 fifo_size
Definition: tls.h:101
struct tls_ctx_ tls_ctx_t
u8 ** rx_bufs
Definition: tls.h:92
u32 evt_index
Definition: tls.h:82
struct _transport_connection transport_connection_t
transport_connection_t connection
Definition: tls.h:62
#define TRANSPORT_CONN_ID_LEN
int tls_add_vpp_q_builtin_tx_evt(session_t *s)
tls_main_t * vnet_tls_get_main(void)
Definition: tls.c:996
session_handle_t app_session_handle
Definition: tls.h:43
tls_ctx_t * half_open_ctx_pool
Definition: tls.h:90
u8 ** tx_bufs
Definition: tls.h:93
u8 app_closed
Definition: tls.h:79
u64 session_handle_t
u8 * srv_hostname
Definition: tls.h:81
u8 resume
Definition: tls.h:78
enum session_error_ session_error_t
enum crypto_engine_type_ crypto_engine_type_t
int tls_add_vpp_q_tx_evt(session_t *s)
Definition: tls.c:70
void tls_register_engine(const tls_engine_vft_t *vft, crypto_engine_type_t type)
Definition: tls.c:903
tls_ctx_t * listener_ctx_pool
Definition: tls.h:89