" tx-results-diff Tx results different to pass test\n"
" json Output global stats in json\n"
" log=N Set the log level to [0: no output, 1:errors, 2:log]\n"
+ " crypto [engine] Set the crypto engine [openssl, vpp, picotls, mbedtls]\n"
"\n"
" nclients N Open N clients sending data\n"
" nthreads N Use N busy loop threads for data [in addition to main & msg queue]\n"
}
else if (unformat (a, "nthreads %d", &em->n_rx_threads))
;
- else
- if (unformat
- (a, "crypto %U", echo_unformat_crypto_engine,
- &em->crypto_ctx_engine))
- ;
+ else if (unformat (a, "crypto %U", echo_unformat_crypto_engine, &tmp))
+ em->crypto_engine = tmp;
else if (unformat (a, "appns %_%v%_", &em->appns_id))
;
else if (unformat (a, "all-scope"))
em->tx_buf_size = 1 << 20;
em->data_source = ECHO_INVALID_DATA_SOURCE;
em->uri = format (0, "%s%c", "tcp://0.0.0.0/1234", 0);
- em->crypto_ctx_engine = CRYPTO_ENGINE_NONE;
+ em->crypto_engine = CRYPTO_ENGINE_NONE;
echo_set_each_proto_defaults_before_opts (em);
echo_process_opts (argc, argv);
echo_process_uri (em);
goto exit_on_error;
}
- if (em->crypto_ctx_engine == CRYPTO_ENGINE_NONE)
- /* when no crypto engine specified, dont expect crypto ctx */
+ if (em->uri_elts.transport_proto != TRANSPORT_PROTO_QUIC
+ && em->uri_elts.transport_proto != TRANSPORT_PROTO_TLS)
em->state = STATE_ATTACHED;
else
{
ECHO_LOG (1, "Adding crypto context %U", echo_format_crypto_engine,
- em->crypto_ctx_engine);
- echo_send_add_crypto_ctx (em);
+ em->crypto_engine);
+ echo_send_add_cert_key (em);
if (wait_for_state_change (em, STATE_ATTACHED, TIMEOUT))
{
ECHO_FAIL (ECHO_FAIL_APP_ATTACH,
clients_run (em);
echo_notify_event (em, ECHO_EVT_EXIT);
echo_free_sessions (em);
+ echo_send_del_cert_key (em);
+ if (wait_for_state_change (em, STATE_CLEANED_CERT_KEY, TIMEOUT))
+ {
+ ECHO_FAIL (ECHO_FAIL_DEL_CERT_KEY, "Couldn't cleanup cert and key");
+ goto exit_on_error;
+ }
+
echo_send_detach (em);
if (wait_for_state_change (em, STATE_DETACHED, TIMEOUT))
{
}
void
-echo_send_add_crypto_ctx (echo_main_t * em)
+echo_send_add_cert_key (echo_main_t * em)
{
- vl_api_application_tls_cert_add_t *cert_mp;
- vl_api_application_tls_key_add_t *key_mp;
-
- cert_mp = vl_msg_api_alloc (sizeof (*cert_mp) + test_srv_crt_rsa_len);
- clib_memset (cert_mp, 0, sizeof (*cert_mp));
- cert_mp->_vl_msg_id = ntohs (VL_API_APPLICATION_TLS_CERT_ADD);
- cert_mp->client_index = em->my_client_index;
- cert_mp->context = ntohl (0xfeedface);
- cert_mp->cert_len = clib_host_to_net_u16 (test_srv_crt_rsa_len);
- clib_memcpy_fast (cert_mp->cert, test_srv_crt_rsa, test_srv_crt_rsa_len);
- vl_msg_api_send_shmem (em->vl_input_queue, (u8 *) & cert_mp);
-
- key_mp = vl_msg_api_alloc (sizeof (*key_mp) + test_srv_key_rsa_len);
- clib_memset (key_mp, 0, sizeof (*key_mp) + test_srv_key_rsa_len);
- key_mp->_vl_msg_id = ntohs (VL_API_APPLICATION_TLS_KEY_ADD);
- key_mp->client_index = em->my_client_index;
- key_mp->context = ntohl (0xfeedface);
- key_mp->key_len = clib_host_to_net_u16 (test_srv_key_rsa_len);
- clib_memcpy_fast (key_mp->key, test_srv_key_rsa, test_srv_key_rsa_len);
- vl_msg_api_send_shmem (em->vl_input_queue, (u8 *) & key_mp);
+ u32 cert_len = test_srv_crt_rsa_len;
+ u32 key_len = test_srv_key_rsa_len;
+ vl_api_app_add_cert_key_pair_t *bmp;
+
+ bmp = vl_msg_api_alloc (sizeof (*bmp) + cert_len + key_len);
+ clib_memset (bmp, 0, sizeof (*bmp) + cert_len + key_len);
+
+ bmp->_vl_msg_id = ntohs (VL_API_APP_ADD_CERT_KEY_PAIR);
+ bmp->client_index = em->my_client_index;
+ bmp->context = ntohl (0xfeedface);
+ bmp->cert_len = clib_host_to_net_u16 (cert_len);
+ bmp->certkey_len = clib_host_to_net_u16 (key_len + cert_len);
+ clib_memcpy_fast (bmp->certkey, test_srv_crt_rsa, cert_len);
+ clib_memcpy_fast (bmp->certkey + cert_len, test_srv_key_rsa, key_len);
+
+ vl_msg_api_send_shmem (em->vl_input_queue, (u8 *) & bmp);
+}
+
+void
+echo_send_del_cert_key (echo_main_t * em)
+{
+ vl_api_app_del_cert_key_pair_t *bmp;
+ bmp = vl_msg_api_alloc (sizeof (*bmp));
+ clib_memset (bmp, 0, sizeof (*bmp));
+
+ bmp->_vl_msg_id = ntohs (VL_API_APP_DEL_CERT_KEY_PAIR);
+ bmp->client_index = em->my_client_index;
+ bmp->context = ntohl (0xfeedface);
+ bmp->index = clib_host_to_net_u32 (em->ckpair_index);
+ vl_msg_api_send_shmem (em->vl_input_queue, (u8 *) & bmp);
}
void
clib_memcpy_fast (&mp->ip, &em->uri_elts.ip, sizeof (mp->ip));
mp->port = em->uri_elts.port;
mp->proto = em->uri_elts.transport_proto;
+ mp->ckpair_index = em->ckpair_index;
+ mp->crypto_engine = em->crypto_engine;
app_send_ctrl_evt_to_vpp (mq, app_evt);
}
mp->port = em->uri_elts.port;
mp->proto = em->uri_elts.transport_proto;
mp->parent_handle = parent_session_handle;
+ mp->ckpair_index = em->ckpair_index;
+ mp->crypto_engine = em->crypto_engine;
app_send_ctrl_evt_to_vpp (mq, app_evt);
}
*/
static void
- vl_api_application_tls_cert_add_reply_t_handler
- (vl_api_application_tls_cert_add_reply_t * mp)
+ vl_api_app_add_cert_key_pair_reply_t_handler
+ (vl_api_app_add_cert_key_pair_reply_t * mp)
{
echo_main_t *em = &echo_main;
if (mp->retval)
{
- ECHO_FAIL (ECHO_FAIL_VL_API_TLS_CERT_ADD_REPLY,
- "tls cert add returned %d",
+ ECHO_FAIL (ECHO_FAIL_VL_API_CERT_KEY_ADD_REPLY,
+ "Adding cert and key returned %d",
clib_net_to_host_u32 (mp->retval));
return;
}
/* No concurrency here, only bapi thread writes */
- if (em->state != STATE_ATTACHED_NO_CERT
- && em->state != STATE_ATTACHED_ONE_CERT)
+ if (em->state != STATE_ATTACHED_NO_CERT)
{
- ECHO_FAIL (ECHO_FAIL_VL_API_TLS_CERT_ADD_REPLY, "Wrong state");
+ ECHO_FAIL (ECHO_FAIL_VL_API_CERT_KEY_ADD_REPLY, "Wrong state");
return;
}
- em->state++;
+ em->ckpair_index = clib_net_to_host_u32 (mp->index);
+ em->state = STATE_ATTACHED;
}
static void
- vl_api_application_tls_key_add_reply_t_handler
- (vl_api_application_tls_key_add_reply_t * mp)
+ vl_api_app_del_cert_key_pair_reply_t_handler
+ (vl_api_app_del_cert_key_pair_reply_t * mp)
{
echo_main_t *em = &echo_main;
if (mp->retval)
{
- ECHO_FAIL (ECHO_FAIL_VL_API_TLS_KEY_ADD_REPLY,
- "tls key add returned %d",
+ ECHO_FAIL (ECHO_FAIL_VL_API_CERT_KEY_DEL_REPLY,
+ "Delete cert and key returned %d",
clib_net_to_host_u32 (mp->retval));
return;
}
- /* No concurrency here, only bapi thread writes */
- if (em->state != STATE_ATTACHED_NO_CERT
- && em->state != STATE_ATTACHED_ONE_CERT)
- {
- ECHO_FAIL (ECHO_FAIL_VL_API_TLS_CERT_ADD_REPLY, "Wrong state");
- return;
- }
- em->state++;
+ em->state = STATE_CLEANED_CERT_KEY;
}
static void
vec_free (fds);
}
-#define foreach_quic_echo_msg \
-_(APP_ATTACH_REPLY, app_attach_reply) \
-_(APPLICATION_DETACH_REPLY, application_detach_reply) \
-_(MAP_ANOTHER_SEGMENT, map_another_segment) \
-_(APPLICATION_TLS_CERT_ADD_REPLY, application_tls_cert_add_reply) \
-_(APPLICATION_TLS_KEY_ADD_REPLY, application_tls_key_add_reply) \
+#define foreach_quic_echo_msg \
+_(APP_ATTACH_REPLY, app_attach_reply) \
+_(APPLICATION_DETACH_REPLY, application_detach_reply) \
+_(MAP_ANOTHER_SEGMENT, map_another_segment) \
+_(APP_ADD_CERT_KEY_PAIR_REPLY, app_add_cert_key_pair_reply) \
+_(APP_DEL_CERT_KEY_PAIR_REPLY, app_del_cert_key_pair_reply) \
_(UNMAP_SEGMENT, unmap_segment)
void
return format (s, "STATE_ATTACHED (%u)", state);
if (state == STATE_ATTACHED_NO_CERT)
return format (s, "STATE_ATTACHED_NO_CERT (%u)", state);
- if (state == STATE_ATTACHED_ONE_CERT)
- return format (s, "STATE_ATTACHED_ONE_CERT (%u)", state);
if (state == STATE_LISTEN)
return format (s, "STATE_LISTEN (%u)", state);
if (state == STATE_READY)
_(ECHO_FAIL_1ST_PTHREAD_CREATE, "ECHO_FAIL_1ST_PTHREAD_CREATE") \
_(ECHO_FAIL_PTHREAD_CREATE, "ECHO_FAIL_PTHREAD_CREATE") \
_(ECHO_FAIL_DETACH, "ECHO_FAIL_DETACH") \
+ _(ECHO_FAIL_DEL_CERT_KEY, "ECHO_FAIL_DEL_CERT_KEY") \
_(ECHO_FAIL_MQ_PTHREAD, "ECHO_FAIL_MQ_PTHREAD") \
_(ECHO_FAIL_VL_API_APP_ATTACH, "ECHO_FAIL_VL_API_APP_ATTACH") \
_(ECHO_FAIL_VL_API_MISSING_SEGMENT_NAME, \
_(ECHO_FAIL_VL_API_UNBIND_REPLY, "ECHO_FAIL_VL_API_UNBIND_REPLY") \
_(ECHO_FAIL_SESSION_DISCONNECT, "ECHO_FAIL_SESSION_DISCONNECT") \
_(ECHO_FAIL_SESSION_RESET, "ECHO_FAIL_SESSION_RESET") \
- _(ECHO_FAIL_VL_API_TLS_CERT_ADD_REPLY, \
- "ECHO_FAIL_VL_API_TLS_CERT_ADD_REPLY") \
- _(ECHO_FAIL_VL_API_TLS_KEY_ADD_REPLY, \
- "ECHO_FAIL_VL_API_TLS_KEY_ADD_REPLY") \
+ _(ECHO_FAIL_VL_API_CERT_KEY_ADD_REPLY, \
+ "ECHO_FAIL_VL_API_CERT_KEY_ADD_REPLY") \
+ _(ECHO_FAIL_VL_API_CERT_KEY_DEL_REPLY, \
+ "ECHO_FAIL_VL_API_CERT_KEY_DEL_REPLY") \
_(ECHO_FAIL_GET_SESSION_FROM_HANDLE, \
"ECHO_FAIL_GET_SESSION_FROM_HANDLE") \
_(ECHO_FAIL_QUIC_WRONG_CONNECT, "ECHO_FAIL_QUIC_WRONG_CONNECT") \
{
STATE_START,
STATE_ATTACHED_NO_CERT,
- STATE_ATTACHED_ONE_CERT,
STATE_ATTACHED,
STATE_LISTEN,
STATE_READY,
STATE_DATA_DONE,
STATE_DISCONNECTED,
+ STATE_CLEANED_CERT_KEY,
STATE_DETACHED
} connection_state_t;
u8 log_lvl; /* Verbosity of the logging */
int max_test_msg; /* Limit the number of incorrect data messages */
u32 evt_q_size; /* Size of the vpp MQ (app<->vpp events) */
- u32 crypto_ctx_engine; /* crypto engine used */
+ u32 ckpair_index; /* Cert key pair used */
+ u8 crypto_engine; /* crypto engine used */
u8 *appns_id;
u64 appns_flags;
void echo_send_connect (u64 vpp_session_handle, u32 opaque);
void echo_send_disconnect_session (u64 handle, u32 opaque);
void echo_api_hookup (echo_main_t * em);
-void echo_send_add_crypto_ctx (echo_main_t * em);
+void echo_send_add_cert_key (echo_main_t * em);
+void echo_send_del_cert_key (echo_main_t * em);
#endif /* __included_vpp_echo_common_h__ */
echo_main_t *em = &echo_main;
u8 default_f_active;
- if (em->crypto_ctx_engine == CRYPTO_ENGINE_NONE)
- em->crypto_ctx_engine = CRYPTO_ENGINE_PICOTLS;
em->n_connects = em->n_clients;
em->n_sessions =
clib_max (1, eqm->n_stream_clients) * em->n_clients + em->n_clients + 1;
s->session_state = ECHO_SESSION_STATE_CLOSING;
}
-static void
-tls_echo_set_defaults_after_opts_cb ()
-{
- echo_main_t *em = &echo_main;
- if (em->crypto_ctx_engine == CRYPTO_ENGINE_NONE)
- em->crypto_ctx_engine = CRYPTO_ENGINE_OPENSSL;
-}
-
echo_proto_cb_vft_t echo_tcp_proto_cb_vft = {
.disconnected_cb = tcp_echo_disconnected_cb,
.connected_cb = tcp_echo_connected_cb,
.reset_cb = tcp_echo_reset_cb,
.sent_disconnect_cb = tcp_echo_sent_disconnect_cb,
.cleanup_cb = tcp_echo_cleanup_cb,
- .set_defaults_after_opts_cb = tls_echo_set_defaults_after_opts_cb,
};
ECHO_REGISTER_PROTO (TRANSPORT_PROTO_TCP, echo_tcp_proto_cb_vft);
-ECHO_REGISTER_PROTO (TRANSPORT_PROTO_TLS, echo_tcp_proto_cb_vft);
+ECHO_REGISTER_PROTO (TRANSPORT_PROTO_TLS, echo_tls_proto_cb_vft);
ECHO_REGISTER_PROTO (TRANSPORT_PROTO_SCTP, echo_tcp_proto_cb_vft);
/*
Code Review / vpp.git / commitdiff