summaryrefslogtreecommitdiffstats
path: root/src/vnet/session/application_interface.c
diff options
context:
space:
mode:
authorFlorin Coras <fcoras@cisco.com>2018-02-21 12:07:41 -0800
committerDave Barach <openvpp@barachs.net>2018-03-02 12:54:31 +0000
commit371ca50a74a9c4f1b74c4c1b65c6fdec610fcfc3 (patch)
tree947e800faa7846223bdf8fb73429c657ddaf5805 /src/vnet/session/application_interface.c
parent9e6356962a0cbb84f7ea9056b954d65aaa231a61 (diff)
session: first approximation implementation of tls
It consists of two main parts. First, add an application transport type whereby applications can offer transport to other applications. For instance, a tls app can offer transport services to other applications. And second, a tls transport app that leverages the mbedtls library for tls protocol implementation. Change-Id: I616996c6e6539a9e2368fab8a1ac874d7c5d9838 Signed-off-by: Florin Coras <fcoras@cisco.com>
Diffstat (limited to 'src/vnet/session/application_interface.c')
-rw-r--r--src/vnet/session/application_interface.c92
1 files changed, 75 insertions, 17 deletions
diff --git a/src/vnet/session/application_interface.c b/src/vnet/session/application_interface.c
index fd079b5147b..12a5701fdf3 100644
--- a/src/vnet/session/application_interface.c
+++ b/src/vnet/session/application_interface.c
@@ -22,6 +22,61 @@
VPP's application/session API bind/unbind/connect/disconnect calls
*/
+/*
+ * TLS server cert and keys to be used for testing only
+ */
+const char test_srv_crt_rsa[] =
+ "-----BEGIN CERTIFICATE-----\r\n"
+ "MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n"
+ "MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n"
+ "MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n"
+ "A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN\r\n"
+ "AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN\r\n"
+ "owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz\r\n"
+ "NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM\r\n"
+ "tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P\r\n"
+ "hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya\r\n"
+ "HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYD\r\n"
+ "VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw\r\n"
+ "FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQEFBQADggEBAJxnXClY\r\n"
+ "oHkbp70cqBrsGXLybA74czbO5RdLEgFs7rHVS9r+c293luS/KdliLScZqAzYVylw\r\n"
+ "UfRWvKMoWhHYKp3dEIS4xTXk6/5zXxhv9Rw8SGc8qn6vITHk1S1mPevtekgasY5Y\r\n"
+ "iWQuM3h4YVlRH3HHEMAD1TnAexfXHHDFQGe+Bd1iAbz1/sH9H8l4StwX6egvTK3M\r\n"
+ "wXRwkKkvjKaEDA9ATbZx0mI8LGsxSuCqe9r9dyjmttd47J1p1Rulz3CLzaRcVIuS\r\n"
+ "RRQfaD8neM9c1S/iJ/amTVqJxA1KOdOS5780WhPfSArA+g4qAmSjelc3p4wWpha8\r\n"
+ "zhuYwjVuX6JHG0c=\r\n" "-----END CERTIFICATE-----\r\n";
+const u32 test_srv_crt_rsa_len = sizeof (test_srv_crt_rsa);
+
+const char test_srv_key_rsa[] =
+ "-----BEGIN RSA PRIVATE KEY-----\r\n"
+ "MIIEpAIBAAKCAQEAwU2j3efNHdEE10lyuJmsDnjkOjxKzzoTFtBa5M2jAIin7h5r\r\n"
+ "lqdStJDvLXJ6PiSa/LY0rCT1d+AmZIycsCh9odrqjObJHJa8/sEEUrM21KP64bF2\r\n"
+ "2JDBYbRmUjaiJlOqq3ReB30Zgtsq2B+g2Q0cLUlm91slc0boC4pPaQy1AJDh2oIQ\r\n"
+ "Zn2uVCuLZXmRoeJhw81ASQjuaAzxi4bSRr/QuKoRAx5/VqgaHkQYDw+Fi9qLRF7i\r\n"
+ "GMZiL8dmjfpd2H3zJ4kpAcWQDj8n8TDISg7v1t7HxydrxwU9esQCPJodPg/oNJhb\r\n"
+ "y3NLUpbYEaIsgIhpOVrTD7DeWS8Rx/fqEgEwlwIDAQABAoIBAQCXR0S8EIHFGORZ\r\n"
+ "++AtOg6eENxD+xVs0f1IeGz57Tjo3QnXX7VBZNdj+p1ECvhCE/G7XnkgU5hLZX+G\r\n"
+ "Z0jkz/tqJOI0vRSdLBbipHnWouyBQ4e/A1yIJdlBtqXxJ1KE/ituHRbNc4j4kL8Z\r\n"
+ "/r6pvwnTI0PSx2Eqs048YdS92LT6qAv4flbNDxMn2uY7s4ycS4Q8w1JXnCeaAnYm\r\n"
+ "WYI5wxO+bvRELR2Mcz5DmVnL8jRyml6l6582bSv5oufReFIbyPZbQWlXgYnpu6He\r\n"
+ "GTc7E1zKYQGG/9+DQUl/1vQuCPqQwny0tQoX2w5tdYpdMdVm+zkLtbajzdTviJJa\r\n"
+ "TWzL6lt5AoGBAN86+SVeJDcmQJcv4Eq6UhtRr4QGMiQMz0Sod6ettYxYzMgxtw28\r\n"
+ "CIrgpozCc+UaZJLo7UxvC6an85r1b2nKPCLQFaggJ0H4Q0J/sZOhBIXaoBzWxveK\r\n"
+ "nupceKdVxGsFi8CDy86DBfiyFivfBj+47BbaQzPBj7C4rK7UlLjab2rDAoGBAN2u\r\n"
+ "AM2gchoFiu4v1HFL8D7lweEpi6ZnMJjnEu/dEgGQJFjwdpLnPbsj4c75odQ4Gz8g\r\n"
+ "sw9lao9VVzbusoRE/JGI4aTdO0pATXyG7eG1Qu+5Yc1YGXcCrliA2xM9xx+d7f+s\r\n"
+ "mPzN+WIEg5GJDYZDjAzHG5BNvi/FfM1C9dOtjv2dAoGAF0t5KmwbjWHBhcVqO4Ic\r\n"
+ "BVvN3BIlc1ue2YRXEDlxY5b0r8N4XceMgKmW18OHApZxfl8uPDauWZLXOgl4uepv\r\n"
+ "whZC3EuWrSyyICNhLY21Ah7hbIEBPF3L3ZsOwC+UErL+dXWLdB56Jgy3gZaBeW7b\r\n"
+ "vDrEnocJbqCm7IukhXHOBK8CgYEAwqdHB0hqyNSzIOGY7v9abzB6pUdA3BZiQvEs\r\n"
+ "3LjHVd4HPJ2x0N8CgrBIWOE0q8+0hSMmeE96WW/7jD3fPWwCR5zlXknxBQsfv0gP\r\n"
+ "3BC5PR0Qdypz+d+9zfMf625kyit4T/hzwhDveZUzHnk1Cf+IG7Q+TOEnLnWAWBED\r\n"
+ "ISOWmrUCgYAFEmRxgwAc/u+D6t0syCwAYh6POtscq9Y0i9GyWk89NzgC4NdwwbBH\r\n"
+ "4AgahOxIxXx2gxJnq3yfkJfIjwf0s2DyP0kY2y6Ua1OeomPeY9mrIS4tCuDQ6LrE\r\n"
+ "TB6l9VGoxJL4fyHnZb8L5gGvnB1bbD8cL6YPaDiOhcRseC9vBiEuVg==\r\n"
+ "-----END RSA PRIVATE KEY-----\r\n";
+const u32 test_srv_key_rsa_len = sizeof (test_srv_key_rsa);
+
static u8
session_endpoint_is_local (session_endpoint_t * sep)
{
@@ -179,8 +234,8 @@ vnet_unbind_i (u32 app_index, session_handle_t handle)
}
int
-vnet_connect_i (u32 client_index, u32 api_context, session_endpoint_t * sep,
- void *mp)
+application_connect (u32 client_index, u32 api_context,
+ session_endpoint_t * sep)
{
application_t *server, *client;
u32 table_index, server_index, li;
@@ -277,22 +332,23 @@ uword
unformat_vnet_uri (unformat_input_t * input, va_list * args)
{
session_endpoint_t *sep = va_arg (*args, session_endpoint_t *);
- u32 transport_proto = 0;
- if (unformat (input, "%U://%U/%d", unformat_transport_proto,
- &transport_proto, unformat_ip4_address, &sep->ip.ip4,
- &sep->port))
+ u32 transport_proto = 0, port;
+
+ if (unformat
+ (input, "%U://%U/%d", unformat_transport_proto, &transport_proto,
+ unformat_ip4_address, &sep->ip.ip4, &port))
{
sep->transport_proto = transport_proto;
- sep->port = clib_host_to_net_u16 (sep->port);
+ sep->port = clib_host_to_net_u16 (port);
sep->is_ip4 = 1;
return 1;
}
- if (unformat (input, "%U://%U/%d", unformat_transport_proto,
- &transport_proto, unformat_ip6_address, &sep->ip.ip6,
- &sep->port))
+ else if (unformat (input, "%U://%U/%d", unformat_transport_proto,
+ &transport_proto, unformat_ip6_address, &sep->ip.ip6,
+ &port))
{
sep->transport_proto = transport_proto;
- sep->port = clib_host_to_net_u16 (sep->port);
+ sep->port = clib_host_to_net_u16 (port);
sep->is_ip4 = 0;
return 1;
}
@@ -440,8 +496,8 @@ vnet_bind_uri (vnet_bind_args_t * a)
int
vnet_unbind_uri (vnet_unbind_args_t * a)
{
- stream_session_t *listener;
session_endpoint_t sep = SESSION_ENDPOINT_NULL;
+ stream_session_t *listener;
int rv;
rv = parse_uri (a->uri, &sep);
@@ -459,15 +515,15 @@ vnet_unbind_uri (vnet_unbind_args_t * a)
clib_error_t *
vnet_connect_uri (vnet_connect_args_t * a)
{
- session_endpoint_t sep_null = SESSION_ENDPOINT_NULL;
+ session_endpoint_t sep = SESSION_ENDPOINT_NULL;
int rv;
/* Parse uri */
- a->sep = sep_null;
- rv = parse_uri (a->uri, &a->sep);
+ rv = parse_uri (a->uri, &sep);
if (rv)
return clib_error_return_code (0, rv, 0, "app init: %d", rv);
- if ((rv = vnet_connect_i (a->app_index, a->api_context, &a->sep, a->mp)))
+
+ if ((rv = application_connect (a->app_index, a->api_context, &sep)))
return clib_error_return_code (0, rv, 0, "connect failed");
return 0;
}
@@ -523,8 +579,10 @@ vnet_unbind (vnet_unbind_args_t * a)
clib_error_t *
vnet_connect (vnet_connect_args_t * a)
{
+ session_endpoint_t *sep = &a->sep;
int rv;
- if ((rv = vnet_connect_i (a->app_index, a->api_context, &a->sep, a->mp)))
+
+ if ((rv = application_connect (a->app_index, a->api_context, sep)))
return clib_error_return_code (0, rv, 0, "connect failed");
return 0;
}