aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNathan Skrzypczak <nathan.skrzypczak@gmail.com>2019-10-09 14:41:48 +0200
committerFlorin Coras <florin.coras@gmail.com>2019-11-07 17:30:39 +0000
commitde6caf481cc804bad0b45603c1f5cd7ae30856f7 (patch)
tree33466c49e44169c01531719e71e0dbf55522d900
parent7c40a3837a7a256cbb61dfad15be6e910058e4ba (diff)
session: Add crypto context
Type: feature Crypto contexts are a per protocol cache for storing crypto related connection data. They share a common interface with generic properties : cert, key, engine and session refcount. Change-Id: I8165e05afbcc6ecb3777b6abeab62c369d2fe9ed Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
-rw-r--r--src/vnet/session/application.c64
-rw-r--r--src/vnet/session/application.h2
-rw-r--r--src/vnet/session/application_interface.h9
3 files changed, 68 insertions, 7 deletions
diff --git a/src/vnet/session/application.c b/src/vnet/session/application.c
index 7cb888c2344..7c3293abc54 100644
--- a/src/vnet/session/application.c
+++ b/src/vnet/session/application.c
@@ -1386,6 +1386,58 @@ format_cert_key_pair (u8 * s, va_list * args)
}
u8 *
+format_crypto_engine (u8 * s, va_list * args)
+{
+ u32 engine = va_arg (*args, u32);
+ switch (engine)
+ {
+ case CRYPTO_ENGINE_NONE:
+ return format (s, "none");
+ case CRYPTO_ENGINE_MBEDTLS:
+ return format (s, "mbedtls");
+ case CRYPTO_ENGINE_OPENSSL:
+ return format (s, "openssl");
+ case CRYPTO_ENGINE_PICOTLS:
+ return format (s, "picotls");
+ case CRYPTO_ENGINE_VPP:
+ return format (s, "vpp");
+ default:
+ return format (s, "unknown engine");
+ }
+ return s;
+}
+
+uword
+unformat_crypto_engine (unformat_input_t * input, va_list * args)
+{
+ u8 *a = va_arg (*args, u8 *);
+ if (unformat (input, "mbedtls"))
+ *a = CRYPTO_ENGINE_MBEDTLS;
+ else if (unformat (input, "openssl"))
+ *a = CRYPTO_ENGINE_OPENSSL;
+ else if (unformat (input, "picotls"))
+ *a = CRYPTO_ENGINE_PICOTLS;
+ else if (unformat (input, "vpp"))
+ *a = CRYPTO_ENGINE_VPP;
+ else
+ return 0;
+ return 1;
+}
+
+u8 *
+format_crypto_context (u8 * s, va_list * args)
+{
+ crypto_context_t *crctx = va_arg (*args, crypto_context_t *);
+ s =
+ format (s, "[0x%x][sub%d,ckpair%x]", crctx->ctx_index,
+ crctx->n_subscribers, crctx->ckpair_index);
+ s = format (s, "[%U]", format_crypto_engine, crctx->crypto_engine);
+ if (crctx->stale)
+ s = format (s, " -- DELETED");
+ return s;
+}
+
+u8 *
format_application (u8 * s, va_list * args)
{
application_t *app = va_arg (*args, application_t *);
@@ -1546,10 +1598,7 @@ show_app_command_fn (vlib_main_t * vm, unformat_input_t * input,
return 0;
}
-/*
- * Certificate store
- *
- */
+/* Certificate store */
static app_cert_key_pair_t *
app_cert_key_pair_alloc ()
@@ -1598,7 +1647,8 @@ vnet_app_add_cert_key_interest (u32 index, u32 app_index)
app_cert_key_pair_t *ckpair;
if (!(ckpair = app_cert_key_pair_get_if_valid (index)))
return -1;
- vec_add1 (ckpair->app_interests, app_index);
+ if (vec_search (ckpair->app_interests, app_index) != ~0)
+ vec_add1 (ckpair->app_interests, app_index);
return 0;
}
@@ -1626,7 +1676,7 @@ vnet_app_del_cert_key_pair (u32 index)
}
clib_error_t *
-cert_key_pair_store_init (vlib_main_t * vm)
+application_init (vlib_main_t * vm)
{
/* Add a certificate with index 0 to support legacy apis */
(void) app_cert_key_pair_alloc ();
@@ -1635,7 +1685,7 @@ cert_key_pair_store_init (vlib_main_t * vm)
}
/* *INDENT-OFF* */
-VLIB_INIT_FUNCTION (cert_key_pair_store_init);
+VLIB_INIT_FUNCTION (application_init);
VLIB_CLI_COMMAND (show_app_command, static) =
{
diff --git a/src/vnet/session/application.h b/src/vnet/session/application.h
index 08117b744f1..4a963826fec 100644
--- a/src/vnet/session/application.h
+++ b/src/vnet/session/application.h
@@ -279,6 +279,8 @@ session_t *app_worker_proxy_listener (app_worker_t * app, u8 fib_proto,
u8 transport_proto);
u8 *format_app_worker (u8 * s, va_list * args);
u8 *format_app_worker_listener (u8 * s, va_list * args);
+u8 *format_crypto_engine (u8 * s, va_list * args);
+u8 *format_crypto_context (u8 * s, va_list * args);
void app_worker_format_connects (app_worker_t * app_wrk, int verbose);
int vnet_app_worker_add_del (vnet_app_worker_add_del_args_t * a);
diff --git a/src/vnet/session/application_interface.h b/src/vnet/session/application_interface.h
index 5c26060d756..a865b081ca2 100644
--- a/src/vnet/session/application_interface.h
+++ b/src/vnet/session/application_interface.h
@@ -176,6 +176,15 @@ typedef struct _vnet_app_add_cert_key_pair_args_
u32 index;
} vnet_app_add_cert_key_pair_args_t;
+typedef struct crypto_ctx_
+{
+ u32 ctx_index; /**< index in crypto context pool */
+ u32 n_subscribers; /**< refcount of sessions using said context */
+ u32 ckpair_index; /**< certificate & key */
+ u8 crypto_engine;
+ u8 stale; /**< Marked invalid for re-use (aka ckpair deleted) */
+} crypto_context_t;
+
/* Application attach options */
typedef enum
{