diff options
| author |   Nathan Skrzypczak <nathan.skrzypczak@gmail.com> | 2019-09-13 11:08:13 +0200 |
|---|---|---|
| committer |   Florin Coras <florin.coras@gmail.com> | 2019-10-09 01:09:11 +0000 |
| commit | 79f89537c6fd3baeac03354a3381f42895fe2ca8 (patch) | |
| tree | 967f83e5a26a4fcfb7857c122d2217a1094f9942 /src/vnet/session/application_interface.h | |
| parent | ff5a9b6ecd744ff5c42e6c2388dd31a338ea6a0c (diff) | |
session: Add certificate store
Type: feature
This changes the behavior of both API calls
APPLICATION_TLS_CERT_ADD & APPLICATION_TLS_KEY_ADD
certificates and keys aren't bound to an app, they are
passed to it via connect / listen using the message
queue.
This should be followed by a per protocol (QUIC/TLS)
crypto_context store to save devrived structs
Change-Id: I36873bc8b63b5c72776c69e8cd9febc9cae31882
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
Diffstat (limited to 'src/vnet/session/application_interface.h')
| -rw-r--r-- | src/vnet/session/application_interface.h | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/src/vnet/session/application_interface.h b/src/vnet/session/application_interface.h index 17f7ef209e5..fa6206a5279 100644 --- a/src/vnet/session/application_interface.h +++ b/src/vnet/session/application_interface.h @@ -21,6 +21,14 @@ #include <vnet/tls/tls_test.h> #include <svm/fifo_segment.h> +typedef struct certificate_ +{ + u32 *app_interests; /* vec of application index asking for deletion cb */ + u32 cert_key_index; /* index in cert & key pool */ + u8 *key; + u8 *cert; +} app_cert_key_pair_t; + typedef struct _stream_session_cb_vft { /** Notify server of new segment */ @@ -57,6 +65,9 @@ typedef struct _stream_session_cb_vft /** Direct TX callback for built-in application */ int (*builtin_app_tx_callback) (session_t * session); + /** Cert and key pair delete notification */ + int (*app_cert_key_pair_delete_callback) (app_cert_key_pair_t * ckpair); + } session_cb_vft_t; #define foreach_app_init_args \ @@ -158,6 +169,13 @@ typedef enum tls_engine_type_ TLS_N_ENGINES } tls_engine_type_t; +typedef struct _vnet_app_add_cert_key_pair_args_ +{ + u8 *cert; + u8 *key; + u32 index; +} vnet_app_add_cert_key_pair_args_t; + /* Application attach options */ typedef enum { @@ -236,6 +254,9 @@ int vnet_disconnect_session (vnet_disconnect_args_t * a); clib_error_t *vnet_app_add_tls_cert (vnet_app_add_tls_cert_args_t * a); clib_error_t *vnet_app_add_tls_key (vnet_app_add_tls_key_args_t * a); +int vnet_app_add_cert_key_pair (vnet_app_add_cert_key_pair_args_t * a); +int vnet_app_del_cert_key_pair (u32 index); +int vent_app_add_cert_key_interest (u32 index, u32 app_index); /* Ask for app cb on pair deletion */ typedef struct app_session_transport_ { @@ -273,6 +294,7 @@ typedef struct session_listen_msg_ u8 proto; u8 is_ip4; ip46_address_t ip; + u32 ckpair_index; } __clib_packed session_listen_msg_t; typedef struct session_listen_uri_msg_ @@ -345,6 +367,7 @@ typedef struct session_connect_msg_ u8 hostname_len; u8 hostname[16]; u64 parent_handle; + u32 ckpair_index; } __clib_packed session_connect_msg_t; typedef struct session_connect_uri_msg_ |