FD.io VPP  v21.06-3-gbb25fbf28
Vector Packet Processing
tls_picotls.c
Go to the documentation of this file.
1 #include <math.h>
2 
3 #include <tlspicotls/certs.h>
6 
8 
9 #define MAX_QUEUE 12000
10 #define PTLS_MAX_PLAINTEXT_RECORD_SIZE 16384
11 
12 static ptls_key_exchange_algorithm_t *default_key_exchange[] = {
13 #ifdef PTLS_OPENSSL_HAVE_X25519
14  &ptls_openssl_x25519,
15 #endif
16 #ifdef PTLS_OPENSSL_HAVE_SECP256R1
17  &ptls_openssl_secp256r1,
18 #endif
19 #ifdef PTLS_OPENSSL_HAVE_SECP384R1
20  &ptls_openssl_secp384r1,
21 #endif
22 #ifdef PTLS_OPENSSL_HAVE_SECP521R1
23  &ptls_openssl_secp521r1
24 #endif
25 };
26 
27 static u32
29 {
30  u8 thread_id = vlib_get_thread_index ();
33 
34  pool_get (pm->ctx_pool[thread_id], ctx);
35  if (!(*ctx))
36  *ctx = clib_mem_alloc (sizeof (picotls_ctx_t));
37 
38  clib_memset (*ctx, 0, sizeof (picotls_ctx_t));
39  (*ctx)->ctx.c_thread_index = thread_id;
40  (*ctx)->ctx.tls_ctx_engine = CRYPTO_ENGINE_PICOTLS;
41  (*ctx)->ctx.app_session_handle = SESSION_INVALID_HANDLE;
42  (*ctx)->ptls_ctx_idx = ctx - pm->ctx_pool[thread_id];
43  return (*ctx)->ptls_ctx_idx;
44 }
45 
46 static void
48 {
49  picotls_ctx_t *ptls_ctx = (picotls_ctx_t *) ctx;
50  vec_free (ptls_ctx->rx_content);
51  vec_free (ptls_ctx->write_content);
52  pool_put_index (picotls_main.ctx_pool[ctx->c_thread_index],
53  ptls_ctx->ptls_ctx_idx);
54 }
55 
56 static u32
58 {
60  picotls_listen_ctx_t *ptls_lctx;
61 
62  pool_get (pm->lctx_pool, ptls_lctx);
63 
64  clib_memset (ptls_lctx, 0, sizeof (picotls_listen_ctx_t));
65  ptls_lctx->ptls_lctx_index = ptls_lctx - pm->lctx_pool;
66  return ptls_lctx->ptls_lctx_index;
67 }
68 
69 static void
71 {
73 }
74 
75 tls_ctx_t *
76 picotls_ctx_get (u32 ctx_index)
77 {
79  ctx =
81  ctx_index);
82  return &(*ctx)->ctx;
83 }
84 
86 picotls_lctx_get (u32 lctx_index)
87 {
88  return pool_elt_at_index (picotls_main.lctx_pool, lctx_index);
89 }
90 
91 static u8
93 {
94  picotls_ctx_t *ptls_ctx = (picotls_ctx_t *) ctx;
95  assert (ptls_ctx->tls);
96  return ptls_handshake_is_complete (ptls_ctx->tls);
97 }
98 
99 static int
101  session_t * tls_session, ptls_buffer_t * buf)
102 {
103  u32 enq_max, enq_now;
104  svm_fifo_t *f;
105  int write, buf_left;
106 
107  if (buf->off <= 0)
108  return 0;
109 
110  f = tls_session->tx_fifo;
111  buf_left = buf->off;
112  enq_max = svm_fifo_max_enqueue_prod (f);
113  if (!enq_max)
114  return 0;
115 
116  enq_now = clib_min (svm_fifo_max_write_chunk (f), enq_max);
117  enq_now = clib_min (enq_now, buf_left);
118  write = svm_fifo_enqueue (f, enq_now, buf->base);
119  buf_left -= write;
120  tls_add_vpp_q_tx_evt (tls_session);
121  return write;
122 }
123 
124 static int
126 {
127  picotls_listen_ctx_t *ptls_lctx;
128  ptls_context_t *ptls_ctx;
129  u32 ptls_lctx_idx;
130  app_cert_key_pair_t *ckpair;
131 
133  if (!ckpair || !ckpair->cert || !ckpair->key)
134  {
135  TLS_DBG (1, "tls cert and/or key not configured %d",
136  lctx->parent_app_wrk_index);
137  return -1;
138  }
139 
140  ptls_lctx_idx = picotls_listen_ctx_alloc ();
141  ptls_lctx = picotls_lctx_get (ptls_lctx_idx);
142  ptls_ctx = malloc (sizeof (ptls_context_t));
143  ptls_lctx->ptls_ctx = ptls_ctx;
144 
145  memset (ptls_ctx, 0, sizeof (ptls_context_t));
146  ptls_ctx->update_open_count = NULL;
147 
148  /*
149  * Process certificate & private key.
150  */
151  load_bio_certificate_chain (ptls_ctx, (char *) ckpair->cert);
152  load_bio_private_key (ptls_ctx, (char *) ckpair->key);
153 
154  /* setup protocol related functions */
155  ptls_ctx->key_exchanges = default_key_exchange;
156  ptls_ctx->random_bytes = ptls_openssl_random_bytes;
157  ptls_ctx->cipher_suites = ptls_vpp_crypto_cipher_suites;
158  ptls_ctx->get_time = &ptls_get_time;
159 
160  lctx->tls_ssl_ctx = ptls_lctx_idx;
161 
162  return 0;
163 }
164 
165 static int
167 {
168  u32 ptls_lctx_index;
169  picotls_listen_ctx_t *ptls_lctx;
170 
171  ptls_lctx_index = lctx->tls_ssl_ctx;
172  ptls_lctx = picotls_lctx_get (ptls_lctx_index);
173 
174  picotls_listen_ctx_free (ptls_lctx);
175 
176  return 0;
177 }
178 
179 static void
181 {
182  session_free (session_get (ctx->c_s_index, ctx->c_thread_index));
183  ctx->no_app_session = 1;
184  ctx->c_s_index = SESSION_INVALID_INDEX;
186 }
187 
188 static void
190 {
192  session_transport_closed_notify (&ctx->connection);
193 }
194 
195 static int
197 {
199  {
201  return 0;
202  }
203  picotls_ctx_t *ptls_ctx = (picotls_ctx_t *) ctx;
204  ptls_free (ptls_ctx->tls);
205  session_transport_closing_notify (&ctx->connection);
206  return 0;
207 }
208 
209 static int
211 {
212  session_t *app_session;
213 
214  app_session = session_get_from_handle (ctx->app_session_handle);
215  if (!svm_fifo_max_dequeue_cons (app_session->tx_fifo))
217  else
218  ctx->app_closed = 1;
219 
220  return 0;
221 }
222 
223 static inline int
224 picotls_do_handshake (picotls_ctx_t * ptls_ctx, session_t * tls_session,
225  u8 * input, int input_len)
226 {
227  ptls_t *tls = ptls_ctx->tls;
228  ptls_buffer_t buf;
229  int rv = PTLS_ERROR_IN_PROGRESS;
230  int write = 0, off;
231 
232  do
233  {
234  off = 0;
235  do
236  {
237  ptls_buffer_init (&buf, "", 0);
238  size_t consumed = input_len - off;
239  rv = ptls_handshake (tls, &buf, input + off, &consumed, NULL);
240  off += consumed;
241  ptls_ctx->rx_offset += consumed;
242  if ((rv == 0 || rv == PTLS_ERROR_IN_PROGRESS) && buf.off != 0)
243  {
244  write = picotls_try_handshake_write (ptls_ctx, tls_session,
245  &buf);
246  }
247  ptls_buffer_dispose (&buf);
248  }
249  while (rv == PTLS_ERROR_IN_PROGRESS && input_len != off);
250  }
251  while (rv == PTLS_ERROR_IN_PROGRESS);
252 
253  return write;
254 }
255 
256 static inline int
258 {
259  picotls_ctx_t *ptls_ctx = (picotls_ctx_t *) ctx;
260  int from_tls_len = 0, off, crypto_len, ret;
261  u32 deq_max, deq_now;
262  u32 enq_max;
263  ptls_buffer_t *buf = &ptls_ctx->read_buffer;
264  svm_fifo_t *tls_rx_fifo, *app_rx_fifo;
265  session_t *app_session;
266 
267  tls_rx_fifo = tls_session->rx_fifo;
268 
270  {
271  deq_max = svm_fifo_max_dequeue_cons (tls_rx_fifo);
272  if (!deq_max)
273  goto done_hs;
274 
275  vec_validate (ptls_ctx->rx_content, deq_max);
276  ptls_ctx->rx_offset = 0;
277  ptls_ctx->rx_len = 0;
278 
279  off = svm_fifo_dequeue (tls_rx_fifo, deq_max, TLS_RX_LEN (ptls_ctx));
280  from_tls_len += off;
281  ptls_ctx->rx_len += off;
282 
283  picotls_do_handshake (ptls_ctx, tls_session, TLS_RX_OFFSET (ptls_ctx),
284  from_tls_len);
286  ret = ptls_is_server (ptls_ctx->tls) ?
288  tls_notify_app_connected (ctx, SESSION_E_NONE);
289 
290  done_hs:
291  if (!TLS_RX_IS_LEFT (ptls_ctx))
292  return 0;
293  }
294 
295  app_session = session_get_from_handle (ctx->app_session_handle);
296  app_rx_fifo = app_session->rx_fifo;
297 
298  if (TLS_READ_IS_LEFT (ptls_ctx))
299  goto enq_buf;
300 
301  ptls_buffer_init (buf, "", 0);
302  ptls_ctx->read_buffer_offset = 0;
303 
304  if (!TLS_RX_IS_LEFT (ptls_ctx))
305  {
306  deq_max = svm_fifo_max_dequeue_cons (tls_rx_fifo);
307  if (!deq_max)
308  goto app_fifo;
309 
310  deq_now = clib_min (deq_max, svm_fifo_max_read_chunk (tls_rx_fifo));
311 
312  if (PREDICT_FALSE (deq_now < deq_max))
313  {
314  off =
315  svm_fifo_dequeue (tls_rx_fifo, deq_max, TLS_RX_LEN (ptls_ctx));
316  from_tls_len += off;
317  ptls_ctx->rx_len += off;
318  }
319  else
320  {
321  ret =
322  ptls_receive (ptls_ctx->tls, buf, svm_fifo_head (tls_rx_fifo),
323  (size_t *) & deq_now);
324  svm_fifo_dequeue_drop (tls_rx_fifo, deq_now);
325  goto enq_buf;
326  }
327  }
328 
329 app_fifo:
330 
331  enq_max = svm_fifo_max_enqueue_prod (app_rx_fifo);
332  if (!enq_max)
333  goto final;
334 
335  crypto_len = clib_min (enq_max, TLS_RX_LEFT_LEN (ptls_ctx));
336  off = 0;
337 
338  do
339  {
340  size_t consumed = crypto_len - off;
341  ret =
342  ptls_receive (ptls_ctx->tls, buf,
343  TLS_RX_OFFSET (ptls_ctx), &consumed);
344  off += consumed;
345  ptls_ctx->rx_offset += off;
346  }
347  while (ret == 0 && off < crypto_len);
348 
349 enq_buf:
350 
351  off =
352  svm_fifo_enqueue (app_rx_fifo, TLS_READ_LEFT_LEN (ptls_ctx),
353  TLS_READ_OFFSET (ptls_ctx));
354  if (off < 0)
355  {
356  tls_add_vpp_q_builtin_rx_evt (tls_session);
357  return 0;
358  }
359 
360  ptls_ctx->read_buffer_offset += off;
361  if (!TLS_RX_IS_LEFT (ptls_ctx))
362  {
363  ptls_ctx->rx_len = 0;
364  ptls_ctx->rx_offset = 0;
365  }
366 
367 final:
368  ptls_buffer_dispose (buf);
369 
370  if (app_session->session_state >= SESSION_STATE_READY)
371  tls_notify_app_enqueue (ctx, app_session);
372 
373  if (TLS_RX_IS_LEFT (ptls_ctx) || TLS_READ_IS_LEFT (ptls_ctx)
374  || svm_fifo_max_dequeue (tls_rx_fifo))
375  tls_add_vpp_q_builtin_rx_evt (tls_session);
376 
377  return from_tls_len;
378 }
379 
380 static inline int
382  svm_fifo_t * dst_fifo, int content_len,
383  int total_record_overhead, int is_no_copy)
384 {
385  ptls_buffer_t *buf = &ptls_ctx->write_buffer;
386  int total_length = content_len + total_record_overhead;
387  int to_dst_len;
388  if (is_no_copy)
389  {
390  ptls_buffer_init (buf, svm_fifo_tail (dst_fifo), total_length);
391  ptls_send (ptls_ctx->tls, buf, svm_fifo_head (src_fifo), content_len);
392 
393  assert (!buf->is_allocated);
394  assert (buf->base == svm_fifo_tail (dst_fifo));
395 
396  svm_fifo_dequeue_drop (src_fifo, content_len);
397  svm_fifo_enqueue_nocopy (dst_fifo, buf->off);
398  to_dst_len = buf->off;
399  }
400  else
401  {
402  assert (!TLS_WRITE_IS_LEFT (ptls_ctx));
403  vec_validate (ptls_ctx->write_content, total_length);
404  ptls_buffer_init (buf, ptls_ctx->write_content, total_length);
405 
406  ptls_send (ptls_ctx->tls, buf, svm_fifo_head (src_fifo), content_len);
407  svm_fifo_dequeue_drop (src_fifo, content_len);
408 
409  to_dst_len = svm_fifo_enqueue (dst_fifo, buf->off, buf->base);
410  }
411  ptls_ctx->write_buffer_offset += to_dst_len;
412  return to_dst_len;
413 }
414 
415 static inline int
418 {
419  picotls_ctx_t *ptls_ctx = (picotls_ctx_t *) ctx;
420  u32 deq_max, deq_now;
421  u32 enq_max, enq_now;
422  int from_app_len = 0, to_tls_len = 0, is_nocopy = 0;
423  svm_fifo_t *tls_tx_fifo, *app_tx_fifo;
424  session_t *tls_session;
425 
426  int record_overhead = ptls_get_record_overhead (ptls_ctx->tls);
427  int num_records, total_overhead;
428 
429  tls_session = session_get_from_handle (ctx->tls_session_handle);
430  tls_tx_fifo = tls_session->tx_fifo;
431  app_tx_fifo = app_session->tx_fifo;
432 
433  if (PREDICT_FALSE (TLS_WRITE_IS_LEFT (ptls_ctx)))
434  {
435  enq_max = svm_fifo_max_enqueue_prod (tls_tx_fifo);
436  int to_write = clib_min (enq_max,
437  ptls_ctx->write_buffer.off -
438  ptls_ctx->write_buffer_offset);
439  to_tls_len =
440  svm_fifo_enqueue (tls_tx_fifo, to_write, TLS_WRITE_OFFSET (ptls_ctx));
441  if (to_tls_len < 0)
442  {
443  app_session->flags |= SESSION_F_CUSTOM_TX;
444  return 0;
445  }
446  ptls_ctx->write_buffer_offset += to_tls_len;
447 
448  if (TLS_WRITE_IS_LEFT (ptls_ctx))
449  {
450  app_session->flags |= SESSION_F_CUSTOM_TX;
451  return to_tls_len;
452  }
453  else
454  {
455  ptls_buffer_init (&ptls_ctx->write_buffer, "", 0);
456  ptls_ctx->write_buffer_offset = 0;
457  }
458 
459  }
460 
461  deq_max = svm_fifo_max_dequeue_cons (app_tx_fifo);
462  if (!deq_max)
463  return deq_max;
464 
465  deq_now = clib_min (deq_max, sp->max_burst_size);
466  deq_now = clib_min (deq_now, svm_fifo_max_read_chunk (app_tx_fifo));
467 
468  enq_max = svm_fifo_max_enqueue_prod (tls_tx_fifo);
469  /** There is no engough enqueue space for one record **/
470  if (enq_max <= record_overhead)
471  {
472  app_session->flags |= SESSION_F_CUSTOM_TX;
473  return 0;
474  }
475 
476  enq_now = clib_min (enq_max, svm_fifo_max_write_chunk (tls_tx_fifo));
477 
478  /** Allowed to execute no-copy crypto operation **/
479  if (enq_now > record_overhead)
480  {
481  is_nocopy = 1;
482  from_app_len = clib_min (deq_now, enq_now);
483  num_records =
484  ceil ((f64) from_app_len / PTLS_MAX_PLAINTEXT_RECORD_SIZE);
485  total_overhead = num_records * record_overhead;
486  if (from_app_len + total_overhead > enq_now)
487  from_app_len = enq_now - total_overhead;
488  }
489  else
490  {
491  from_app_len = clib_min (deq_now, enq_max);
492  num_records =
493  ceil ((f64) from_app_len / PTLS_MAX_PLAINTEXT_RECORD_SIZE);
494  total_overhead = num_records * record_overhead;
495  if (from_app_len + total_overhead > enq_max)
496  from_app_len = enq_max - total_overhead;
497  }
498 
499  to_tls_len =
500  picotls_content_process (ptls_ctx, app_tx_fifo, tls_tx_fifo,
501  from_app_len, total_overhead, is_nocopy);
502  if (!TLS_WRITE_IS_LEFT (ptls_ctx))
503  {
504  ptls_ctx->write_buffer_offset = 0;
505  ptls_buffer_init (&ptls_ctx->write_buffer, "", 0);
506  }
507 
508  if (svm_fifo_needs_deq_ntf (app_tx_fifo, from_app_len))
509  session_dequeue_notify (app_session);
510 
511  if (to_tls_len)
512  tls_add_vpp_q_tx_evt (tls_session);
513 
514  if (from_app_len < deq_max || TLS_WRITE_IS_LEFT (ptls_ctx))
515  app_session->flags |= SESSION_F_CUSTOM_TX;
516 
517  if (ctx->app_closed)
519 
520  return to_tls_len;
521 }
522 
523 static int
525 {
526  picotls_ctx_t *ptls_ctx = (picotls_ctx_t *) ctx;
527  u32 ptls_lctx_idx = ctx->tls_ssl_ctx;
528  picotls_listen_ctx_t *ptls_lctx;
529 
530  ptls_lctx = picotls_lctx_get (ptls_lctx_idx);
531  ptls_ctx->tls = ptls_new (ptls_lctx->ptls_ctx, 1);
532  if (ptls_ctx->tls == NULL)
533  {
534  TLS_DBG (1, "Failed to initialize ptls_ssl structure");
535  return -1;
536  }
537 
538  ptls_ctx->rx_len = 0;
539  ptls_ctx->rx_offset = 0;
540 
541  ptls_ctx->write_buffer_offset = 0;
542  return 0;
543 }
544 
545 static int
547 {
548  picotls_ctx_t *ptls_ctx = (picotls_ctx_t *) ctx;
550  ptls_context_t *client_ptls_ctx = pm->client_ptls_ctx;
551  ptls_handshake_properties_t hsprop = { { { { NULL } } } };
552 
553  session_t *tls_session = session_get_from_handle (ctx->tls_session_handle);
554  ptls_buffer_t hs_buf;
555 
556  ptls_ctx->tls = ptls_new (client_ptls_ctx, 0);
557  if (ptls_ctx->tls == NULL)
558  {
559  TLS_DBG (1, "Failed to initialize ptls_ssl structure");
560  return -1;
561  }
562 
563  ptls_ctx->rx_len = 0;
564  ptls_ctx->rx_offset = 0;
565  ptls_ctx->write_buffer_offset = 0;
566 
567  ptls_buffer_init (&hs_buf, "", 0);
568  if (ptls_handshake (ptls_ctx->tls, &hs_buf, NULL, NULL, &hsprop) !=
569  PTLS_ERROR_IN_PROGRESS)
570  {
571  TLS_DBG (1, "Failed to initialize tls connection");
572  }
573 
574  picotls_try_handshake_write (ptls_ctx, tls_session, &hs_buf);
575 
576  ptls_buffer_dispose (&hs_buf);
577 
578  return 0;
579 }
580 
581 tls_ctx_t *
583 {
584  picotls_ctx_t **ctx;
586  return &(*ctx)->ctx;
587 }
588 
589 int
590 picotls_init_client_ptls_ctx (ptls_context_t **client_ptls_ctx)
591 {
592  *client_ptls_ctx = clib_mem_alloc (sizeof (ptls_context_t));
593  memset (*client_ptls_ctx, 0, sizeof (ptls_context_t));
594 
595  (*client_ptls_ctx)->update_open_count = NULL;
596  (*client_ptls_ctx)->key_exchanges = default_key_exchange;
597  (*client_ptls_ctx)->random_bytes = ptls_openssl_random_bytes;
598  (*client_ptls_ctx)->cipher_suites = ptls_vpp_crypto_cipher_suites;
599  (*client_ptls_ctx)->get_time = &ptls_get_time;
600 
601  return 0;
602 }
603 
606  .ctx_free = picotls_ctx_free,
607  .ctx_get = picotls_ctx_get,
608  .ctx_get_w_thread = picotls_ctx_get_w_thread,
609  .ctx_handshake_is_over = picotls_handshake_is_over,
610  .ctx_start_listen = picotls_start_listen,
611  .ctx_stop_listen = picotls_stop_listen,
612  .ctx_init_server = picotls_ctx_init_server,
613  .ctx_init_client = picotls_ctx_init_client,
614  .ctx_read = picotls_ctx_read,
615  .ctx_write = picotls_ctx_write,
616  .ctx_transport_close = picotls_transport_close,
617  .ctx_app_close = picotls_app_close,
618 };
619 
620 static clib_error_t *
622 {
625  clib_error_t *error = 0;
626  u32 num_threads;
627 
628  num_threads = 1 + vtm->n_threads;
629 
630  vec_validate (pm->ctx_pool, num_threads - 1);
631 
633 
635 
637 
638  return error;
639 }
640 
641 /* *INDENT-OFF* */
643  .runs_after = VLIB_INITS ("tls_init"),
644 };
645 /* *INDENT-ON* */
646 
647 /* *INDENT-OFF* */
649  .version = VPP_BUILD_VER,
650  .description = "Transport Layer Security (TLS) Engine, Picotls Based",
651 };
652 /* *INDENT-ON* */
653 
654 /*
655  * fd.io coding-style-patch-verification: ON
656  *
657  * Local Variables:
658  * eval: (c-set-style "gnu")
659  * End:
660  */
picotls_init_client_ptls_ctx
int picotls_init_client_ptls_ctx(ptls_context_t **client_ptls_ctx)
Definition: tls_picotls.c:590
CRYPTO_ENGINE_PICOTLS
@ CRYPTO_ENGINE_PICOTLS
Definition: application_interface.h:180
picotls_try_handshake_write
static int picotls_try_handshake_write(picotls_ctx_t *ptls_ctx, session_t *tls_session, ptls_buffer_t *buf)
Definition: tls_picotls.c:100
thread_index
u32 thread_index
Definition: nat44_ei_hairpinning.c:492
certificate_
Definition: application_interface.h:24
assert
#define assert(x)
Definition: dlmalloc.c:31
tls_ctx_picotls_::read_buffer_offset
int read_buffer_offset
Definition: tls_picotls.h:34
session_dequeue_notify
int session_dequeue_notify(session_t *s)
Definition: session.c:816
picotls_listen_ctx_free
static void picotls_listen_ctx_free(picotls_listen_ctx_t *lctx)
Definition: tls_picotls.c:70
tls_notify_app_connected
int tls_notify_app_connected(tls_ctx_t *ctx, session_error_t err)
Definition: tls.c:212
tls_ctx_picotls_::rx_content
u8 * rx_content
Definition: tls_picotls.h:28
tls_picotls.h
tls_listen_ctx_picotls_::ptls_ctx
ptls_context_t * ptls_ctx
Definition: tls_picotls.h:41
picotls_ctx_init_server
static int picotls_ctx_init_server(tls_ctx_t *ctx)
Definition: tls_picotls.c:524
session_transport_closing_notify
void session_transport_closing_notify(transport_connection_t *tc)
Notification from transport that connection is being closed.
Definition: session.c:1062
f
vlib_frame_t * f
Definition: interface_output.c:1080
pool_elt_at_index
#define pool_elt_at_index(p, i)
Returns pointer to element at given index.
Definition: pool.h:553
TLS_WRITE_OFFSET
#define TLS_WRITE_OFFSET(x)
Definition: tls_picotls.h:19
session_::tx_fifo
svm_fifo_t * tx_fifo
Definition: session_types.h:179
picotls_app_close
static int picotls_app_close(tls_ctx_t *ctx)
Definition: tls_picotls.c:210
svm_fifo_needs_deq_ntf
static u8 svm_fifo_needs_deq_ntf(svm_fifo_t *f, u32 n_last_deq)
Check if fifo needs dequeue notification.
Definition: svm_fifo.h:882
load_bio_certificate_chain
int load_bio_certificate_chain(ptls_context_t *ctx, const char *cert_data)
Definition: certs.c:178
session_
Definition: session_types.h:175
TLS_RX_LEFT_LEN
#define TLS_RX_LEFT_LEN(x)
Definition: tls_picotls.h:13
svm_fifo_max_read_chunk
u32 svm_fifo_max_read_chunk(svm_fifo_t *f)
Max contiguous chunk of data that can be read.
Definition: svm_fifo.c:514
tls_ctx_picotls_::write_buffer_offset
int write_buffer_offset
Definition: tls_picotls.h:35
tls_notify_app_accept
int tls_notify_app_accept(tls_ctx_t *ctx)
Definition: tls.c:182
tls_notify_app_enqueue
void tls_notify_app_enqueue(tls_ctx_t *ctx, session_t *app_session)
Definition: tls.c:173
SESSION_INVALID_INDEX
#define SESSION_INVALID_INDEX
Definition: session_types.h:22
TLS_READ_IS_LEFT
#define TLS_READ_IS_LEFT(x)
Definition: tls_picotls.h:16
picotls_main_::client_ptls_ctx
ptls_context_t * client_ptls_ctx
Definition: tls_picotls.h:48
vm
vlib_main_t * vm
X-connect all packets from the HOST to the PHY.
Definition: nat44_ei.c:3047
tls_engine_vft_
Definition: tls.h:108
certificate_::key
u8 * key
Definition: application_interface.h:28
session_transport_closed_notify
void session_transport_closed_notify(transport_connection_t *tc)
Notification from transport that it is closed.
Definition: session.c:1150
picotls_handshake_is_over
static u8 picotls_handshake_is_over(tls_ctx_t *ctx)
Definition: tls_picotls.c:92
load_bio_private_key
int load_bio_private_key(ptls_context_t *ctx, const char *pk_data)
Definition: certs.c:192
picotls_content_process
static int picotls_content_process(picotls_ctx_t *ptls_ctx, svm_fifo_t *src_fifo, svm_fifo_t *dst_fifo, int content_len, int total_record_overhead, int is_no_copy)
Definition: tls_picotls.c:381
session_free
void session_free(session_t *s)
Definition: session.c:227
pool_put_index
#define pool_put_index(p, i)
Free pool element with given index.
Definition: pool.h:337
picotls_main
picotls_main_t picotls_main
Definition: tls_picotls.c:7
error
Definition: cJSON.c:88
picotls_ctx_get_w_thread
tls_ctx_t * picotls_ctx_get_w_thread(u32 ctx_index, u8 thread_index)
Definition: tls_picotls.c:582
ptls_vpp_crypto_cipher_suites
ptls_cipher_suite_t * ptls_vpp_crypto_cipher_suites[]
Definition: pico_vpp_crypto.c:349
tls_disconnect_transport
void tls_disconnect_transport(tls_ctx_t *ctx)
Definition: tls.c:30
tls_ctx_picotls_::tls
ptls_t * tls
Definition: tls_picotls.h:27
tls_ctx_picotls_::read_buffer
ptls_buffer_t read_buffer
Definition: tls_picotls.h:31
svm_fifo_t
struct _svm_fifo svm_fifo_t
TLS_DBG
#define TLS_DBG(_lvl, _fmt, _args...)
Definition: tls.h:36
session_::rx_fifo
svm_fifo_t * rx_fifo
Pointers to rx/tx buffers.
Definition: session_types.h:178
math.h
tls_add_vpp_q_builtin_rx_evt
int tls_add_vpp_q_builtin_rx_evt(session_t *s)
Definition: tls.c:62
tls_ctx_
Definition: tls.h:59
picotls_ctx_get
tls_ctx_t * picotls_ctx_get(u32 ctx_index)
Definition: tls_picotls.c:76
svm_fifo_dequeue
int svm_fifo_dequeue(svm_fifo_t *f, u32 len, u8 *dst)
Dequeue data from fifo.
Definition: svm_fifo.c:1105
svm_fifo_enqueue_nocopy
void svm_fifo_enqueue_nocopy(svm_fifo_t *f, u32 len)
Advance tail.
Definition: svm_fifo.c:946
picotls_main_::crypto_keys_rw_lock
clib_rwlock_t crypto_keys_rw_lock
Definition: tls_picotls.h:49
PREDICT_FALSE
#define PREDICT_FALSE(x)
Definition: clib.h:124
picotls_transport_close
static int picotls_transport_close(tls_ctx_t *ctx)
Definition: tls_picotls.c:196
vlib_get_thread_index
static_always_inline uword vlib_get_thread_index(void)
Definition: threads.h:208
TLS_RX_IS_LEFT
#define TLS_RX_IS_LEFT(x)
Definition: tls_picotls.h:12
TLS_RX_OFFSET
#define TLS_RX_OFFSET(x)
Definition: tls_picotls.h:11
picotls_lctx_get
picotls_listen_ctx_t * picotls_lctx_get(u32 lctx_index)
Definition: tls_picotls.c:86
svm_fifo_dequeue_drop
int svm_fifo_dequeue_drop(svm_fifo_t *f, u32 len)
Dequeue and drop bytes from fifo.
Definition: svm_fifo.c:1168
f64
double f64
Definition: types.h:142
tls_ctx_picotls_
Definition: tls_picotls.h:23
svm_fifo_enqueue
int svm_fifo_enqueue(svm_fifo_t *f, u32 len, const u8 *src)
Enqueue data to fifo.
Definition: svm_fifo.c:847
svm_fifo_max_write_chunk
u32 svm_fifo_max_write_chunk(svm_fifo_t *f)
Max contiguous chunk of data that can be written.
Definition: svm_fifo.c:534
pool_get
#define pool_get(P, E)
Allocate an object E from a pool P (unspecified alignment).
Definition: pool.h:255
session_get_from_handle
static session_t * session_get_from_handle(session_handle_t handle)
Definition: session.h:356
vec_validate
#define vec_validate(V, I)
Make sure vector is long enough for given index (no header, unspecified alignment)
Definition: vec.h:523
certs.h
picotls_ctx_alloc
static u32 picotls_ctx_alloc(void)
Definition: tls_picotls.c:28
picotls_listen_ctx_alloc
static u32 picotls_listen_ctx_alloc(void)
Definition: tls_picotls.c:57
clib_min
#define clib_min(x, y)
Definition: clib.h:342
session_get
static session_t * session_get(u32 si, u32 thread_index)
Definition: session.h:336
clib_rwlock_init
static void clib_rwlock_init(clib_rwlock_t *p)
Definition: lock.h:152
picotls_ctx_init_client
static int picotls_ctx_init_client(tls_ctx_t *ctx)
Definition: tls_picotls.c:546
tls_picotls_init
static clib_error_t * tls_picotls_init(vlib_main_t *vm)
Definition: tls_picotls.c:621
picotls_start_listen
static int picotls_start_listen(tls_ctx_t *lctx)
Definition: tls_picotls.c:125
transport_send_params_
Definition: transport.h:45
default_key_exchange
static ptls_key_exchange_algorithm_t * default_key_exchange[]
Definition: tls_picotls.c:12
picotls_ctx_write
static int picotls_ctx_write(tls_ctx_t *ctx, session_t *app_session, transport_send_params_t *sp)
Definition: tls_picotls.c:416
vec_free
#define vec_free(V)
Free vector's memory (no header).
Definition: vec.h:395
picotls_handle_handshake_failure
static void picotls_handle_handshake_failure(tls_ctx_t *ctx)
Definition: tls_picotls.c:180
tls_listen_ctx_picotls_::ptls_lctx_index
u32 ptls_lctx_index
Definition: tls_picotls.h:40
svm_fifo_tail
static u8 * svm_fifo_tail(svm_fifo_t *f)
Fifo tail pointer getter.
Definition: svm_fifo.h:690
svm_fifo_max_enqueue_prod
static u32 svm_fifo_max_enqueue_prod(svm_fifo_t *f)
Maximum number of bytes that can be enqueued into fifo.
Definition: svm_fifo.h:607
tls_ctx_picotls_::rx_len
int rx_len
Definition: tls_picotls.h:30
off
u32 off
Definition: interface_output.c:1078
vlib_thread_main_t::n_threads
u32 n_threads
Definition: threads.h:292
TLS_READ_OFFSET
#define TLS_READ_OFFSET(x)
Definition: tls_picotls.h:15
buf
u64 buf
Definition: application.c:493
tls_ctx_::ckpair_index
u32 ckpair_index
Definition: tls.h:86
u32
unsigned int u32
Definition: types.h:88
VLIB_INIT_FUNCTION
#define VLIB_INIT_FUNCTION(x)
Definition: init.h:172
vlib_thread_main_t
Definition: threads.h:264
ctx
long ctx[MAX_CONNS]
Definition: main.c:144
tls_listen_ctx_picotls_
Definition: tls_picotls.h:38
picotls_do_handshake
static int picotls_do_handshake(picotls_ctx_t *ptls_ctx, session_t *tls_session, u8 *input, int input_len)
Definition: tls_picotls.c:224
tls_ctx_picotls_::rx_offset
int rx_offset
Definition: tls_picotls.h:29
SESSION_INVALID_HANDLE
#define SESSION_INVALID_HANDLE
Definition: session_types.h:23
tls_add_vpp_q_tx_evt
int tls_add_vpp_q_tx_evt(session_t *s)
Definition: tls.c:70
TLS_READ_LEFT_LEN
#define TLS_READ_LEFT_LEN(x)
Definition: tls_picotls.h:17
TLS_WRITE_IS_LEFT
#define TLS_WRITE_IS_LEFT(x)
Definition: tls_picotls.h:20
picotls_main_::ctx_pool
picotls_ctx_t *** ctx_pool
Definition: tls_picotls.h:46
tls_ctx_picotls_::write_buffer
ptls_buffer_t write_buffer
Definition: tls_picotls.h:32
clib_memset
clib_memset(h->entries, 0, sizeof(h->entries[0]) *entries)
vlib_main_t
Definition: main.h:102
TLS_RX_LEN
#define TLS_RX_LEN(x)
Definition: tls_picotls.h:10
tls_ctx_picotls_::write_content
uint8_t * write_content
Definition: tls_picotls.h:33
VLIB_INITS
#define VLIB_INITS(...)
Definition: init.h:352
transport_send_params_::max_burst_size
u32 max_burst_size
Definition: transport.h:59
picotls_main_::lctx_pool
picotls_listen_ctx_t * lctx_pool
Definition: tls_picotls.h:47
u8
unsigned char u8
Definition: types.h:56
clib_error_t
Definition: clib_error.h:21
vlib_init_function_t
clib_error_t *() vlib_init_function_t(struct vlib_main_t *vm)
Definition: init.h:51
tls_engine_vft_::ctx_alloc
u32(* ctx_alloc)(void)
Definition: tls.h:110
malloc
void * malloc(size_t size)
Definition: mem.c:33
svm_fifo_head
static u8 * svm_fifo_head(svm_fifo_t *f)
Fifo head pointer getter.
Definition: svm_fifo.h:661
app_cert_key_pair_get_if_valid
app_cert_key_pair_t * app_cert_key_pair_get_if_valid(u32 index)
Definition: application.c:1996
session_::flags
u32 flags
Session flags.
Definition: session_types.h:197
pico_vpp_crypto.h
rv
int __clib_unused rv
Definition: application.c:491
picotls_stop_listen
static int picotls_stop_listen(tls_ctx_t *lctx)
Definition: tls_picotls.c:166
picotls_engine
const static tls_engine_vft_t picotls_engine
Definition: tls_picotls.c:604
certificate_::cert
u8 * cert
Definition: application_interface.h:29
picotls_ctx_read
static int picotls_ctx_read(tls_ctx_t *ctx, session_t *tls_session)
Definition: tls_picotls.c:257
VLIB_PLUGIN_REGISTER
VLIB_PLUGIN_REGISTER()
tls_register_engine
void tls_register_engine(const tls_engine_vft_t *vft, crypto_engine_type_t type)
Definition: tls.c:1294
picotls_main_
Definition: tls_picotls.h:44
vlib_get_thread_main
static vlib_thread_main_t * vlib_get_thread_main()
Definition: global_funcs.h:56
svm_fifo_max_dequeue_cons
static u32 svm_fifo_max_dequeue_cons(svm_fifo_t *f)
Fifo max bytes to dequeue optimized for consumer.
Definition: svm_fifo.h:487
session_::session_state
volatile u8 session_state
State in session layer state machine.
Definition: session_types.h:185
picotls_ctx_free
static void picotls_ctx_free(tls_ctx_t *ctx)
Definition: tls_picotls.c:47
clib_mem_alloc
static void * clib_mem_alloc(uword size)
Definition: mem.h:253
tls_ctx_picotls_::ptls_ctx_idx
u32 ptls_ctx_idx
Definition: tls_picotls.h:26
picotls_confirm_app_close
static void picotls_confirm_app_close(tls_ctx_t *ctx)
Definition: tls_picotls.c:189
svm_fifo_max_dequeue
static u32 svm_fifo_max_dequeue(svm_fifo_t *f)
Fifo max bytes to dequeue.
Definition: svm_fifo.h:516
PTLS_MAX_PLAINTEXT_RECORD_SIZE
#define PTLS_MAX_PLAINTEXT_RECORD_SIZE
Definition: tls_picotls.c:10