diff options
| -rw-r--r-- | src/vnet/tls/tls.c | 156 | ||||
| -rw-r--r-- | src/vnet/tls/tls.h | 7 | ||||
| -rw-r--r-- | src/vnet/tls/tls_inlines.h | 129 |
3 files changed, 152 insertions, 140 deletions
diff --git a/src/vnet/tls/tls.c b/src/vnet/tls/tls.c index 5f00e6e302d..9bc9323732e 100644 --- a/src/vnet/tls/tls.c +++ b/src/vnet/tls/tls.c @@ -16,13 +16,10 @@ #include <vnet/session/application_interface.h> #include <vppinfra/lock.h> #include <vnet/tls/tls.h> +#include <vnet/tls/tls_inlines.h> static tls_main_t tls_main; -static tls_engine_vft_t *tls_vfts; - -#define TLS_INVALID_HANDLE ~0 -#define TLS_IDX_MASK 0x00FFFFFF -#define TLS_ENGINE_TYPE_SHIFT 28 +tls_engine_vft_t *tls_vfts; void tls_disconnect (u32 ctx_handle, u32 thread_index); @@ -50,6 +47,21 @@ tls_get_available_engine (void) return CRYPTO_ENGINE_NONE; } +static crypto_engine_type_t +tls_get_engine_type (crypto_engine_type_t requested, + crypto_engine_type_t preferred) +{ + if (requested != CRYPTO_ENGINE_NONE) + { + if (tls_vfts[requested].ctx_alloc) + return requested; + return CRYPTO_ENGINE_NONE; + } + if (!tls_vfts[preferred].ctx_alloc) + return tls_get_available_engine (); + return preferred; +} + int tls_add_vpp_q_rx_evt (session_t * s) { @@ -295,140 +307,6 @@ send_reply: ctx->parent_app_api_context); } -static inline void -tls_ctx_parse_handle (u32 ctx_handle, u32 * ctx_index, u32 * engine_type) -{ - *ctx_index = ctx_handle & TLS_IDX_MASK; - *engine_type = ctx_handle >> TLS_ENGINE_TYPE_SHIFT; -} - -static inline crypto_engine_type_t -tls_get_engine_type (crypto_engine_type_t requested, - crypto_engine_type_t preferred) -{ - if (requested != CRYPTO_ENGINE_NONE) - { - if (tls_vfts[requested].ctx_alloc) - return requested; - return CRYPTO_ENGINE_NONE; - } - if (!tls_vfts[preferred].ctx_alloc) - return tls_get_available_engine (); - return preferred; -} - -static inline u32 -tls_ctx_alloc (crypto_engine_type_t engine_type) -{ - u32 ctx_index; - ctx_index = tls_vfts[engine_type].ctx_alloc (); - return (((u32) engine_type << TLS_ENGINE_TYPE_SHIFT) | ctx_index); -} - -static inline u32 -tls_ctx_alloc_w_thread (crypto_engine_type_t engine_type, u32 thread_index) -{ - u32 ctx_index; - ctx_index = tls_vfts[engine_type].ctx_alloc_w_thread (thread_index); - return (((u32) engine_type << TLS_ENGINE_TYPE_SHIFT) | ctx_index); -} - -static inline u32 -tls_ctx_attach (crypto_engine_type_t engine_type, u32 thread_index, void *ctx) -{ - u32 ctx_index; - ctx_index = tls_vfts[engine_type].ctx_attach (thread_index, ctx); - return (((u32) engine_type << TLS_ENGINE_TYPE_SHIFT) | ctx_index); -} - -static inline void * -tls_ctx_detach (tls_ctx_t *ctx) -{ - return tls_vfts[ctx->tls_ctx_engine].ctx_detach (ctx); -} - -static inline tls_ctx_t * -tls_ctx_get (u32 ctx_handle) -{ - u32 ctx_index, engine_type; - tls_ctx_parse_handle (ctx_handle, &ctx_index, &engine_type); - return tls_vfts[engine_type].ctx_get (ctx_index); -} - -static inline tls_ctx_t * -tls_ctx_get_w_thread (u32 ctx_handle, u8 thread_index) -{ - u32 ctx_index, engine_type; - tls_ctx_parse_handle (ctx_handle, &ctx_index, &engine_type); - return tls_vfts[engine_type].ctx_get_w_thread (ctx_index, thread_index); -} - -static inline int -tls_ctx_init_server (tls_ctx_t * ctx) -{ - return tls_vfts[ctx->tls_ctx_engine].ctx_init_server (ctx); -} - -static inline int -tls_ctx_init_client (tls_ctx_t * ctx) -{ - return tls_vfts[ctx->tls_ctx_engine].ctx_init_client (ctx); -} - -static inline int -tls_ctx_write (tls_ctx_t * ctx, session_t * app_session, - transport_send_params_t * sp) -{ - u32 n_wrote; - - sp->max_burst_size = sp->max_burst_size * TRANSPORT_PACER_MIN_MSS; - n_wrote = tls_vfts[ctx->tls_ctx_engine].ctx_write (ctx, app_session, sp); - sp->bytes_dequeued = n_wrote; - return n_wrote > 0 ? clib_max (n_wrote / TRANSPORT_PACER_MIN_MSS, 1) : 0; -} - -static inline int -tls_ctx_read (tls_ctx_t * ctx, session_t * tls_session) -{ - return tls_vfts[ctx->tls_ctx_engine].ctx_read (ctx, tls_session); -} - -static inline int -tls_ctx_transport_close (tls_ctx_t * ctx) -{ - return tls_vfts[ctx->tls_ctx_engine].ctx_transport_close (ctx); -} - -static inline int -tls_ctx_transport_reset (tls_ctx_t *ctx) -{ - return tls_vfts[ctx->tls_ctx_engine].ctx_transport_reset (ctx); -} - -static inline int -tls_ctx_app_close (tls_ctx_t * ctx) -{ - return tls_vfts[ctx->tls_ctx_engine].ctx_app_close (ctx); -} - -void -tls_ctx_free (tls_ctx_t * ctx) -{ - tls_vfts[ctx->tls_ctx_engine].ctx_free (ctx); -} - -u8 -tls_ctx_handshake_is_over (tls_ctx_t * ctx) -{ - return tls_vfts[ctx->tls_ctx_engine].ctx_handshake_is_over (ctx); -} - -int -tls_reinit_ca_chain (crypto_engine_type_t tls_engine_id) -{ - return tls_vfts[tls_engine_id].ctx_reinit_cachain (); -} - void tls_notify_app_io_error (tls_ctx_t *ctx) { diff --git a/src/vnet/tls/tls.h b/src/vnet/tls/tls.h index 6bd1371b984..38f4c4b8f81 100644 --- a/src/vnet/tls/tls.h +++ b/src/vnet/tls/tls.h @@ -28,6 +28,10 @@ #define TLS_CHUNK_SIZE (1 << 14) #define TLS_CA_CERT_PATH "/etc/ssl/certs/ca-certificates.crt" +#define TLS_INVALID_HANDLE ~0 +#define TLS_IDX_MASK 0x00FFFFFF +#define TLS_ENGINE_TYPE_SHIFT 28 + #if TLS_DEBUG #define TLS_DBG(_lvl, _fmt, _args...) \ if (_lvl <= TLS_DEBUG) \ @@ -148,6 +152,8 @@ typedef struct tls_engine_vft_ int (*ctx_reinit_cachain) (void); } tls_engine_vft_t; +extern tls_engine_vft_t *tls_vfts; + tls_main_t *vnet_tls_get_main (void); void tls_register_engine (const tls_engine_vft_t * vft, crypto_engine_type_t type); @@ -160,7 +166,6 @@ int tls_notify_app_connected (tls_ctx_t * ctx, session_error_t err); void tls_notify_app_enqueue (tls_ctx_t * ctx, session_t * app_session); void tls_notify_app_io_error (tls_ctx_t *ctx); void tls_disconnect_transport (tls_ctx_t * ctx); -int tls_reinit_ca_chain (crypto_engine_type_t tls_engine_id); void tls_add_postponed_ho_cleanups (u32 ho_index); void tls_flush_postponed_ho_cleanups (); diff --git a/src/vnet/tls/tls_inlines.h b/src/vnet/tls/tls_inlines.h new file mode 100644 index 00000000000..18002730a30 --- /dev/null +++ b/src/vnet/tls/tls_inlines.h @@ -0,0 +1,129 @@ +/* SPDX-License-Identifier: Apache-2.0 + * Copyright(c) 2024 Cisco Systems, Inc. + */ + +#ifndef SRC_VNET_TLS_TLS_INLINES_H_ +#define SRC_VNET_TLS_TLS_INLINES_H_ + +#include <vnet/tls/tls.h> + +static inline void +tls_ctx_parse_handle (u32 ctx_handle, u32 *ctx_index, u32 *engine_type) +{ + *ctx_index = ctx_handle & TLS_IDX_MASK; + *engine_type = ctx_handle >> TLS_ENGINE_TYPE_SHIFT; +} + +static inline u32 +tls_ctx_alloc (crypto_engine_type_t engine_type) +{ + u32 ctx_index; + ctx_index = tls_vfts[engine_type].ctx_alloc (); + return (((u32) engine_type << TLS_ENGINE_TYPE_SHIFT) | ctx_index); +} + +static inline u32 +tls_ctx_alloc_w_thread (crypto_engine_type_t engine_type, u32 thread_index) +{ + u32 ctx_index; + ctx_index = tls_vfts[engine_type].ctx_alloc_w_thread (thread_index); + return (((u32) engine_type << TLS_ENGINE_TYPE_SHIFT) | ctx_index); +} + +static inline tls_ctx_t * +tls_ctx_get (u32 ctx_handle) +{ + u32 ctx_index, engine_type; + tls_ctx_parse_handle (ctx_handle, &ctx_index, &engine_type); + return tls_vfts[engine_type].ctx_get (ctx_index); +} + +static inline tls_ctx_t * +tls_ctx_get_w_thread (u32 ctx_handle, u8 thread_index) +{ + u32 ctx_index, engine_type; + tls_ctx_parse_handle (ctx_handle, &ctx_index, &engine_type); + return tls_vfts[engine_type].ctx_get_w_thread (ctx_index, thread_index); +} + +static inline void +tls_ctx_free (tls_ctx_t *ctx) +{ + tls_vfts[ctx->tls_ctx_engine].ctx_free (ctx); +} + +static inline int +tls_ctx_init_server (tls_ctx_t *ctx) +{ + return tls_vfts[ctx->tls_ctx_engine].ctx_init_server (ctx); +} + +static inline int +tls_ctx_init_client (tls_ctx_t *ctx) +{ + return tls_vfts[ctx->tls_ctx_engine].ctx_init_client (ctx); +} + +static inline u32 +tls_ctx_attach (crypto_engine_type_t engine_type, u32 thread_index, void *ctx) +{ + u32 ctx_index; + ctx_index = tls_vfts[engine_type].ctx_attach (thread_index, ctx); + return (((u32) engine_type << TLS_ENGINE_TYPE_SHIFT) | ctx_index); +} + +static inline void * +tls_ctx_detach (tls_ctx_t *ctx) +{ + return tls_vfts[ctx->tls_ctx_engine].ctx_detach (ctx); +} + +static inline int +tls_ctx_write (tls_ctx_t *ctx, session_t *app_session, + transport_send_params_t *sp) +{ + u32 n_wrote; + + sp->max_burst_size = sp->max_burst_size * TRANSPORT_PACER_MIN_MSS; + n_wrote = tls_vfts[ctx->tls_ctx_engine].ctx_write (ctx, app_session, sp); + sp->bytes_dequeued = n_wrote; + return n_wrote > 0 ? clib_max (n_wrote / TRANSPORT_PACER_MIN_MSS, 1) : 0; +} + +static inline int +tls_ctx_read (tls_ctx_t *ctx, session_t *tls_session) +{ + return tls_vfts[ctx->tls_ctx_engine].ctx_read (ctx, tls_session); +} + +static inline int +tls_ctx_transport_close (tls_ctx_t *ctx) +{ + return tls_vfts[ctx->tls_ctx_engine].ctx_transport_close (ctx); +} + +static inline int +tls_ctx_transport_reset (tls_ctx_t *ctx) +{ + return tls_vfts[ctx->tls_ctx_engine].ctx_transport_reset (ctx); +} + +static inline int +tls_ctx_app_close (tls_ctx_t *ctx) +{ + return tls_vfts[ctx->tls_ctx_engine].ctx_app_close (ctx); +} + +static inline u8 +tls_ctx_handshake_is_over (tls_ctx_t *ctx) +{ + return tls_vfts[ctx->tls_ctx_engine].ctx_handshake_is_over (ctx); +} + +static inline int +tls_reinit_ca_chain (crypto_engine_type_t tls_engine_id) +{ + return tls_vfts[tls_engine_id].ctx_reinit_cachain (); +} + +#endif /* SRC_VNET_TLS_TLS_INLINES_H_ */
\ No newline at end of file |