diff options
author | Florin Coras <fcoras@cisco.com> | 2021-04-21 09:05:56 -0700 |
---|---|---|
committer | Florin Coras <florin.coras@gmail.com> | 2021-04-22 16:07:11 +0000 |
commit | a54b62d77794dee48510e7c128d3ab2fc90934b3 (patch) | |
tree | 019fb22c41ccf585c6a99bb778dc291f672abdc1 /src/vnet/tls | |
parent | c7e7819ad5c152168a5f1a217c3b72043fd48797 (diff) |
vcl session: refactor passing of crypto context
Pass tls/quic crypto context using extended config instead of bloating
conect/listen messages.
Type: refactor
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I0bc637ae310e6c31ef1e16847501dcb81453ee94
Diffstat (limited to 'src/vnet/tls')
-rw-r--r-- | src/vnet/tls/tls.c | 47 |
1 files changed, 36 insertions, 11 deletions
diff --git a/src/vnet/tls/tls.c b/src/vnet/tls/tls.c index a950f142932..808c151dac5 100644 --- a/src/vnet/tls/tls.c +++ b/src/vnet/tls/tls.c @@ -280,8 +280,15 @@ tls_ctx_parse_handle (u32 ctx_handle, u32 * ctx_index, u32 * engine_type) } static inline crypto_engine_type_t -tls_get_engine_type (crypto_engine_type_t preferred) +tls_get_engine_type (crypto_engine_type_t requested, + crypto_engine_type_t preferred) { + if (requested != CRYPTO_ENGINE_NONE) + { + if (tls_vfts[requested].ctx_alloc) + return requested; + return CRYPTO_ENGINE_NONE; + } if (!tls_vfts[preferred].ctx_alloc) return tls_get_available_engine (); return preferred; @@ -662,6 +669,7 @@ int tls_connect (transport_endpoint_cfg_t * tep) { vnet_connect_args_t _cargs = { {}, }, *cargs = &_cargs; + transport_endpt_crypto_cfg_t *ccfg; crypto_engine_type_t engine_type; session_endpoint_cfg_t *sep; tls_main_t *tm = &tls_main; @@ -672,9 +680,14 @@ tls_connect (transport_endpoint_cfg_t * tep) int rv; sep = (session_endpoint_cfg_t *) tep; + if (!sep->ext_cfg) + return -1; + app_wrk = app_worker_get (sep->app_wrk_index); app = application_get (app_wrk->app_index); - engine_type = tls_get_engine_type (app->tls_engine); + + ccfg = &sep->ext_cfg->crypto; + engine_type = tls_get_engine_type (ccfg->crypto_engine, app->tls_engine); if (engine_type == CRYPTO_ENGINE_NONE) { clib_warning ("No tls engine_type available"); @@ -686,11 +699,11 @@ tls_connect (transport_endpoint_cfg_t * tep) ctx->parent_app_wrk_index = sep->app_wrk_index; ctx->parent_app_api_context = sep->opaque; ctx->tcp_is_ip4 = sep->is_ip4; - ctx->ckpair_index = sep->ckpair_index; ctx->tls_type = sep->transport_proto; - if (sep->hostname) + ctx->ckpair_index = ccfg->ckpair_index; + if (ccfg->hostname[0]) { - ctx->srv_hostname = format (0, "%v", sep->hostname); + ctx->srv_hostname = format (0, "%s", ccfg->hostname); vec_terminate_c_string (ctx->srv_hostname); } tls_ctx_half_open_reader_unlock (); @@ -725,6 +738,7 @@ u32 tls_start_listen (u32 app_listener_index, transport_endpoint_t * tep) { vnet_listen_args_t _bargs, *args = &_bargs; + transport_endpt_crypto_cfg_t *ccfg; app_worker_t *app_wrk; tls_main_t *tm = &tls_main; session_handle_t tls_al_handle; @@ -738,9 +752,14 @@ tls_start_listen (u32 app_listener_index, transport_endpoint_t * tep) u32 lctx_index; sep = (session_endpoint_cfg_t *) tep; + if (!sep->ext_cfg) + return -1; + app_wrk = app_worker_get (sep->app_wrk_index); app = application_get (app_wrk->app_index); - engine_type = tls_get_engine_type (app->tls_engine); + + ccfg = &sep->ext_cfg->crypto; + engine_type = tls_get_engine_type (ccfg->crypto_engine, app->tls_engine); if (engine_type == CRYPTO_ENGINE_NONE) { clib_warning ("No tls engine_type available"); @@ -774,8 +793,8 @@ tls_start_listen (u32 app_listener_index, transport_endpoint_t * tep) lctx->app_session_handle = listen_session_get_handle (app_listener); lctx->tcp_is_ip4 = sep->is_ip4; lctx->tls_ctx_engine = engine_type; - lctx->ckpair_index = sep->ckpair_index; lctx->tls_type = sep->transport_proto; + lctx->ckpair_index = ccfg->ckpair_index; if (tls_vfts[engine_type].ctx_start_listen (lctx)) { @@ -1076,6 +1095,7 @@ int dtls_connect (transport_endpoint_cfg_t *tep) { vnet_connect_args_t _cargs = { {}, }, *cargs = &_cargs; + transport_endpt_crypto_cfg_t *ccfg; crypto_engine_type_t engine_type; session_endpoint_cfg_t *sep; tls_main_t *tm = &tls_main; @@ -1086,9 +1106,14 @@ dtls_connect (transport_endpoint_cfg_t *tep) int rv; sep = (session_endpoint_cfg_t *) tep; + if (!sep->ext_cfg) + return -1; + app_wrk = app_worker_get (sep->app_wrk_index); app = application_get (app_wrk->app_index); - engine_type = tls_get_engine_type (app->tls_engine); + + ccfg = &sep->ext_cfg->crypto; + engine_type = tls_get_engine_type (ccfg->crypto_engine, app->tls_engine); if (engine_type == CRYPTO_ENGINE_NONE) { clib_warning ("No tls engine_type available"); @@ -1100,12 +1125,12 @@ dtls_connect (transport_endpoint_cfg_t *tep) ctx->parent_app_wrk_index = sep->app_wrk_index; ctx->parent_app_api_context = sep->opaque; ctx->tcp_is_ip4 = sep->is_ip4; - ctx->ckpair_index = sep->ckpair_index; + ctx->ckpair_index = ccfg->ckpair_index; ctx->tls_type = sep->transport_proto; ctx->tls_ctx_handle = ctx_handle; - if (sep->hostname) + if (ccfg->hostname[0]) { - ctx->srv_hostname = format (0, "%v", sep->hostname); + ctx->srv_hostname = format (0, "%s", ccfg->hostname); vec_terminate_c_string (ctx->srv_hostname); } |