aboutsummaryrefslogtreecommitdiffstats
path: root/src/vnet/session
diff options
context:
space:
mode:
authorFlorin Coras <fcoras@cisco.com>2021-08-11 14:55:49 -0700
committerDave Barach <openvpp@barachs.net>2021-08-12 14:47:31 +0000
commite191d76d248ebbb022533d518b447b7df4efd371 (patch)
treed4953f922582e078aadf7148f7e4300e40d85001 /src/vnet/session
parent8c7f5c809fecec80cdfdcae6cab1592defddc931 (diff)
session vcl: cert key add/del with socket api
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I70791285cbf427479d2dcbf70ffdce2253add2fb
Diffstat (limited to 'src/vnet/session')
-rw-r--r--src/vnet/session/application_interface.h20
-rw-r--r--src/vnet/session/session_api.c80
-rw-r--r--src/vnet/session/session_types.h1
3 files changed, 101 insertions, 0 deletions
diff --git a/src/vnet/session/application_interface.h b/src/vnet/session/application_interface.h
index b10dd6c150d..ca8dc38c4e1 100644
--- a/src/vnet/session/application_interface.h
+++ b/src/vnet/session/application_interface.h
@@ -817,6 +817,8 @@ typedef enum app_sapi_msg_type
APP_SAPI_MSG_TYPE_ADD_DEL_WORKER,
APP_SAPI_MSG_TYPE_ADD_DEL_WORKER_REPLY,
APP_SAPI_MSG_TYPE_SEND_FDS,
+ APP_SAPI_MSG_TYPE_ADD_DEL_CERT_KEY,
+ APP_SAPI_MSG_TYPE_ADD_DEL_CERT_KEY_REPLY,
} __clib_packed app_sapi_msg_type_e;
typedef struct app_sapi_attach_msg_
@@ -861,6 +863,22 @@ typedef struct app_sapi_worker_add_del_reply_msg_
u8 is_add;
} __clib_packed app_sapi_worker_add_del_reply_msg_t;
+typedef struct app_sapi_cert_key_add_del_msg_
+{
+ u32 context;
+ u32 index;
+ u16 cert_len;
+ u16 certkey_len;
+ u8 is_add;
+} __clib_packed app_sapi_cert_key_add_del_msg_t;
+
+typedef struct app_sapi_cert_key_add_del_reply_msg_
+{
+ u32 context;
+ i32 retval;
+ u32 index;
+} __clib_packed app_sapi_cert_key_add_del_reply_msg_t;
+
typedef struct app_sapi_msg_
{
app_sapi_msg_type_e type;
@@ -870,6 +888,8 @@ typedef struct app_sapi_msg_
app_sapi_attach_reply_msg_t attach_reply;
app_sapi_worker_add_del_msg_t worker_add_del;
app_sapi_worker_add_del_reply_msg_t worker_add_del_reply;
+ app_sapi_cert_key_add_del_msg_t cert_key_add_del;
+ app_sapi_cert_key_add_del_reply_msg_t cert_key_add_del_reply;
};
} __clib_packed app_sapi_msg_t;
diff --git a/src/vnet/session/session_api.c b/src/vnet/session/session_api.c
index 00e67dcd2d0..e420099e308 100644
--- a/src/vnet/session/session_api.c
+++ b/src/vnet/session/session_api.c
@@ -1489,6 +1489,83 @@ done:
}
static void
+sapi_add_del_cert_key_handler (app_namespace_t *app_ns, clib_socket_t *cs,
+ app_sapi_cert_key_add_del_msg_t *mp)
+{
+ vnet_app_add_cert_key_pair_args_t _a, *a = &_a;
+ app_sapi_cert_key_add_del_reply_msg_t *rmp;
+ app_sapi_msg_t msg = { 0 };
+ int rv = 0;
+
+ if (mp->is_add)
+ {
+ const u32 max_certkey_len = 2e4, max_cert_len = 1e4, max_key_len = 1e4;
+ clib_error_t *err;
+ u8 *certkey = 0;
+ u32 key_len;
+
+ if (mp->certkey_len > max_certkey_len)
+ {
+ rv = SESSION_E_INVALID;
+ goto send_reply;
+ }
+
+ vec_validate (certkey, mp->certkey_len - 1);
+ err = clib_socket_recvmsg (cs, certkey, mp->certkey_len, 0, 0);
+ if (err)
+ {
+ clib_error_report (err);
+ clib_error_free (err);
+ rv = SESSION_E_INVALID;
+ goto send_reply;
+ }
+
+ if (mp->cert_len > max_cert_len)
+ {
+ rv = SESSION_E_INVALID;
+ goto send_reply;
+ }
+
+ if (mp->certkey_len < mp->cert_len)
+ {
+ rv = SESSION_E_INVALID;
+ goto send_reply;
+ }
+
+ key_len = mp->certkey_len - mp->cert_len;
+ if (key_len > max_key_len)
+ {
+ rv = SESSION_E_INVALID;
+ goto send_reply;
+ }
+
+ clib_memset (a, 0, sizeof (*a));
+ a->cert = certkey;
+ a->key = certkey + mp->cert_len;
+ a->cert_len = mp->cert_len;
+ a->key_len = key_len;
+ rv = vnet_app_add_cert_key_pair (a);
+
+ vec_free (certkey);
+ }
+ else
+ {
+ rv = vnet_app_del_cert_key_pair (mp->index);
+ }
+
+send_reply:
+
+ msg.type = APP_SAPI_MSG_TYPE_ADD_DEL_CERT_KEY_REPLY;
+ rmp = &msg.cert_key_add_del_reply;
+ rmp->retval = rv;
+ rmp->context = mp->context;
+ if (!rv && mp->is_add)
+ rmp->index = a->index;
+
+ clib_socket_sendmsg (cs, &msg, sizeof (msg), 0, 0);
+}
+
+static void
sapi_socket_detach (app_namespace_t * app_ns, clib_socket_t * cs)
{
app_ns_api_handle_t *handle;
@@ -1548,6 +1625,9 @@ sapi_sock_read_ready (clib_file_t * cf)
case APP_SAPI_MSG_TYPE_ADD_DEL_WORKER:
sapi_add_del_worker_handler (app_ns, cs, &msg.worker_add_del);
break;
+ case APP_SAPI_MSG_TYPE_ADD_DEL_CERT_KEY:
+ sapi_add_del_cert_key_handler (app_ns, cs, &msg.cert_key_add_del);
+ break;
default:
clib_warning ("app wrk %u unknown message type: %u",
handle->aah_app_wrk_index, msg.type);
diff --git a/src/vnet/session/session_types.h b/src/vnet/session/session_types.h
index 246978e0ac3..0cf463d569d 100644
--- a/src/vnet/session/session_types.h
+++ b/src/vnet/session/session_types.h
@@ -469,6 +469,7 @@ STATIC_ASSERT (sizeof (session_dgram_hdr_t) == (SESSION_CONN_ID_LEN + 8),
_ (PORTINUSE, "lcl port in use") \
_ (IPINUSE, "ip in use") \
_ (ALREADY_LISTENING, "ip port pair already listened on") \
+ _ (INVALID, "invalid value") \
_ (INVALID_RMT_IP, "invalid remote ip") \
_ (INVALID_APPWRK, "invalid app worker") \
_ (INVALID_NS, "invalid namespace") \