df/d79/tls_8h_source.html

 /*
  * Copyright (c) 2018-2019 Cisco and/or its affiliates.
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at:
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 #include <vnet/session/application_interface.h>
 #include <vnet/session/application.h>
 #include <vnet/session/session.h>
 #include <vppinfra/lock.h>

 #ifndef SRC_VNET_TLS_TLS_H_
 #define SRC_VNET_TLS_TLS_H_

 #define TLS_DEBUG               0
 #define TLS_DEBUG_LEVEL_CLIENT  0
 #define TLS_DEBUG_LEVEL_SERVER  0

 #define TLS_CHUNK_SIZE          (1 << 14)
 #define TLS_CA_CERT_PATH        "/etc/ssl/certs/ca-certificates.crt"

 #if TLS_DEBUG
 #define TLS_DBG(_lvl, _fmt, _args...)                   \
   if (_lvl <= TLS_DEBUG)                                \
     clib_warning (_fmt, ##_args)
 #else
 #define TLS_DBG(_lvl, _fmt, _args...)
 #endif

 /* *INDENT-OFF* */
 typedef struct tls_cxt_id_
 {
   union {
     session_handle_t app_session_handle;
     u32 parent_app_api_ctx;
   };
   session_handle_t tls_session_handle;
   u32 parent_app_wrk_index;
   u32 ssl_ctx;
   u32 listener_ctx_index;
   u8 tcp_is_ip4;
   u8 tls_engine_id;
 } tls_ctx_id_t;
 /* *INDENT-ON* */

 STATIC_ASSERT (sizeof (tls_ctx_id_t) <= TRANSPORT_CONN_ID_LEN,
                "ctx id must be less than TRANSPORT_CONN_ID_LEN");

 typedef struct tls_ctx_
 {
   union
   {
     transport_connection_t connection;
     tls_ctx_id_t c_tls_ctx_id;
   };
 #define parent_app_wrk_index c_tls_ctx_id.parent_app_wrk_index
 #define app_session_handle c_tls_ctx_id.app_session_handle
 #define tls_session_handle c_tls_ctx_id.tls_session_handle
 #define listener_ctx_index c_tls_ctx_id.listener_ctx_index
 #define tcp_is_ip4 c_tls_ctx_id.tcp_is_ip4
 #define tls_ctx_engine c_tls_ctx_id.tls_engine_id
 #define tls_ssl_ctx c_tls_ctx_id.ssl_ctx
 #define tls_ctx_handle c_c_index
   /* Temporary storage for session open opaque. Overwritten once
    * underlying tcp connection is established */
 #define parent_app_api_context c_tls_ctx_id.parent_app_api_ctx

   u8 is_passive_close;
   u8 resume;
   u8 app_closed;
   u8 no_app_session;
   u8 *srv_hostname;
   u32 evt_index;
   u32 ckpair_index;
 } tls_ctx_t;

 typedef struct tls_main_
 {
   u32 app_index;
   tls_ctx_t *listener_ctx_pool;
   tls_ctx_t *half_open_ctx_pool;
   clib_rwlock_t half_open_rwlock;
   u8 **rx_bufs;
   u8 **tx_bufs;

   /*
    * Config
    */
   u8 use_test_cert_in_ca;
   char *ca_cert_path;
   u64 first_seg_size;
   u32 fifo_size;
 } tls_main_t;

 typedef struct tls_engine_vft_
 {
   u32 (*ctx_alloc) (void);
   void (*ctx_free) (tls_ctx_t * ctx);
   tls_ctx_t *(*ctx_get) (u32 ctx_index);
   tls_ctx_t *(*ctx_get_w_thread) (u32 ctx_index, u8 thread_index);
   int (*ctx_init_client) (tls_ctx_t * ctx);
   int (*ctx_init_server) (tls_ctx_t * ctx);
   int (*ctx_read) (tls_ctx_t * ctx, session_t * tls_session);
   int (*ctx_write) (tls_ctx_t * ctx, session_t * app_session,
                     transport_send_params_t * sp);
     u8 (*ctx_handshake_is_over) (tls_ctx_t * ctx);
   int (*ctx_start_listen) (tls_ctx_t * ctx);
   int (*ctx_stop_listen) (tls_ctx_t * ctx);
   int (*ctx_transport_close) (tls_ctx_t * ctx);
   int (*ctx_app_close) (tls_ctx_t * ctx);
 } tls_engine_vft_t;

 tls_main_t *vnet_tls_get_main (void);
 void tls_register_engine (const tls_engine_vft_t * vft,
                           crypto_engine_type_t type);
 int tls_add_vpp_q_rx_evt (session_t * s);
 int tls_add_vpp_q_tx_evt (session_t * s);
 int tls_add_vpp_q_builtin_tx_evt (session_t * s);
 int tls_add_vpp_q_builtin_rx_evt (session_t * s);
 int tls_notify_app_accept (tls_ctx_t * ctx);
 int tls_notify_app_connected (tls_ctx_t * ctx, session_error_t err);
 void tls_notify_app_enqueue (tls_ctx_t * ctx, session_t * app_session);
 void tls_disconnect_transport (tls_ctx_t * ctx);
 #endif /* SRC_VNET_TLS_TLS_H_ */

 /*
  * fd.io coding-style-patch-verification: ON
  *
  * Local Variables:
  * eval: (c-set-style "gnu")
  * End:
  */
STATIC_ASSERT
STATIC_ASSERT(sizeof(tls_ctx_id_t)<=TRANSPORT_CONN_ID_LEN, "ctx id must be less than TRANSPORT_CONN_ID_LEN")

session_
Definition: session_types.h:181

tls_ctx_id_t
struct tls_cxt_id_ tls_ctx_id_t

lock.h

tls_cxt_id_
Definition: tls.h:40

tls_ctx_::no_app_session
u8 no_app_session
Definition: tls.h:80

tls_main_::half_open_rwlock
clib_rwlock_t half_open_rwlock
Definition: tls.h:91

tls_cxt_id_::ssl_ctx
u32 ssl_ctx
Definition: tls.h:48

u64
unsigned long u64
Definition: types.h:89

tls_main_::ca_cert_path
char * ca_cert_path
Definition: tls.h:99

application.h

tls_main_t
struct tls_main_ tls_main_t

application_interface.h

tls_notify_app_accept
int tls_notify_app_accept(tls_ctx_t *ctx)
Definition: tls.c:181

tls_cxt_id_::parent_app_api_ctx
u32 parent_app_api_ctx
Definition: tls.h:44

tls_cxt_id_::listener_ctx_index
u32 listener_ctx_index
Definition: tls.h:49

tls_cxt_id_::tcp_is_ip4
u8 tcp_is_ip4
Definition: tls.h:50

tls_engine_vft_t
struct tls_engine_vft_ tls_engine_vft_t

tls_main_::use_test_cert_in_ca
u8 use_test_cert_in_ca
Definition: tls.h:98

session.h

tls_cxt_id_::parent_app_wrk_index
u32 parent_app_wrk_index
Definition: tls.h:47

clib_rw_lock_
Definition: lock.h:137

u8
unsigned char u8
Definition: types.h:56

tls_cxt_id_::tls_session_handle
session_handle_t tls_session_handle
Definition: tls.h:46

tls_notify_app_connected
int tls_notify_app_connected(tls_ctx_t *ctx, session_error_t err)
Definition: tls.c:211

tls_main_::app_index
u32 app_index
Definition: tls.h:88

tls_disconnect_transport
void tls_disconnect_transport(tls_ctx_t *ctx)
Definition: tls.c:30

tls_ctx_::is_passive_close
u8 is_passive_close
Definition: tls.h:77

u32
unsigned int u32
Definition: types.h:88

tls_notify_app_enqueue
void tls_notify_app_enqueue(tls_ctx_t *ctx, session_t *app_session)
Definition: tls.c:172

tls_cxt_id_::tls_engine_id
u8 tls_engine_id
Definition: tls.h:51

tls_add_vpp_q_builtin_rx_evt
int tls_add_vpp_q_builtin_rx_evt(session_t *s)
Definition: tls.c:62

type
vl_api_fib_path_type_t type
Definition: fib_types.api:123

ctx
long ctx[MAX_CONNS]
Definition: main.c:144

tls_main_
Definition: tls.h:86

tls_ctx_::c_tls_ctx_id
tls_ctx_id_t c_tls_ctx_id
Definition: tls.h:63

transport_send_params_
Definition: transport.h:44

tls_main_::first_seg_size
u64 first_seg_size
Definition: tls.h:100

tls_ctx_
Definition: tls.h:58

tls_ctx_::ckpair_index
u32 ckpair_index
Definition: tls.h:83

tls_add_vpp_q_rx_evt
int tls_add_vpp_q_rx_evt(session_t *s)
Definition: tls.c:54

tls_main_::fifo_size
u32 fifo_size
Definition: tls.h:101

tls_ctx_t
struct tls_ctx_ tls_ctx_t

tls_engine_vft_
Definition: tls.h:104

tls_main_::rx_bufs
u8 ** rx_bufs
Definition: tls.h:92

tls_ctx_::evt_index
u32 evt_index
Definition: tls.h:82

transport_connection_t
struct _transport_connection transport_connection_t

tls_ctx_::connection
transport_connection_t connection
Definition: tls.h:62

TRANSPORT_CONN_ID_LEN
#define TRANSPORT_CONN_ID_LEN
Definition: transport_types.h:72

tls_add_vpp_q_builtin_tx_evt
int tls_add_vpp_q_builtin_tx_evt(session_t *s)

vnet_tls_get_main
tls_main_t * vnet_tls_get_main(void)
Definition: tls.c:996

tls_cxt_id_::app_session_handle
session_handle_t app_session_handle
Definition: tls.h:43

tls_main_::half_open_ctx_pool
tls_ctx_t * half_open_ctx_pool
Definition: tls.h:90

tls_main_::tx_bufs
u8 ** tx_bufs
Definition: tls.h:93

tls_ctx_::app_closed
u8 app_closed
Definition: tls.h:79

session_handle_t
u64 session_handle_t
Definition: session_types.h:118

tls_ctx_::srv_hostname
u8 * srv_hostname
Definition: tls.h:81

tls_ctx_::resume
u8 resume
Definition: tls.h:78

session_error_t
enum session_error_ session_error_t

crypto_engine_type_t
enum crypto_engine_type_ crypto_engine_type_t

tls_add_vpp_q_tx_evt
int tls_add_vpp_q_tx_evt(session_t *s)
Definition: tls.c:70

tls_register_engine
void tls_register_engine(const tls_engine_vft_t *vft, crypto_engine_type_t type)
Definition: tls.c:903

tls_main_::listener_ctx_pool
tls_ctx_t * listener_ctx_pool
Definition: tls.h:89