FD.io VPP  v21.01.1
Vector Packet Processing
tls_picotls.c
Go to the documentation of this file.
1 #include <math.h>
2 
3 #include <tlspicotls/certs.h>
6 
8 
9 #define MAX_QUEUE 12000
10 #define PTLS_MAX_PLAINTEXT_RECORD_SIZE 16384
11 
12 static u32
14 {
15  u8 thread_id = vlib_get_thread_index ();
18 
19  pool_get (pm->ctx_pool[thread_id], ctx);
20  if (!(*ctx))
21  *ctx = clib_mem_alloc (sizeof (picotls_ctx_t));
22 
23  clib_memset (*ctx, 0, sizeof (picotls_ctx_t));
24  (*ctx)->ctx.c_thread_index = thread_id;
25  (*ctx)->ctx.tls_ctx_engine = CRYPTO_ENGINE_PICOTLS;
26  (*ctx)->ctx.app_session_handle = SESSION_INVALID_HANDLE;
27  (*ctx)->ptls_ctx_idx = ctx - pm->ctx_pool[thread_id];
28  return (*ctx)->ptls_ctx_idx;
29 }
30 
31 static void
33 {
34  picotls_ctx_t *ptls_ctx = (picotls_ctx_t *) ctx;
35  vec_free (ptls_ctx->rx_content);
36  vec_free (ptls_ctx->write_content);
37  pool_put_index (picotls_main.ctx_pool[ctx->c_thread_index],
38  ptls_ctx->ptls_ctx_idx);
39 }
40 
41 static u32
43 {
45  picotls_listen_ctx_t *ptls_lctx;
46 
47  pool_get (pm->lctx_pool, ptls_lctx);
48 
49  clib_memset (ptls_lctx, 0, sizeof (picotls_listen_ctx_t));
50  ptls_lctx->ptls_lctx_index = ptls_lctx - pm->lctx_pool;
51  return ptls_lctx->ptls_lctx_index;
52 }
53 
54 static void
56 {
57  pool_put_index (picotls_main.lctx_pool, lctx->ptls_lctx_index);
58 }
59 
60 tls_ctx_t *
61 picotls_ctx_get (u32 ctx_index)
62 {
64  ctx =
66  ctx_index);
67  return &(*ctx)->ctx;
68 }
69 
71 picotls_lctx_get (u32 lctx_index)
72 {
73  return pool_elt_at_index (picotls_main.lctx_pool, lctx_index);
74 }
75 
76 static u8
78 {
79  picotls_ctx_t *ptls_ctx = (picotls_ctx_t *) ctx;
80  assert (ptls_ctx->tls);
81  return ptls_handshake_is_complete (ptls_ctx->tls);
82 }
83 
84 static int
86  session_t * tls_session, ptls_buffer_t * buf)
87 {
88  u32 enq_max, enq_now;
89  svm_fifo_t *f;
90  int write, buf_left;
91 
92  if (buf->off <= 0)
93  return 0;
94 
95  f = tls_session->tx_fifo;
96  buf_left = buf->off;
97  enq_max = svm_fifo_max_enqueue_prod (f);
98  if (!enq_max)
99  return 0;
100 
101  enq_now = clib_min (svm_fifo_max_write_chunk (f), enq_max);
102  enq_now = clib_min (enq_now, buf_left);
103  write = svm_fifo_enqueue (f, enq_now, buf->base);
104  buf_left -= write;
105  tls_add_vpp_q_tx_evt (tls_session);
106  return write;
107 }
108 
109 static int
111 {
112  picotls_listen_ctx_t *ptls_lctx;
113  ptls_context_t *ptls_ctx;
114  u32 ptls_lctx_idx;
115  app_cert_key_pair_t *ckpair;
116  static ptls_key_exchange_algorithm_t *key_exchange[] = {
117 #ifdef PTLS_OPENSSL_HAVE_X25519
118  &ptls_openssl_x25519,
119 #endif
120 #ifdef PTLS_OPENSSL_HAVE_SECP256R1
121  &ptls_openssl_secp256r1,
122 #endif
123 #ifdef PTLS_OPENSSL_HAVE_SECP384R1
124  &ptls_openssl_secp384r1,
125 #endif
126 #ifdef PTLS_OPENSSL_HAVE_SECP521R1
127  &ptls_openssl_secp521r1
128 #endif
129  };
130 
132  if (!ckpair || !ckpair->cert || !ckpair->key)
133  {
134  TLS_DBG (1, "tls cert and/or key not configured %d",
135  lctx->parent_app_wrk_index);
136  return -1;
137  }
138 
139  ptls_lctx_idx = picotls_listen_ctx_alloc ();
140  ptls_lctx = picotls_lctx_get (ptls_lctx_idx);
141  ptls_ctx = malloc (sizeof (ptls_context_t));
142  ptls_lctx->ptls_ctx = ptls_ctx;
143 
144  memset (ptls_ctx, 0, sizeof (ptls_context_t));
145  ptls_ctx->update_open_count = NULL;
146 
147  /*
148  * Process certificate & private key.
149  */
150  load_bio_certificate_chain (ptls_ctx, (char *) ckpair->cert);
151  load_bio_private_key (ptls_ctx, (char *) ckpair->key);
152 
153  /* setup protocol related functions */
154  ptls_ctx->key_exchanges = key_exchange;
155  ptls_ctx->random_bytes = ptls_openssl_random_bytes;
156  ptls_ctx->cipher_suites = ptls_vpp_crypto_cipher_suites;
157  ptls_ctx->get_time = &ptls_get_time;
158 
159  lctx->tls_ssl_ctx = ptls_lctx_idx;
160 
161  return 0;
162 }
163 
164 static int
166 {
167  u32 ptls_lctx_index;
168  picotls_listen_ctx_t *ptls_lctx;
169 
170  ptls_lctx_index = lctx->tls_ssl_ctx;
171  ptls_lctx = picotls_lctx_get (ptls_lctx_index);
172 
173  picotls_listen_ctx_free (ptls_lctx);
174 
175  return 0;
176 }
177 
178 static void
180 {
181  session_free (session_get (ctx->c_s_index, ctx->c_thread_index));
182  ctx->no_app_session = 1;
183  ctx->c_s_index = SESSION_INVALID_INDEX;
185 }
186 
187 static void
189 {
192 }
193 
194 static int
196 {
197  if (!picotls_handshake_is_over (ctx))
198  {
200  return 0;
201  }
202  picotls_ctx_t *ptls_ctx = (picotls_ctx_t *) ctx;
203  ptls_free (ptls_ctx->tls);
205  return 0;
206 }
207 
208 static int
210 {
211  session_t *app_session;
212 
213  app_session = session_get_from_handle (ctx->app_session_handle);
214  if (!svm_fifo_max_dequeue_cons (app_session->tx_fifo))
216  else
217  ctx->app_closed = 1;
218 
219  return 0;
220 }
221 
222 static inline int
223 picotls_do_handshake (picotls_ctx_t * ptls_ctx, session_t * tls_session,
224  u8 * input, int input_len)
225 {
226  ptls_t *tls = ptls_ctx->tls;
227  ptls_buffer_t buf;
228  int rv = PTLS_ERROR_IN_PROGRESS;
229  int write = 0, off;
230 
231  do
232  {
233  off = 0;
234  do
235  {
236  ptls_buffer_init (&buf, "", 0);
237  size_t consumed = input_len - off;
238  rv = ptls_handshake (tls, &buf, input + off, &consumed, NULL);
239  off += consumed;
240  ptls_ctx->rx_offset += consumed;
241  if ((rv == 0 || rv == PTLS_ERROR_IN_PROGRESS) && buf.off != 0)
242  {
243  write = picotls_try_handshake_write (ptls_ctx, tls_session,
244  &buf);
245  }
246  ptls_buffer_dispose (&buf);
247  }
248  while (rv == PTLS_ERROR_IN_PROGRESS && input_len != off);
249  }
250  while (rv == PTLS_ERROR_IN_PROGRESS);
251 
252  return write;
253 }
254 
255 static inline int
257 {
258  picotls_ctx_t *ptls_ctx = (picotls_ctx_t *) ctx;
259  int from_tls_len = 0, off, crypto_len, ret;
260  u32 deq_max, deq_now;
261  u32 enq_max;
262  ptls_buffer_t *buf = &ptls_ctx->read_buffer;
263  svm_fifo_t *tls_rx_fifo, *app_rx_fifo;
264  session_t *app_session;
265 
266  tls_rx_fifo = tls_session->rx_fifo;
267 
268  if (!picotls_handshake_is_over (ctx))
269  {
270  deq_max = svm_fifo_max_dequeue_cons (tls_rx_fifo);
271  if (!deq_max)
272  goto done_hs;
273 
274  vec_validate (ptls_ctx->rx_content, deq_max);
275  ptls_ctx->rx_offset = 0;
276  ptls_ctx->rx_len = 0;
277 
278  off = svm_fifo_dequeue (tls_rx_fifo, deq_max, TLS_RX_LEN (ptls_ctx));
279  from_tls_len += off;
280  ptls_ctx->rx_len += off;
281 
282  picotls_do_handshake (ptls_ctx, tls_session, TLS_RX_OFFSET (ptls_ctx),
283  from_tls_len);
284  if (picotls_handshake_is_over (ctx))
285  tls_notify_app_accept (ctx);
286 
287  done_hs:
288  if (!TLS_RX_IS_LEFT (ptls_ctx))
289  return 0;
290  }
291 
292  app_session = session_get_from_handle (ctx->app_session_handle);
293  app_rx_fifo = app_session->rx_fifo;
294 
295  if (TLS_READ_IS_LEFT (ptls_ctx))
296  goto enq_buf;
297 
298  ptls_buffer_init (buf, "", 0);
299  ptls_ctx->read_buffer_offset = 0;
300 
301  if (!TLS_RX_IS_LEFT (ptls_ctx))
302  {
303  deq_max = svm_fifo_max_dequeue_cons (tls_rx_fifo);
304  if (!deq_max)
305  goto app_fifo;
306 
307  deq_now = clib_min (deq_max, svm_fifo_max_read_chunk (tls_rx_fifo));
308 
309  if (PREDICT_FALSE (deq_now < deq_max))
310  {
311  off =
312  svm_fifo_dequeue (tls_rx_fifo, deq_max, TLS_RX_LEN (ptls_ctx));
313  from_tls_len += off;
314  ptls_ctx->rx_len += off;
315  }
316  else
317  {
318  ret =
319  ptls_receive (ptls_ctx->tls, buf, svm_fifo_head (tls_rx_fifo),
320  (size_t *) & deq_now);
321  svm_fifo_dequeue_drop (tls_rx_fifo, deq_now);
322  goto enq_buf;
323  }
324  }
325 
326 app_fifo:
327 
328  enq_max = svm_fifo_max_enqueue_prod (app_rx_fifo);
329  if (!enq_max)
330  goto final;
331 
332  crypto_len = clib_min (enq_max, TLS_RX_LEFT_LEN (ptls_ctx));
333  off = 0;
334 
335  do
336  {
337  size_t consumed = crypto_len - off;
338  ret =
339  ptls_receive (ptls_ctx->tls, buf,
340  TLS_RX_OFFSET (ptls_ctx), &consumed);
341  off += consumed;
342  ptls_ctx->rx_offset += off;
343  }
344  while (ret == 0 && off < crypto_len);
345 
346 enq_buf:
347 
348  off =
349  svm_fifo_enqueue (app_rx_fifo, TLS_READ_LEFT_LEN (ptls_ctx),
350  TLS_READ_OFFSET (ptls_ctx));
351  if (off < 0)
352  {
353  tls_add_vpp_q_builtin_rx_evt (tls_session);
354  return 0;
355  }
356 
357  ptls_ctx->read_buffer_offset += off;
358  if (!TLS_RX_IS_LEFT (ptls_ctx))
359  {
360  ptls_ctx->rx_len = 0;
361  ptls_ctx->rx_offset = 0;
362  }
363 
364 final:
365  ptls_buffer_dispose (buf);
366 
367  if (app_session->session_state >= SESSION_STATE_READY)
368  tls_notify_app_enqueue (ctx, app_session);
369 
370  if (TLS_RX_IS_LEFT (ptls_ctx) || TLS_READ_IS_LEFT (ptls_ctx)
371  || svm_fifo_max_dequeue (tls_rx_fifo))
372  tls_add_vpp_q_builtin_rx_evt (tls_session);
373 
374  return from_tls_len;
375 }
376 
377 static inline int
379  svm_fifo_t * dst_fifo, int content_len,
380  int total_record_overhead, int is_no_copy)
381 {
382  ptls_buffer_t *buf = &ptls_ctx->write_buffer;
383  int total_length = content_len + total_record_overhead;
384  int to_dst_len;
385  if (is_no_copy)
386  {
387  ptls_buffer_init (buf, svm_fifo_tail (dst_fifo), total_length);
388  ptls_send (ptls_ctx->tls, buf, svm_fifo_head (src_fifo), content_len);
389 
390  assert (!buf->is_allocated);
391  assert (buf->base == svm_fifo_tail (dst_fifo));
392 
393  svm_fifo_dequeue_drop (src_fifo, content_len);
394  svm_fifo_enqueue_nocopy (dst_fifo, buf->off);
395  to_dst_len = buf->off;
396  }
397  else
398  {
399  assert (!TLS_WRITE_IS_LEFT (ptls_ctx));
400  vec_validate (ptls_ctx->write_content, total_length);
401  ptls_buffer_init (buf, ptls_ctx->write_content, total_length);
402 
403  ptls_send (ptls_ctx->tls, buf, svm_fifo_head (src_fifo), content_len);
404  svm_fifo_dequeue_drop (src_fifo, content_len);
405 
406  to_dst_len = svm_fifo_enqueue (dst_fifo, buf->off, buf->base);
407  }
408  ptls_ctx->write_buffer_offset += to_dst_len;
409  return to_dst_len;
410 }
411 
412 static inline int
415 {
416  picotls_ctx_t *ptls_ctx = (picotls_ctx_t *) ctx;
417  u32 deq_max, deq_now;
418  u32 enq_max, enq_now;
419  int from_app_len = 0, to_tls_len = 0, is_nocopy = 0;
420  svm_fifo_t *tls_tx_fifo, *app_tx_fifo;
421  session_t *tls_session;
422 
423  int record_overhead = ptls_get_record_overhead (ptls_ctx->tls);
424  int num_records, total_overhead;
425 
426  tls_session = session_get_from_handle (ctx->tls_session_handle);
427  tls_tx_fifo = tls_session->tx_fifo;
428  app_tx_fifo = app_session->tx_fifo;
429 
430  if (PREDICT_FALSE (TLS_WRITE_IS_LEFT (ptls_ctx)))
431  {
432  enq_max = svm_fifo_max_enqueue_prod (tls_tx_fifo);
433  int to_write = clib_min (enq_max,
434  ptls_ctx->write_buffer.off -
435  ptls_ctx->write_buffer_offset);
436  to_tls_len =
437  svm_fifo_enqueue (tls_tx_fifo, to_write, TLS_WRITE_OFFSET (ptls_ctx));
438  if (to_tls_len < 0)
439  {
440  app_session->flags |= SESSION_F_CUSTOM_TX;
441  return 0;
442  }
443  ptls_ctx->write_buffer_offset += to_tls_len;
444 
445  if (TLS_WRITE_IS_LEFT (ptls_ctx))
446  {
447  app_session->flags |= SESSION_F_CUSTOM_TX;
448  return to_tls_len;
449  }
450  else
451  {
452  ptls_buffer_init (&ptls_ctx->write_buffer, "", 0);
453  ptls_ctx->write_buffer_offset = 0;
454  }
455 
456  }
457 
458  deq_max = svm_fifo_max_dequeue_cons (app_tx_fifo);
459  if (!deq_max)
460  return deq_max;
461 
462  deq_now = clib_min (deq_max, sp->max_burst_size);
463  deq_now = clib_min (deq_now, svm_fifo_max_read_chunk (app_tx_fifo));
464 
465  enq_max = svm_fifo_max_enqueue_prod (tls_tx_fifo);
466  /** There is no engough enqueue space for one record **/
467  if (enq_max <= record_overhead)
468  {
469  app_session->flags |= SESSION_F_CUSTOM_TX;
470  return 0;
471  }
472 
473  enq_now = clib_min (enq_max, svm_fifo_max_write_chunk (tls_tx_fifo));
474 
475  /** Allowed to execute no-copy crypto operation **/
476  if (enq_now > record_overhead)
477  {
478  is_nocopy = 1;
479  from_app_len = clib_min (deq_now, enq_now);
480  num_records =
481  ceil ((f64) from_app_len / PTLS_MAX_PLAINTEXT_RECORD_SIZE);
482  total_overhead = num_records * record_overhead;
483  if (from_app_len + total_overhead > enq_now)
484  from_app_len = enq_now - total_overhead;
485  }
486  else
487  {
488  from_app_len = clib_min (deq_now, enq_max);
489  num_records =
490  ceil ((f64) from_app_len / PTLS_MAX_PLAINTEXT_RECORD_SIZE);
491  total_overhead = num_records * record_overhead;
492  if (from_app_len + total_overhead > enq_max)
493  from_app_len = enq_max - total_overhead;
494  }
495 
496  to_tls_len =
497  picotls_content_process (ptls_ctx, app_tx_fifo, tls_tx_fifo,
498  from_app_len, total_overhead, is_nocopy);
499  if (!TLS_WRITE_IS_LEFT (ptls_ctx))
500  {
501  ptls_ctx->write_buffer_offset = 0;
502  ptls_buffer_init (&ptls_ctx->write_buffer, "", 0);
503  }
504 
505  if (svm_fifo_needs_deq_ntf (app_tx_fifo, from_app_len))
506  session_dequeue_notify (app_session);
507 
508  if (to_tls_len)
509  tls_add_vpp_q_tx_evt (tls_session);
510 
511  if (from_app_len < deq_max || TLS_WRITE_IS_LEFT (ptls_ctx))
512  app_session->flags |= SESSION_F_CUSTOM_TX;
513 
514  if (ctx->app_closed)
515  picotls_app_close (ctx);
516 
517  return to_tls_len;
518 }
519 
520 static int
522 {
523  picotls_ctx_t *ptls_ctx = (picotls_ctx_t *) ctx;
524  u32 ptls_lctx_idx = ctx->tls_ssl_ctx;
525  picotls_listen_ctx_t *ptls_lctx;
526 
527  ptls_lctx = picotls_lctx_get (ptls_lctx_idx);
528  ptls_ctx->tls = ptls_new (ptls_lctx->ptls_ctx, 1);
529  if (ptls_ctx->tls == NULL)
530  {
531  TLS_DBG (1, "Failed to initialize ptls_ssl structure");
532  return -1;
533  }
534 
535  ptls_ctx->rx_len = 0;
536  ptls_ctx->rx_offset = 0;
537 
538  ptls_ctx->write_buffer_offset = 0;
539  return 0;
540 }
541 
542 tls_ctx_t *
543 picotls_ctx_get_w_thread (u32 ctx_index, u8 thread_index)
544 {
545  picotls_ctx_t **ctx;
546  ctx = pool_elt_at_index (picotls_main.ctx_pool[thread_index], ctx_index);
547  return &(*ctx)->ctx;
548 }
549 
550 const static tls_engine_vft_t picotls_engine = {
552  .ctx_free = picotls_ctx_free,
553  .ctx_get = picotls_ctx_get,
554  .ctx_get_w_thread = picotls_ctx_get_w_thread,
555  .ctx_handshake_is_over = picotls_handshake_is_over,
556  .ctx_start_listen = picotls_start_listen,
557  .ctx_stop_listen = picotls_stop_listen,
558  .ctx_init_server = picotls_ctx_init_server,
559  .ctx_read = picotls_ctx_read,
560  .ctx_write = picotls_ctx_write,
561  .ctx_transport_close = picotls_transport_close,
562  .ctx_app_close = picotls_app_close,
563 };
564 
565 static clib_error_t *
567 {
570  clib_error_t *error = 0;
571  u32 num_threads;
572 
573  num_threads = 1 + vtm->n_threads;
574 
575  vec_validate (pm->ctx_pool, num_threads - 1);
576 
577  clib_rwlock_init (&picotls_main.crypto_keys_rw_lock);
578 
579  tls_register_engine (&picotls_engine, CRYPTO_ENGINE_PICOTLS);
580 
581  return error;
582 }
583 
584 /* *INDENT-OFF* */
586  .runs_after = VLIB_INITS ("tls_init"),
587 };
588 /* *INDENT-ON* */
589 
590 /* *INDENT-OFF* */
592  .version = VPP_BUILD_VER,
593  .description = "Transport Layer Security (TLS) Engine, Picotls Based",
594 };
595 /* *INDENT-ON* */
596 
597 /*
598  * fd.io coding-style-patch-verification: ON
599  *
600  * Local Variables:
601  * eval: (c-set-style "gnu")
602  * End:
603  */
#define vec_validate(V, I)
Make sure vector is long enough for given index (no header, unspecified alignment) ...
Definition: vec.h:509
static void picotls_confirm_app_close(tls_ctx_t *ctx)
Definition: tls_picotls.c:188
#define clib_min(x, y)
Definition: clib.h:328
picotls_main_t picotls_main
Definition: tls_picotls.c:7
static int picotls_ctx_write(tls_ctx_t *ctx, session_t *app_session, transport_send_params_t *sp)
Definition: tls_picotls.c:413
static u32 svm_fifo_max_enqueue_prod(svm_fifo_t *f)
Maximum number of bytes that can be enqueued into fifo.
Definition: svm_fifo.h:550
tls_ctx_t * picotls_ctx_get_w_thread(u32 ctx_index, u8 thread_index)
Definition: tls_picotls.c:543
void tls_disconnect_transport(tls_ctx_t *ctx)
Definition: tls.c:30
svm_fifo_t * tx_fifo
u8 no_app_session
Definition: tls.h:80
clib_memset(h->entries, 0, sizeof(h->entries[0]) *entries)
VLIB_PLUGIN_REGISTER()
svm_fifo_t * rx_fifo
Pointers to rx/tx buffers.
int tls_add_vpp_q_builtin_rx_evt(session_t *s)
Definition: tls.c:62
#define TLS_RX_LEFT_LEN(x)
Definition: tls_picotls.h:13
ptls_cipher_suite_t * ptls_vpp_crypto_cipher_suites[]
void svm_fifo_enqueue_nocopy(svm_fifo_t *f, u32 len)
Advance tail.
Definition: svm_fifo.c:935
vlib_main_t * vm
Definition: in2out_ed.c:1580
static session_t * session_get(u32 si, u32 thread_index)
Definition: session.h:307
static int picotls_transport_close(tls_ctx_t *ctx)
Definition: tls_picotls.c:195
static u8 picotls_handshake_is_over(tls_ctx_t *ctx)
Definition: tls_picotls.c:77
u32 flags
Session flags.
#define pool_get(P, E)
Allocate an object E from a pool P (unspecified alignment).
Definition: pool.h:251
#define TLS_READ_LEFT_LEN(x)
Definition: tls_picotls.h:17
static void picotls_listen_ctx_free(picotls_listen_ctx_t *lctx)
Definition: tls_picotls.c:55
void tls_register_engine(const tls_engine_vft_t *vft, crypto_engine_type_t type)
Definition: tls.c:953
static u8 * svm_fifo_tail(svm_fifo_t *f)
Fifo tail pointer getter.
Definition: svm_fifo.h:631
unsigned char u8
Definition: types.h:56
double f64
Definition: types.h:142
#define assert(x)
Definition: dlmalloc.c:31
static int picotls_try_handshake_write(picotls_ctx_t *ptls_ctx, session_t *tls_session, ptls_buffer_t *buf)
Definition: tls_picotls.c:85
void session_transport_closing_notify(transport_connection_t *tc)
Notification from transport that connection is being closed.
Definition: session.c:975
static void picotls_ctx_free(tls_ctx_t *ctx)
Definition: tls_picotls.c:32
#define VLIB_INIT_FUNCTION(x)
Definition: init.h:173
static u32 svm_fifo_max_dequeue(svm_fifo_t *f)
Fifo max bytes to dequeue.
Definition: svm_fifo.h:459
static u32 svm_fifo_max_dequeue_cons(svm_fifo_t *f)
Fifo max bytes to dequeue optimized for consumer.
Definition: svm_fifo.h:430
picotls_listen_ctx_t * lctx_pool
Definition: tls_picotls.h:47
static int picotls_ctx_read(tls_ctx_t *ctx, session_t *tls_session)
Definition: tls_picotls.c:256
unsigned int u32
Definition: types.h:88
static void picotls_handle_handshake_failure(tls_ctx_t *ctx)
Definition: tls_picotls.c:179
int svm_fifo_dequeue(svm_fifo_t *f, u32 len, u8 *dst)
Dequeue data from fifo.
Definition: svm_fifo.c:1092
#define SESSION_INVALID_HANDLE
Definition: session_types.h:23
static u8 * svm_fifo_head(svm_fifo_t *f)
Fifo head pointer getter.
Definition: svm_fifo.h:604
static u32 picotls_listen_ctx_alloc(void)
Definition: tls_picotls.c:42
static int picotls_content_process(picotls_ctx_t *ptls_ctx, svm_fifo_t *src_fifo, svm_fifo_t *dst_fifo, int content_len, int total_record_overhead, int is_no_copy)
Definition: tls_picotls.c:378
int session_dequeue_notify(session_t *s)
Definition: session.c:712
Definition: cJSON.c:84
#define pool_elt_at_index(p, i)
Returns pointer to element at given index.
Definition: pool.h:546
static void clib_rwlock_init(clib_rwlock_t *p)
Definition: lock.h:152
picotls_listen_ctx_t * picotls_lctx_get(u32 lctx_index)
Definition: tls_picotls.c:71
static session_t * session_get_from_handle(session_handle_t handle)
Definition: session.h:327
long ctx[MAX_CONNS]
Definition: main.c:144
#define PTLS_MAX_PLAINTEXT_RECORD_SIZE
Definition: tls_picotls.c:10
int svm_fifo_enqueue(svm_fifo_t *f, u32 len, const u8 *src)
Enqueue data to fifo.
Definition: svm_fifo.c:840
#define PREDICT_FALSE(x)
Definition: clib.h:121
#define SESSION_INVALID_INDEX
Definition: session_types.h:22
picotls_ctx_t *** ctx_pool
Definition: tls_picotls.h:46
Definition: tls.h:58
u32(* ctx_alloc)(void)
Definition: tls.h:106
void * malloc(size_t size)
Definition: mem.c:33
u32 ckpair_index
Definition: tls.h:83
app_cert_key_pair_t * app_cert_key_pair_get_if_valid(u32 index)
Definition: application.c:1685
#define TLS_WRITE_IS_LEFT(x)
Definition: tls_picotls.h:20
static u8 svm_fifo_needs_deq_ntf(svm_fifo_t *f, u32 n_last_deq)
Check if fifo needs dequeue notification.
Definition: svm_fifo.h:818
static_always_inline uword vlib_get_thread_index(void)
Definition: threads.h:219
#define TLS_RX_LEN(x)
Definition: tls_picotls.h:10
clib_rwlock_t crypto_keys_rw_lock
Definition: tls_picotls.h:48
#define vec_free(V)
Free vector&#39;s memory (no header).
Definition: vec.h:380
#define TLS_RX_OFFSET(x)
Definition: tls_picotls.h:11
void session_free(session_t *s)
Definition: session.c:210
static clib_error_t * tls_picotls_init(vlib_main_t *vm)
Definition: tls_picotls.c:566
int tls_add_vpp_q_tx_evt(session_t *s)
Definition: tls.c:70
transport_connection_t connection
Definition: tls.h:62
ptls_context_t * ptls_ctx
Definition: tls_picotls.h:41
int load_bio_certificate_chain(ptls_context_t *ctx, const char *cert_data)
Definition: certs.c:178
tls_ctx_t * picotls_ctx_get(u32 ctx_index)
Definition: tls_picotls.c:61
#define TLS_RX_IS_LEFT(x)
Definition: tls_picotls.h:12
#define pool_put_index(p, i)
Free pool element with given index.
Definition: pool.h:330
static int picotls_app_close(tls_ctx_t *ctx)
Definition: tls_picotls.c:209
static void * clib_mem_alloc(uword size)
Definition: mem.h:253
static int picotls_stop_listen(tls_ctx_t *lctx)
Definition: tls_picotls.c:165
static int picotls_start_listen(tls_ctx_t *lctx)
Definition: tls_picotls.c:110
static int picotls_do_handshake(picotls_ctx_t *ptls_ctx, session_t *tls_session, u8 *input, int input_len)
Definition: tls_picotls.c:223
u32 svm_fifo_max_read_chunk(svm_fifo_t *f)
Max contiguous chunk of data that can be read.
Definition: svm_fifo.c:511
ptls_buffer_t write_buffer
Definition: tls_picotls.h:32
u8 app_closed
Definition: tls.h:79
volatile u8 session_state
State in session layer state machine.
void session_transport_closed_notify(transport_connection_t *tc)
Notification from transport that it is closed.
Definition: session.c:1063
static int picotls_ctx_init_server(tls_ctx_t *ctx)
Definition: tls_picotls.c:521
#define TLS_WRITE_OFFSET(x)
Definition: tls_picotls.h:19
int tls_notify_app_accept(tls_ctx_t *ctx)
Definition: tls.c:181
void tls_notify_app_enqueue(tls_ctx_t *ctx, session_t *app_session)
Definition: tls.c:172
static vlib_thread_main_t * vlib_get_thread_main()
Definition: global_funcs.h:32
#define TLS_READ_OFFSET(x)
Definition: tls_picotls.h:15
u32 svm_fifo_max_write_chunk(svm_fifo_t *f)
Max contiguous chunk of data that can be written.
Definition: svm_fifo.c:531
static u32 picotls_ctx_alloc(void)
Definition: tls_picotls.c:13
uint8_t * write_content
Definition: tls_picotls.h:33
int svm_fifo_dequeue_drop(svm_fifo_t *f, u32 len)
Dequeue and drop bytes from fifo.
Definition: svm_fifo.c:1151
struct _svm_fifo svm_fifo_t
ptls_buffer_t read_buffer
Definition: tls_picotls.h:31
#define VLIB_INITS(...)
Definition: init.h:357
#define TLS_DBG(_lvl, _fmt, _args...)
Definition: tls.h:36
int load_bio_private_key(ptls_context_t *ctx, const char *pk_data)
Definition: certs.c:192
#define TLS_READ_IS_LEFT(x)
Definition: tls_picotls.h:16