From 7c40a3837a7a256cbb61dfad15be6e910058e4ba Mon Sep 17 00:00:00 2001 From: Nathan Skrzypczak Date: Wed, 6 Nov 2019 14:12:23 +0100 Subject: [PATCH] hsa: Add ckpair & crypto engine in vpp_echo Type: feature * vpp echo adds and dels a cert and key pair for each run * it passes the crypto engine to be used (openssl, picotls, vpp, mbedtls) Change-Id: Iaba1de2e6abb510e6c4edbe84b2324b2f4843f26 Signed-off-by: Nathan Skrzypczak --- src/plugins/hs_apps/sapi/vpp_echo.c | 25 +++--- src/plugins/hs_apps/sapi/vpp_echo_bapi.c | 101 +++++++++++++------------ src/plugins/hs_apps/sapi/vpp_echo_common.c | 2 - src/plugins/hs_apps/sapi/vpp_echo_common.h | 17 +++-- src/plugins/hs_apps/sapi/vpp_echo_proto_quic.c | 2 - src/plugins/hs_apps/sapi/vpp_echo_proto_tcp.c | 11 +-- 6 files changed, 80 insertions(+), 78 deletions(-) diff --git a/src/plugins/hs_apps/sapi/vpp_echo.c b/src/plugins/hs_apps/sapi/vpp_echo.c index 93291e7e7b6..143551f5848 100644 --- a/src/plugins/hs_apps/sapi/vpp_echo.c +++ b/src/plugins/hs_apps/sapi/vpp_echo.c @@ -868,6 +868,7 @@ print_usage_and_exit (void) " tx-results-diff Tx results different to pass test\n" " json Output global stats in json\n" " log=N Set the log level to [0: no output, 1:errors, 2:log]\n" + " crypto [engine] Set the crypto engine [openssl, vpp, picotls, mbedtls]\n" "\n" " nclients N Open N clients sending data\n" " nthreads N Use N busy loop threads for data [in addition to main & msg queue]\n" @@ -970,11 +971,8 @@ echo_process_opts (int argc, char **argv) } else if (unformat (a, "nthreads %d", &em->n_rx_threads)) ; - else - if (unformat - (a, "crypto %U", echo_unformat_crypto_engine, - &em->crypto_ctx_engine)) - ; + else if (unformat (a, "crypto %U", echo_unformat_crypto_engine, &tmp)) + em->crypto_engine = tmp; else if (unformat (a, "appns %_%v%_", &em->appns_id)) ; else if (unformat (a, "all-scope")) @@ -1120,7 +1118,7 @@ main (int argc, char **argv) em->tx_buf_size = 1 << 20; em->data_source = ECHO_INVALID_DATA_SOURCE; em->uri = format (0, "%s%c", "tcp://0.0.0.0/1234", 0); - em->crypto_ctx_engine = CRYPTO_ENGINE_NONE; + em->crypto_engine = CRYPTO_ENGINE_NONE; echo_set_each_proto_defaults_before_opts (em); echo_process_opts (argc, argv); echo_process_uri (em); @@ -1184,14 +1182,14 @@ main (int argc, char **argv) goto exit_on_error; } - if (em->crypto_ctx_engine == CRYPTO_ENGINE_NONE) - /* when no crypto engine specified, dont expect crypto ctx */ + if (em->uri_elts.transport_proto != TRANSPORT_PROTO_QUIC + && em->uri_elts.transport_proto != TRANSPORT_PROTO_TLS) em->state = STATE_ATTACHED; else { ECHO_LOG (1, "Adding crypto context %U", echo_format_crypto_engine, - em->crypto_ctx_engine); - echo_send_add_crypto_ctx (em); + em->crypto_engine); + echo_send_add_cert_key (em); if (wait_for_state_change (em, STATE_ATTACHED, TIMEOUT)) { ECHO_FAIL (ECHO_FAIL_APP_ATTACH, @@ -1221,6 +1219,13 @@ main (int argc, char **argv) clients_run (em); echo_notify_event (em, ECHO_EVT_EXIT); echo_free_sessions (em); + echo_send_del_cert_key (em); + if (wait_for_state_change (em, STATE_CLEANED_CERT_KEY, TIMEOUT)) + { + ECHO_FAIL (ECHO_FAIL_DEL_CERT_KEY, "Couldn't cleanup cert and key"); + goto exit_on_error; + } + echo_send_detach (em); if (wait_for_state_change (em, STATE_DETACHED, TIMEOUT)) { diff --git a/src/plugins/hs_apps/sapi/vpp_echo_bapi.c b/src/plugins/hs_apps/sapi/vpp_echo_bapi.c index fad0d18ccc6..3cfe6a78ec5 100644 --- a/src/plugins/hs_apps/sapi/vpp_echo_bapi.c +++ b/src/plugins/hs_apps/sapi/vpp_echo_bapi.c @@ -68,28 +68,38 @@ echo_send_detach (echo_main_t * em) } void -echo_send_add_crypto_ctx (echo_main_t * em) +echo_send_add_cert_key (echo_main_t * em) { - vl_api_application_tls_cert_add_t *cert_mp; - vl_api_application_tls_key_add_t *key_mp; - - cert_mp = vl_msg_api_alloc (sizeof (*cert_mp) + test_srv_crt_rsa_len); - clib_memset (cert_mp, 0, sizeof (*cert_mp)); - cert_mp->_vl_msg_id = ntohs (VL_API_APPLICATION_TLS_CERT_ADD); - cert_mp->client_index = em->my_client_index; - cert_mp->context = ntohl (0xfeedface); - cert_mp->cert_len = clib_host_to_net_u16 (test_srv_crt_rsa_len); - clib_memcpy_fast (cert_mp->cert, test_srv_crt_rsa, test_srv_crt_rsa_len); - vl_msg_api_send_shmem (em->vl_input_queue, (u8 *) & cert_mp); - - key_mp = vl_msg_api_alloc (sizeof (*key_mp) + test_srv_key_rsa_len); - clib_memset (key_mp, 0, sizeof (*key_mp) + test_srv_key_rsa_len); - key_mp->_vl_msg_id = ntohs (VL_API_APPLICATION_TLS_KEY_ADD); - key_mp->client_index = em->my_client_index; - key_mp->context = ntohl (0xfeedface); - key_mp->key_len = clib_host_to_net_u16 (test_srv_key_rsa_len); - clib_memcpy_fast (key_mp->key, test_srv_key_rsa, test_srv_key_rsa_len); - vl_msg_api_send_shmem (em->vl_input_queue, (u8 *) & key_mp); + u32 cert_len = test_srv_crt_rsa_len; + u32 key_len = test_srv_key_rsa_len; + vl_api_app_add_cert_key_pair_t *bmp; + + bmp = vl_msg_api_alloc (sizeof (*bmp) + cert_len + key_len); + clib_memset (bmp, 0, sizeof (*bmp) + cert_len + key_len); + + bmp->_vl_msg_id = ntohs (VL_API_APP_ADD_CERT_KEY_PAIR); + bmp->client_index = em->my_client_index; + bmp->context = ntohl (0xfeedface); + bmp->cert_len = clib_host_to_net_u16 (cert_len); + bmp->certkey_len = clib_host_to_net_u16 (key_len + cert_len); + clib_memcpy_fast (bmp->certkey, test_srv_crt_rsa, cert_len); + clib_memcpy_fast (bmp->certkey + cert_len, test_srv_key_rsa, key_len); + + vl_msg_api_send_shmem (em->vl_input_queue, (u8 *) & bmp); +} + +void +echo_send_del_cert_key (echo_main_t * em) +{ + vl_api_app_del_cert_key_pair_t *bmp; + bmp = vl_msg_api_alloc (sizeof (*bmp)); + clib_memset (bmp, 0, sizeof (*bmp)); + + bmp->_vl_msg_id = ntohs (VL_API_APP_DEL_CERT_KEY_PAIR); + bmp->client_index = em->my_client_index; + bmp->context = ntohl (0xfeedface); + bmp->index = clib_host_to_net_u32 (em->ckpair_index); + vl_msg_api_send_shmem (em->vl_input_queue, (u8 *) & bmp); } void @@ -109,6 +119,8 @@ echo_send_listen (echo_main_t * em) clib_memcpy_fast (&mp->ip, &em->uri_elts.ip, sizeof (mp->ip)); mp->port = em->uri_elts.port; mp->proto = em->uri_elts.transport_proto; + mp->ckpair_index = em->ckpair_index; + mp->crypto_engine = em->crypto_engine; app_send_ctrl_evt_to_vpp (mq, app_evt); } @@ -148,6 +160,8 @@ echo_send_connect (u64 parent_session_handle, u32 opaque) mp->port = em->uri_elts.port; mp->proto = em->uri_elts.transport_proto; mp->parent_handle = parent_session_handle; + mp->ckpair_index = em->ckpair_index; + mp->crypto_engine = em->crypto_engine; app_send_ctrl_evt_to_vpp (mq, app_evt); } @@ -216,47 +230,40 @@ echo_segment_handle_add_del (echo_main_t * em, u64 segment_handle, u8 add) */ static void - vl_api_application_tls_cert_add_reply_t_handler - (vl_api_application_tls_cert_add_reply_t * mp) + vl_api_app_add_cert_key_pair_reply_t_handler + (vl_api_app_add_cert_key_pair_reply_t * mp) { echo_main_t *em = &echo_main; if (mp->retval) { - ECHO_FAIL (ECHO_FAIL_VL_API_TLS_CERT_ADD_REPLY, - "tls cert add returned %d", + ECHO_FAIL (ECHO_FAIL_VL_API_CERT_KEY_ADD_REPLY, + "Adding cert and key returned %d", clib_net_to_host_u32 (mp->retval)); return; } /* No concurrency here, only bapi thread writes */ - if (em->state != STATE_ATTACHED_NO_CERT - && em->state != STATE_ATTACHED_ONE_CERT) + if (em->state != STATE_ATTACHED_NO_CERT) { - ECHO_FAIL (ECHO_FAIL_VL_API_TLS_CERT_ADD_REPLY, "Wrong state"); + ECHO_FAIL (ECHO_FAIL_VL_API_CERT_KEY_ADD_REPLY, "Wrong state"); return; } - em->state++; + em->ckpair_index = clib_net_to_host_u32 (mp->index); + em->state = STATE_ATTACHED; } static void - vl_api_application_tls_key_add_reply_t_handler - (vl_api_application_tls_key_add_reply_t * mp) + vl_api_app_del_cert_key_pair_reply_t_handler + (vl_api_app_del_cert_key_pair_reply_t * mp) { echo_main_t *em = &echo_main; if (mp->retval) { - ECHO_FAIL (ECHO_FAIL_VL_API_TLS_KEY_ADD_REPLY, - "tls key add returned %d", + ECHO_FAIL (ECHO_FAIL_VL_API_CERT_KEY_DEL_REPLY, + "Delete cert and key returned %d", clib_net_to_host_u32 (mp->retval)); return; } - /* No concurrency here, only bapi thread writes */ - if (em->state != STATE_ATTACHED_NO_CERT - && em->state != STATE_ATTACHED_ONE_CERT) - { - ECHO_FAIL (ECHO_FAIL_VL_API_TLS_CERT_ADD_REPLY, "Wrong state"); - return; - } - em->state++; + em->state = STATE_CLEANED_CERT_KEY; } static void @@ -419,12 +426,12 @@ failed: vec_free (fds); } -#define foreach_quic_echo_msg \ -_(APP_ATTACH_REPLY, app_attach_reply) \ -_(APPLICATION_DETACH_REPLY, application_detach_reply) \ -_(MAP_ANOTHER_SEGMENT, map_another_segment) \ -_(APPLICATION_TLS_CERT_ADD_REPLY, application_tls_cert_add_reply) \ -_(APPLICATION_TLS_KEY_ADD_REPLY, application_tls_key_add_reply) \ +#define foreach_quic_echo_msg \ +_(APP_ATTACH_REPLY, app_attach_reply) \ +_(APPLICATION_DETACH_REPLY, application_detach_reply) \ +_(MAP_ANOTHER_SEGMENT, map_another_segment) \ +_(APP_ADD_CERT_KEY_PAIR_REPLY, app_add_cert_key_pair_reply) \ +_(APP_DEL_CERT_KEY_PAIR_REPLY, app_del_cert_key_pair_reply) \ _(UNMAP_SEGMENT, unmap_segment) void diff --git a/src/plugins/hs_apps/sapi/vpp_echo_common.c b/src/plugins/hs_apps/sapi/vpp_echo_common.c index be847b57ace..7c58dad99ea 100644 --- a/src/plugins/hs_apps/sapi/vpp_echo_common.c +++ b/src/plugins/hs_apps/sapi/vpp_echo_common.c @@ -205,8 +205,6 @@ echo_format_app_state (u8 * s, va_list * args) return format (s, "STATE_ATTACHED (%u)", state); if (state == STATE_ATTACHED_NO_CERT) return format (s, "STATE_ATTACHED_NO_CERT (%u)", state); - if (state == STATE_ATTACHED_ONE_CERT) - return format (s, "STATE_ATTACHED_ONE_CERT (%u)", state); if (state == STATE_LISTEN) return format (s, "STATE_LISTEN (%u)", state); if (state == STATE_READY) diff --git a/src/plugins/hs_apps/sapi/vpp_echo_common.h b/src/plugins/hs_apps/sapi/vpp_echo_common.h index 411e9f5dce0..5ddd8fb12dd 100644 --- a/src/plugins/hs_apps/sapi/vpp_echo_common.h +++ b/src/plugins/hs_apps/sapi/vpp_echo_common.h @@ -64,6 +64,7 @@ _(ECHO_FAIL_1ST_PTHREAD_CREATE, "ECHO_FAIL_1ST_PTHREAD_CREATE") \ _(ECHO_FAIL_PTHREAD_CREATE, "ECHO_FAIL_PTHREAD_CREATE") \ _(ECHO_FAIL_DETACH, "ECHO_FAIL_DETACH") \ + _(ECHO_FAIL_DEL_CERT_KEY, "ECHO_FAIL_DEL_CERT_KEY") \ _(ECHO_FAIL_MQ_PTHREAD, "ECHO_FAIL_MQ_PTHREAD") \ _(ECHO_FAIL_VL_API_APP_ATTACH, "ECHO_FAIL_VL_API_APP_ATTACH") \ _(ECHO_FAIL_VL_API_MISSING_SEGMENT_NAME, \ @@ -79,10 +80,10 @@ _(ECHO_FAIL_VL_API_UNBIND_REPLY, "ECHO_FAIL_VL_API_UNBIND_REPLY") \ _(ECHO_FAIL_SESSION_DISCONNECT, "ECHO_FAIL_SESSION_DISCONNECT") \ _(ECHO_FAIL_SESSION_RESET, "ECHO_FAIL_SESSION_RESET") \ - _(ECHO_FAIL_VL_API_TLS_CERT_ADD_REPLY, \ - "ECHO_FAIL_VL_API_TLS_CERT_ADD_REPLY") \ - _(ECHO_FAIL_VL_API_TLS_KEY_ADD_REPLY, \ - "ECHO_FAIL_VL_API_TLS_KEY_ADD_REPLY") \ + _(ECHO_FAIL_VL_API_CERT_KEY_ADD_REPLY, \ + "ECHO_FAIL_VL_API_CERT_KEY_ADD_REPLY") \ + _(ECHO_FAIL_VL_API_CERT_KEY_DEL_REPLY, \ + "ECHO_FAIL_VL_API_CERT_KEY_DEL_REPLY") \ _(ECHO_FAIL_GET_SESSION_FROM_HANDLE, \ "ECHO_FAIL_GET_SESSION_FROM_HANDLE") \ _(ECHO_FAIL_QUIC_WRONG_CONNECT, "ECHO_FAIL_QUIC_WRONG_CONNECT") \ @@ -203,12 +204,12 @@ typedef enum { STATE_START, STATE_ATTACHED_NO_CERT, - STATE_ATTACHED_ONE_CERT, STATE_ATTACHED, STATE_LISTEN, STATE_READY, STATE_DATA_DONE, STATE_DISCONNECTED, + STATE_CLEANED_CERT_KEY, STATE_DETACHED } connection_state_t; @@ -308,7 +309,8 @@ typedef struct u8 log_lvl; /* Verbosity of the logging */ int max_test_msg; /* Limit the number of incorrect data messages */ u32 evt_q_size; /* Size of the vpp MQ (app<->vpp events) */ - u32 crypto_ctx_engine; /* crypto engine used */ + u32 ckpair_index; /* Cert key pair used */ + u8 crypto_engine; /* crypto engine used */ u8 *appns_id; u64 appns_flags; @@ -409,7 +411,8 @@ void echo_send_unbind (echo_main_t * em, echo_session_t * s); void echo_send_connect (u64 vpp_session_handle, u32 opaque); void echo_send_disconnect_session (u64 handle, u32 opaque); void echo_api_hookup (echo_main_t * em); -void echo_send_add_crypto_ctx (echo_main_t * em); +void echo_send_add_cert_key (echo_main_t * em); +void echo_send_del_cert_key (echo_main_t * em); #endif /* __included_vpp_echo_common_h__ */ diff --git a/src/plugins/hs_apps/sapi/vpp_echo_proto_quic.c b/src/plugins/hs_apps/sapi/vpp_echo_proto_quic.c index e85c1f3e1eb..bd7903bb771 100644 --- a/src/plugins/hs_apps/sapi/vpp_echo_proto_quic.c +++ b/src/plugins/hs_apps/sapi/vpp_echo_proto_quic.c @@ -461,8 +461,6 @@ quic_echo_set_defaults_after_opts_cb () echo_main_t *em = &echo_main; u8 default_f_active; - if (em->crypto_ctx_engine == CRYPTO_ENGINE_NONE) - em->crypto_ctx_engine = CRYPTO_ENGINE_PICOTLS; em->n_connects = em->n_clients; em->n_sessions = clib_max (1, eqm->n_stream_clients) * em->n_clients + em->n_clients + 1; diff --git a/src/plugins/hs_apps/sapi/vpp_echo_proto_tcp.c b/src/plugins/hs_apps/sapi/vpp_echo_proto_tcp.c index 5cb3fa667e8..5b6d74b429c 100644 --- a/src/plugins/hs_apps/sapi/vpp_echo_proto_tcp.c +++ b/src/plugins/hs_apps/sapi/vpp_echo_proto_tcp.c @@ -122,14 +122,6 @@ tcp_echo_reset_cb (session_reset_msg_t * mp, echo_session_t * s) s->session_state = ECHO_SESSION_STATE_CLOSING; } -static void -tls_echo_set_defaults_after_opts_cb () -{ - echo_main_t *em = &echo_main; - if (em->crypto_ctx_engine == CRYPTO_ENGINE_NONE) - em->crypto_ctx_engine = CRYPTO_ENGINE_OPENSSL; -} - echo_proto_cb_vft_t echo_tcp_proto_cb_vft = { .disconnected_cb = tcp_echo_disconnected_cb, .connected_cb = tcp_echo_connected_cb, @@ -146,11 +138,10 @@ echo_proto_cb_vft_t echo_tls_proto_cb_vft = { .reset_cb = tcp_echo_reset_cb, .sent_disconnect_cb = tcp_echo_sent_disconnect_cb, .cleanup_cb = tcp_echo_cleanup_cb, - .set_defaults_after_opts_cb = tls_echo_set_defaults_after_opts_cb, }; ECHO_REGISTER_PROTO (TRANSPORT_PROTO_TCP, echo_tcp_proto_cb_vft); -ECHO_REGISTER_PROTO (TRANSPORT_PROTO_TLS, echo_tcp_proto_cb_vft); +ECHO_REGISTER_PROTO (TRANSPORT_PROTO_TLS, echo_tls_proto_cb_vft); ECHO_REGISTER_PROTO (TRANSPORT_PROTO_SCTP, echo_tcp_proto_cb_vft); /* -- 2.16.6