aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins
diff options
context:
space:
mode:
authorFlorin Coras <fcoras@cisco.com>2021-01-05 17:03:29 -0800
committerDave Barach <openvpp@barachs.net>2021-01-07 16:55:02 +0000
commita5a9efd4d1995ef6d46dfab4e5b8aba9c5d114ef (patch)
tree63db95ce5645cafed795284bd3138535f9605c65 /src/plugins
parente294de6f876587ddc34ab02771771aea60087adc (diff)
vcl session: switch to generic cert key apis
Remove the deprecated tls apis. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ia1e12bd813671146f0aca22e83d04c23ac13e595
Diffstat (limited to 'src/plugins')
-rw-r--r--src/plugins/hs_apps/echo_client.c33
-rw-r--r--src/plugins/hs_apps/echo_client.h1
-rw-r--r--src/plugins/hs_apps/echo_server.c36
-rw-r--r--src/plugins/hs_apps/http_server.c40
-rw-r--r--src/plugins/hs_apps/vcl/vcl_test_client.c28
-rw-r--r--src/plugins/hs_apps/vcl/vcl_test_server.c20
-rw-r--r--src/plugins/http_static/http_static.h3
-rw-r--r--src/plugins/http_static/static_server.c37
8 files changed, 124 insertions, 74 deletions
diff --git a/src/plugins/hs_apps/echo_client.c b/src/plugins/hs_apps/echo_client.c
index 50d815748a5..c26329468ec 100644
--- a/src/plugins/hs_apps/echo_client.c
+++ b/src/plugins/hs_apps/echo_client.c
@@ -620,8 +620,7 @@ static session_cb_vft_t echo_clients = {
static clib_error_t *
echo_clients_attach (u8 * appns_id, u64 appns_flags, u64 appns_secret)
{
- vnet_app_add_tls_cert_args_t _a_cert, *a_cert = &_a_cert;
- vnet_app_add_tls_key_args_t _a_key, *a_key = &_a_key;
+ vnet_app_add_cert_key_pair_args_t _ck_pair, *ck_pair = &_ck_pair;
u32 prealloc_fifos, segment_size = 256 << 20;
echo_client_main_t *ecm = &echo_client_main;
vnet_app_attach_args_t _a, *a = &_a;
@@ -667,17 +666,14 @@ echo_clients_attach (u8 * appns_id, u64 appns_flags, u64 appns_secret)
ecm->app_index = a->app_index;
vec_free (a->name);
- clib_memset (a_cert, 0, sizeof (*a_cert));
- a_cert->app_index = a->app_index;
- vec_validate (a_cert->cert, test_srv_crt_rsa_len);
- clib_memcpy_fast (a_cert->cert, test_srv_crt_rsa, test_srv_crt_rsa_len);
- vnet_app_add_tls_cert (a_cert);
-
- clib_memset (a_key, 0, sizeof (*a_key));
- a_key->app_index = a->app_index;
- vec_validate (a_key->key, test_srv_key_rsa_len);
- clib_memcpy_fast (a_key->key, test_srv_key_rsa, test_srv_key_rsa_len);
- vnet_app_add_tls_key (a_key);
+ clib_memset (ck_pair, 0, sizeof (*ck_pair));
+ ck_pair->cert = (u8 *) test_srv_crt_rsa;
+ ck_pair->key = (u8 *) test_srv_key_rsa;
+ ck_pair->cert_len = test_srv_crt_rsa_len;
+ ck_pair->key_len = test_srv_key_rsa_len;
+ vnet_app_add_cert_key_pair (ck_pair);
+ ecm->ckpair_index = ck_pair->index;
+
return 0;
}
@@ -693,6 +689,8 @@ echo_clients_detach ()
rv = vnet_application_detach (da);
ecm->test_client_attached = 0;
ecm->app_index = ~0;
+ vnet_app_del_cert_key_pair (ecm->ckpair_index);
+
return rv;
}
@@ -723,20 +721,25 @@ echo_clients_start_tx_pthread (echo_client_main_t * ecm)
clib_error_t *
echo_clients_connect (vlib_main_t * vm, u32 n_clients)
{
+ session_endpoint_cfg_t sep = SESSION_ENDPOINT_CFG_NULL;
echo_client_main_t *ecm = &echo_client_main;
vnet_connect_args_t _a, *a = &_a;
int i, rv;
clib_memset (a, 0, sizeof (*a));
+ if (parse_uri ((char *) ecm->connect_uri, &sep))
+ return clib_error_return (0, "invalid uri");
+
for (i = 0; i < n_clients; i++)
{
- a->uri = (char *) ecm->connect_uri;
+ clib_memcpy (&a->sep_ext, &sep, sizeof (sep));
a->api_context = i;
a->app_index = ecm->app_index;
+ a->sep_ext.ckpair_index = ecm->ckpair_index;
vlib_worker_thread_barrier_sync (vm);
- if ((rv = vnet_connect_uri (a)))
+ if ((rv = vnet_connect (a)))
{
vlib_worker_thread_barrier_release (vm);
return clib_error_return (0, "connect returned: %d", rv);
diff --git a/src/plugins/hs_apps/echo_client.h b/src/plugins/hs_apps/echo_client.h
index 34cf0bd4764..c4983ca78d8 100644
--- a/src/plugins/hs_apps/echo_client.h
+++ b/src/plugins/hs_apps/echo_client.h
@@ -66,6 +66,7 @@ typedef struct
u8 is_dgram;
u32 no_copy; /**< Don't memcpy data to tx fifo */
u32 quic_streams; /**< QUIC streams per connection */
+ u32 ckpair_index; /**< Cert key pair for tls/quic */
/*
* Test state variables
diff --git a/src/plugins/hs_apps/echo_server.c b/src/plugins/hs_apps/echo_server.c
index a5335bb2f20..1c4022537ba 100644
--- a/src/plugins/hs_apps/echo_server.c
+++ b/src/plugins/hs_apps/echo_server.c
@@ -47,7 +47,9 @@ typedef struct
u32 private_segment_size; /**< Size of private segments */
char *server_uri; /**< Server URI */
u32 tls_engine; /**< TLS engine: mbedtls/openssl */
+ u32 ckpair_index; /**< Cert and key for tls/quic */
u8 is_dgram; /**< set if transport is dgram */
+
/*
* Test state
*/
@@ -304,8 +306,7 @@ static session_cb_vft_t echo_server_session_cb_vft = {
static int
echo_server_attach (u8 * appns_id, u64 appns_flags, u64 appns_secret)
{
- vnet_app_add_tls_cert_args_t _a_cert, *a_cert = &_a_cert;
- vnet_app_add_tls_key_args_t _a_key, *a_key = &_a_key;
+ vnet_app_add_cert_key_pair_args_t _ck_pair, *ck_pair = &_ck_pair;
echo_server_main_t *esm = &echo_server_main;
vnet_app_attach_args_t _a, *a = &_a;
u64 options[APP_OPTIONS_N_OPTIONS];
@@ -357,17 +358,14 @@ echo_server_attach (u8 * appns_id, u64 appns_flags, u64 appns_secret)
esm->app_index = a->app_index;
vec_free (a->name);
- clib_memset (a_cert, 0, sizeof (*a_cert));
- a_cert->app_index = a->app_index;
- vec_validate (a_cert->cert, test_srv_crt_rsa_len);
- clib_memcpy_fast (a_cert->cert, test_srv_crt_rsa, test_srv_crt_rsa_len);
- vnet_app_add_tls_cert (a_cert);
-
- clib_memset (a_key, 0, sizeof (*a_key));
- a_key->app_index = a->app_index;
- vec_validate (a_key->key, test_srv_key_rsa_len);
- clib_memcpy_fast (a_key->key, test_srv_key_rsa, test_srv_key_rsa_len);
- vnet_app_add_tls_key (a_key);
+ clib_memset (ck_pair, 0, sizeof (*ck_pair));
+ ck_pair->cert = (u8 *) test_srv_crt_rsa;
+ ck_pair->key = (u8 *) test_srv_key_rsa;
+ ck_pair->cert_len = test_srv_crt_rsa_len;
+ ck_pair->key_len = test_srv_key_rsa_len;
+ vnet_app_add_cert_key_pair (ck_pair);
+ esm->ckpair_index = ck_pair->index;
+
return 0;
}
@@ -381,6 +379,7 @@ echo_server_detach (void)
da->app_index = esm->app_index;
rv = vnet_application_detach (da);
esm->app_index = ~0;
+ vnet_app_del_cert_key_pair (esm->ckpair_index);
return rv;
}
@@ -389,17 +388,16 @@ echo_server_listen ()
{
i32 rv;
echo_server_main_t *esm = &echo_server_main;
- vnet_listen_args_t _args = {
- .app_index = esm->app_index,
- .sep_ext = {
- .app_wrk_index = 0,
- }
- }, *args = &_args;
+ vnet_listen_args_t _args = { 0 }, *args = &_args;
+
+ args->sep_ext.app_wrk_index = 0;
if ((rv = parse_uri (esm->server_uri, &args->sep_ext)))
{
return -1;
}
+ args->app_index = esm->app_index;
+ args->sep_ext.ckpair_index = esm->ckpair_index;
if (args->sep_ext.transport_proto == TRANSPORT_PROTO_UDP)
{
diff --git a/src/plugins/hs_apps/http_server.c b/src/plugins/hs_apps/http_server.c
index ce4e09addbc..e1674d5d2f1 100644
--- a/src/plugins/hs_apps/http_server.c
+++ b/src/plugins/hs_apps/http_server.c
@@ -73,6 +73,9 @@ typedef struct
/* process node index for evnt scheduling */
u32 node_index;
+ /* Cert key pair for tls */
+ u32 ckpair_index;
+
tw_timer_wheel_2t_1w_2048sl_t tw;
clib_spinlock_t tw_lock;
@@ -712,8 +715,7 @@ static session_cb_vft_t http_server_session_cb_vft = {
static int
http_server_attach ()
{
- vnet_app_add_tls_cert_args_t _a_cert, *a_cert = &_a_cert;
- vnet_app_add_tls_key_args_t _a_key, *a_key = &_a_key;
+ vnet_app_add_cert_key_pair_args_t _ck_pair, *ck_pair = &_ck_pair;
http_server_main_t *hsm = &http_server_main;
u64 options[APP_OPTIONS_N_OPTIONS];
vnet_app_attach_args_t _a, *a = &_a;
@@ -746,17 +748,13 @@ http_server_attach ()
vec_free (a->name);
hsm->app_index = a->app_index;
- clib_memset (a_cert, 0, sizeof (*a_cert));
- a_cert->app_index = a->app_index;
- vec_validate (a_cert->cert, test_srv_crt_rsa_len);
- clib_memcpy_fast (a_cert->cert, test_srv_crt_rsa, test_srv_crt_rsa_len);
- vnet_app_add_tls_cert (a_cert);
-
- clib_memset (a_key, 0, sizeof (*a_key));
- a_key->app_index = a->app_index;
- vec_validate (a_key->key, test_srv_key_rsa_len);
- clib_memcpy_fast (a_key->key, test_srv_key_rsa, test_srv_key_rsa_len);
- vnet_app_add_tls_key (a_key);
+ clib_memset (ck_pair, 0, sizeof (*ck_pair));
+ ck_pair->cert = (u8 *) test_srv_crt_rsa;
+ ck_pair->key = (u8 *) test_srv_key_rsa;
+ ck_pair->cert_len = test_srv_crt_rsa_len;
+ ck_pair->key_len = test_srv_key_rsa_len;
+ vnet_app_add_cert_key_pair (ck_pair);
+ hsm->ckpair_index = ck_pair->index;
return 0;
}
@@ -764,14 +762,24 @@ http_server_attach ()
static int
http_server_listen ()
{
+ session_endpoint_cfg_t sep = SESSION_ENDPOINT_CFG_NULL;
http_server_main_t *hsm = &http_server_main;
vnet_listen_args_t _a, *a = &_a;
+ char *uri = "tcp://0.0.0.0/80";
+
clib_memset (a, 0, sizeof (*a));
a->app_index = hsm->app_index;
- a->uri = "tcp://0.0.0.0/80";
+
if (hsm->uri)
- a->uri = (char *) hsm->uri;
- return vnet_bind_uri (a);
+ uri = (char *) hsm->uri;
+
+ if (parse_uri (uri, &sep))
+ return -1;
+
+ clib_memcpy (&a->sep_ext, &sep, sizeof (sep));
+ a->sep_ext.ckpair_index = hsm->ckpair_index;
+
+ return vnet_listen (a);
}
static void
diff --git a/src/plugins/hs_apps/vcl/vcl_test_client.c b/src/plugins/hs_apps/vcl/vcl_test_client.c
index 51544a7a445..0aff98ef1dd 100644
--- a/src/plugins/hs_apps/vcl/vcl_test_client.c
+++ b/src/plugins/hs_apps/vcl/vcl_test_client.c
@@ -51,6 +51,7 @@ typedef struct
vcl_test_t post_test;
uint8_t proto;
uint32_t n_workers;
+ uint32_t ckpair_index;
volatile int active_workers;
struct sockaddr_storage server_addr;
} vcl_test_client_main_t;
@@ -265,6 +266,13 @@ vtc_connect_test_sessions (vcl_test_client_worker_t * wrk)
return ts->fd;
}
+ if (vcm->proto == VPPCOM_PROTO_TLS)
+ {
+ uint32_t ckp_len = sizeof (vcm->ckpair_index);
+ vppcom_session_attr (ts->fd, VPPCOM_ATTR_SET_CKPAIR,
+ &vcm->ckpair_index, &ckp_len);
+ }
+
/* Connect is blocking */
rv = vppcom_session_connect (ts->fd, &vcm->server_endpt);
if (rv < 0)
@@ -1099,11 +1107,23 @@ main (int argc, char **argv)
if (vcm->proto == VPPCOM_PROTO_TLS || vcm->proto == VPPCOM_PROTO_QUIC)
{
+ vppcom_cert_key_pair_t ckpair;
+ uint32_t ckp_len;
+ int ckp_index;
+
vtinf ("Adding tls certs ...");
- vppcom_session_tls_add_cert (ctrl->fd, vcl_test_crt_rsa,
- vcl_test_crt_rsa_len);
- vppcom_session_tls_add_key (ctrl->fd, vcl_test_key_rsa,
- vcl_test_key_rsa_len);
+ ckpair.cert = vcl_test_crt_rsa;
+ ckpair.key = vcl_test_key_rsa;
+ ckpair.cert_len = vcl_test_crt_rsa_len;
+ ckpair.key_len = vcl_test_key_rsa_len;
+ ckp_index = vppcom_add_cert_key_pair (&ckpair);
+ if (ckp_index < 0)
+ vtfail ("vppcom_add_cert_key_pair()", ckp_index);
+
+ vcm->ckpair_index = ckp_index;
+ ckp_len = sizeof (ckp_index);
+ vppcom_session_attr (ctrl->fd, VPPCOM_ATTR_SET_CKPAIR, &ckp_index,
+ &ckp_len);
}
vtinf ("Connecting to server...");
diff --git a/src/plugins/hs_apps/vcl/vcl_test_server.c b/src/plugins/hs_apps/vcl/vcl_test_server.c
index 798fd72b481..a2a4d6ac3b0 100644
--- a/src/plugins/hs_apps/vcl/vcl_test_server.c
+++ b/src/plugins/hs_apps/vcl/vcl_test_server.c
@@ -553,10 +553,22 @@ vts_worker_init (vcl_test_server_worker_t * wrk)
if (vsm->cfg.proto == VPPCOM_PROTO_TLS
|| vsm->cfg.proto == VPPCOM_PROTO_QUIC)
{
- vppcom_session_tls_add_cert (wrk->listen_fd, vcl_test_crt_rsa,
- vcl_test_crt_rsa_len);
- vppcom_session_tls_add_key (wrk->listen_fd, vcl_test_key_rsa,
- vcl_test_key_rsa_len);
+ vppcom_cert_key_pair_t ckpair;
+ uint32_t ckp_len;
+ int ckp_index;
+
+ vtinf ("Adding tls certs ...");
+ ckpair.cert = vcl_test_crt_rsa;
+ ckpair.key = vcl_test_key_rsa;
+ ckpair.cert_len = vcl_test_crt_rsa_len;
+ ckpair.key_len = vcl_test_key_rsa_len;
+ ckp_index = vppcom_add_cert_key_pair (&ckpair);
+ if (ckp_index < 0)
+ vtfail ("vppcom_add_cert_key_pair()", ckp_index);
+
+ ckp_len = sizeof (ckp_index);
+ vppcom_session_attr (wrk->listen_fd, VPPCOM_ATTR_SET_CKPAIR, &ckp_index,
+ &ckp_len);
}
rv = vppcom_session_bind (wrk->listen_fd, &vsm->cfg.endpt);
diff --git a/src/plugins/http_static/http_static.h b/src/plugins/http_static/http_static.h
index daa2ecf9e89..8ee0f92cd44 100644
--- a/src/plugins/http_static/http_static.h
+++ b/src/plugins/http_static/http_static.h
@@ -181,6 +181,9 @@ typedef struct
/** Process node index for event scheduling */
u32 node_index;
+ /** Cert and key pair for tls */
+ u32 ckpair_index;
+
/** Session cleanup timer wheel */
tw_timer_wheel_2t_1w_2048sl_t tw;
clib_spinlock_t tw_lock;
diff --git a/src/plugins/http_static/static_server.c b/src/plugins/http_static/static_server.c
index 0ae67412016..b354666f816 100644
--- a/src/plugins/http_static/static_server.c
+++ b/src/plugins/http_static/static_server.c
@@ -1140,8 +1140,7 @@ static session_cb_vft_t http_static_server_session_cb_vft = {
static int
http_static_server_attach ()
{
- vnet_app_add_tls_cert_args_t _a_cert, *a_cert = &_a_cert;
- vnet_app_add_tls_key_args_t _a_key, *a_key = &_a_key;
+ vnet_app_add_cert_key_pair_args_t _ck_pair, *ck_pair = &_ck_pair;
http_static_server_main_t *hsm = &http_static_server_main;
u64 options[APP_OPTIONS_N_OPTIONS];
vnet_app_attach_args_t _a, *a = &_a;
@@ -1175,17 +1174,13 @@ http_static_server_attach ()
vec_free (a->name);
hsm->app_index = a->app_index;
- clib_memset (a_cert, 0, sizeof (*a_cert));
- a_cert->app_index = a->app_index;
- vec_validate (a_cert->cert, test_srv_crt_rsa_len);
- clib_memcpy_fast (a_cert->cert, test_srv_crt_rsa, test_srv_crt_rsa_len);
- vnet_app_add_tls_cert (a_cert);
-
- clib_memset (a_key, 0, sizeof (*a_key));
- a_key->app_index = a->app_index;
- vec_validate (a_key->key, test_srv_key_rsa_len);
- clib_memcpy_fast (a_key->key, test_srv_key_rsa, test_srv_key_rsa_len);
- vnet_app_add_tls_key (a_key);
+ clib_memset (ck_pair, 0, sizeof (*ck_pair));
+ ck_pair->cert = (u8 *) test_srv_crt_rsa;
+ ck_pair->key = (u8 *) test_srv_key_rsa;
+ ck_pair->cert_len = test_srv_crt_rsa_len;
+ ck_pair->key_len = test_srv_key_rsa_len;
+ vnet_app_add_cert_key_pair (ck_pair);
+ hsm->ckpair_index = ck_pair->index;
return 0;
}
@@ -1194,13 +1189,23 @@ static int
http_static_server_listen ()
{
http_static_server_main_t *hsm = &http_static_server_main;
+ session_endpoint_cfg_t sep = SESSION_ENDPOINT_CFG_NULL;
vnet_listen_args_t _a, *a = &_a;
+ char *uri = "tcp://0.0.0.0/80";
+
clib_memset (a, 0, sizeof (*a));
a->app_index = hsm->app_index;
- a->uri = "tcp://0.0.0.0/80";
+
if (hsm->uri)
- a->uri = (char *) hsm->uri;
- return vnet_bind_uri (a);
+ uri = (char *) hsm->uri;
+
+ if (parse_uri (uri, &sep))
+ return -1;
+
+ clib_memcpy (&a->sep_ext, &sep, sizeof (sep));
+ a->sep_ext.ckpair_index = hsm->ckpair_index;
+
+ return vnet_listen (a);
}
static void