/*
- * Copyright (c) 2018 Cisco and/or its affiliates.
+ * Copyright (c) 2018-2019 Cisco and/or its affiliates.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at:
* limitations under the License.
*/
-
#include <vnet/session/application_interface.h>
+#include <vnet/session/application.h>
+#include <vnet/session/session.h>
#include <vppinfra/lock.h>
#ifndef SRC_VNET_TLS_TLS_H_
if (_lvl <= TLS_DEBUG) \
clib_warning (_fmt, ##_args)
#else
-#define TLS_DBG(_fmt, _args...)
+#define TLS_DBG(_lvl, _fmt, _args...)
#endif
/* *INDENT-OFF* */
-typedef CLIB_PACKED (struct tls_cxt_id_
+typedef struct tls_cxt_id_
{
- u32 parent_app_index;
- session_handle_t app_session_handle;
+ union {
+ session_handle_t app_session_handle;
+ u32 parent_app_api_ctx;
+ };
session_handle_t tls_session_handle;
+ u32 parent_app_wrk_index;
+ u32 ssl_ctx;
u32 listener_ctx_index;
u8 tcp_is_ip4;
-}) tls_ctx_id_t;
+ u8 tls_engine_id;
+} tls_ctx_id_t;
/* *INDENT-ON* */
-STATIC_ASSERT (sizeof (tls_ctx_id_t) <= 42, "ctx id must be less than 42");
+STATIC_ASSERT (sizeof (tls_ctx_id_t) <= TRANSPORT_CONN_ID_LEN,
+ "ctx id must be less than TRANSPORT_CONN_ID_LEN");
typedef struct tls_ctx_
{
transport_connection_t connection;
tls_ctx_id_t c_tls_ctx_id;
};
-#define parent_app_index c_tls_ctx_id.parent_app_index
+#define parent_app_wrk_index c_tls_ctx_id.parent_app_wrk_index
#define app_session_handle c_tls_ctx_id.app_session_handle
#define tls_session_handle c_tls_ctx_id.tls_session_handle
#define listener_ctx_index c_tls_ctx_id.listener_ctx_index
#define tcp_is_ip4 c_tls_ctx_id.tcp_is_ip4
-#define tls_ctx_idx c_c_index
+#define tls_ctx_engine c_tls_ctx_id.tls_engine_id
+#define tls_ssl_ctx c_tls_ctx_id.ssl_ctx
+#define tls_ctx_handle c_c_index
/* Temporary storage for session open opaque. Overwritten once
* underlying tcp connection is established */
-#define parent_app_api_context c_s_index
+#define parent_app_api_context c_tls_ctx_id.parent_app_api_ctx
u8 is_passive_close;
+ u8 resume;
+ u8 app_closed;
+ u8 no_app_session;
u8 *srv_hostname;
+ u32 evt_index;
+ u32 ckpair_index;
} tls_ctx_t;
typedef struct tls_main_
tls_ctx_t *listener_ctx_pool;
tls_ctx_t *half_open_ctx_pool;
clib_rwlock_t half_open_rwlock;
+ u8 **rx_bufs;
+ u8 **tx_bufs;
/*
* Config
*/
u8 use_test_cert_in_ca;
char *ca_cert_path;
+ u64 first_seg_size;
+ u32 fifo_size;
} tls_main_t;
typedef struct tls_engine_vft_
tls_ctx_t *(*ctx_get_w_thread) (u32 ctx_index, u8 thread_index);
int (*ctx_init_client) (tls_ctx_t * ctx);
int (*ctx_init_server) (tls_ctx_t * ctx);
- int (*ctx_read) (tls_ctx_t * ctx, u8 * buf, u32 len);
- int (*ctx_write) (tls_ctx_t * ctx, u8 * buf, u32 len);
- int (*ctx_handshake_rx) (tls_ctx_t * ctx);
+ int (*ctx_read) (tls_ctx_t * ctx, session_t * tls_session);
+ int (*ctx_write) (tls_ctx_t * ctx, session_t * app_session,
+ transport_send_params_t * sp);
u8 (*ctx_handshake_is_over) (tls_ctx_t * ctx);
+ int (*ctx_start_listen) (tls_ctx_t * ctx);
+ int (*ctx_stop_listen) (tls_ctx_t * ctx);
+ int (*ctx_transport_close) (tls_ctx_t * ctx);
+ int (*ctx_app_close) (tls_ctx_t * ctx);
} tls_engine_vft_t;
-enum tls_handshake_results_
-{
- HANDSHAKE_NOT_OVER,
- CLIENT_HANDSHAKE_OK,
- CLIENT_HANDSHAKE_FAIL,
- SERVER_HANDSHAKE_OK
-};
-
-typedef enum tls_engine_type_
-{
- TLS_ENGINE_MBEDTLS,
- TLS_ENGINE_OPENSSL,
- TLS_N_ENGINES
-} tls_engine_type_t;
-
tls_main_t *vnet_tls_get_main (void);
void tls_register_engine (const tls_engine_vft_t * vft,
- tls_engine_type_t type);
-int tls_add_vpp_q_evt (svm_fifo_t * f, u8 evt_type);
-
+ crypto_engine_type_t type);
+int tls_add_vpp_q_rx_evt (session_t * s);
+int tls_add_vpp_q_tx_evt (session_t * s);
+int tls_add_vpp_q_builtin_tx_evt (session_t * s);
+int tls_add_vpp_q_builtin_rx_evt (session_t * s);
+int tls_notify_app_accept (tls_ctx_t * ctx);
+int tls_notify_app_connected (tls_ctx_t * ctx, session_error_t err);
+void tls_notify_app_enqueue (tls_ctx_t * ctx, session_t * app_session);
+void tls_disconnect_transport (tls_ctx_t * ctx);
#endif /* SRC_VNET_TLS_TLS_H_ */
+
/*
* fd.io coding-style-patch-verification: ON
*
Code Review / vpp.git / blobdiff