diff options
| author |   Florin Coras <fcoras@cisco.com> | 2018-02-21 12:07:41 -0800 |
|---|---|---|
| committer |   Dave Barach <openvpp@barachs.net> | 2018-03-02 12:54:31 +0000 |
| commit | 371ca50a74a9c4f1b74c4c1b65c6fdec610fcfc3 (patch) | |
| tree | 947e800faa7846223bdf8fb73429c657ddaf5805 /src/vnet/session/session_api.c | |
| parent | 9e6356962a0cbb84f7ea9056b954d65aaa231a61 (diff) | |
session: first approximation implementation of tls
It consists of two main parts. First, add an application transport type
whereby applications can offer transport to other applications. For
instance, a tls app can offer transport services to other applications.
And second, a tls transport app that leverages the mbedtls library for
tls protocol implementation.
Change-Id: I616996c6e6539a9e2368fab8a1ac874d7c5d9838
Signed-off-by: Florin Coras <fcoras@cisco.com>
Diffstat (limited to 'src/vnet/session/session_api.c')
| -rwxr-xr-x | src/vnet/session/session_api.c | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/src/vnet/session/session_api.c b/src/vnet/session/session_api.c index f21701c3896..6c2643c8995 100755 --- a/src/vnet/session/session_api.c +++ b/src/vnet/session/session_api.c @@ -56,6 +56,8 @@ _(SESSION_ENABLE_DISABLE, session_enable_disable) \ _(APP_NAMESPACE_ADD_DEL, app_namespace_add_del) \ _(SESSION_RULE_ADD_DEL, session_rule_add_del) \ _(SESSION_RULES_DUMP, session_rules_dump) \ +_(APPLICATION_TLS_CERT_ADD, application_tls_cert_add) \ +_(APPLICATION_TLS_KEY_ADD, application_tls_key_add) \ static int session_send_memfd_fd (vl_api_registration_t * reg, const ssvm_private_t * sp) @@ -1102,6 +1104,64 @@ vl_api_session_rules_dump_t_handler (vl_api_one_map_server_dump_t * mp) /* *INDENT-ON* */ } +static void +vl_api_application_tls_cert_add_t_handler (vl_api_application_tls_cert_add_t * + mp) +{ + vl_api_app_namespace_add_del_reply_t *rmp; + vnet_app_add_tls_cert_args_t _a, *a = &_a; + clib_error_t *error; + u32 cert_len; + int rv = 0; + if (!session_manager_is_enabled ()) + { + rv = VNET_API_ERROR_FEATURE_DISABLED; + goto done; + } + memset (a, 0, sizeof (*a)); + a->app_index = clib_net_to_host_u32 (mp->app_index); + cert_len = clib_net_to_host_u16 (mp->cert_len); + vec_validate (a->cert, cert_len); + clib_memcpy (a->cert, mp->cert, cert_len); + if ((error = vnet_app_add_tls_cert (a))) + { + rv = clib_error_get_code (error); + clib_error_report (error); + } + vec_free (a->cert); +done: + REPLY_MACRO (VL_API_APPLICATION_TLS_CERT_ADD_REPLY); +} + +static void +vl_api_application_tls_key_add_t_handler (vl_api_application_tls_key_add_t * + mp) +{ + vl_api_app_namespace_add_del_reply_t *rmp; + vnet_app_add_tls_key_args_t _a, *a = &_a; + clib_error_t *error; + u32 key_len; + int rv = 0; + if (!session_manager_is_enabled ()) + { + rv = VNET_API_ERROR_FEATURE_DISABLED; + goto done; + } + memset (a, 0, sizeof (*a)); + a->app_index = clib_net_to_host_u32 (mp->app_index); + key_len = clib_net_to_host_u16 (mp->key_len); + vec_validate (a->key, key_len); + clib_memcpy (a->key, mp->key, key_len); + if ((error = vnet_app_add_tls_key (a))) + { + rv = clib_error_get_code (error); + clib_error_report (error); + } + vec_free (a->key); +done: + REPLY_MACRO (VL_API_APPLICATION_TLS_KEY_ADD_REPLY); +} + static clib_error_t * application_reaper_cb (u32 client_index) { |