summaryrefslogtreecommitdiffstats
path: root/src/vnet/tls/tls.c
AgeCommit message (Collapse)AuthorFilesLines
2021-02-09tls: dtls initial implementationFlorin Coras1-22/+231
Type: feature Basic dtls transport protocol implementation that relies on openssl wire protocol implementation. Retries/timeouts not yet supported. To test using vcl test apps, first ensure all arp entries are properly resolved and subsequently: server: vcl_server -p dtls 1234 client: vcl_client -p dtls <server-ip> 1234 -U -N 2000000 -T 1460 -X Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I04b4516a8fe9ce85ba230bcdd891f33a900046ed
2020-12-18tls: add custom openssl bioFlorin Coras1-0/+1
The bio interacts directly with the session so it avoids using an intermediary mem bio and, implicitly, higher memory consumption and an extra memcpy. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ifb675cfd12df86396a7a738a6cd4d0882c69ad2f
2020-10-26tls: separate init from enableFlorin Coras1-29/+50
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Icdeddeffd95492ca34f37e1904b1f5f6d150a6bc
2020-10-21tls: enable cert key pair setting for connectjiangxiaoming1-0/+1
Type: improvement Signed-off-by: jiangxiaoming <jiangxiaoming@outlook.com> Change-Id: Ie0e6d48d65b0b8b493e9d49cfdf93c645523659a
2020-09-24session tcp udp tls quic: improve cli formattingFlorin Coras1-4/+5
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Iae5dbb8aaaf82d8e95c2ee8bbbe6844c9dd49f80
2020-09-23tls: fix session format assert crash in connected callbackjiangxiaoming1-9/+8
Type: fix Signed-off-by: jiangxiaoming <jiangxiaoming@outlook.com> Change-Id: I61b7988bf6a49a51041bc6085d5f0f4689ff45a6
2020-04-25tls: improve cli state reportingFlorin Coras1-3/+12
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I02d60134d6069764da75dc6d206b376a0d46998e
2020-04-25session vcl: propagate transport cleanup notificationsFlorin Coras1-1/+6
Type: improvement Can be used to force app to close a connection on which it still waits for data. Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I7c3a8245cbbc23728e4408feb63a659a11f718ed
2020-04-04session tls: support tls deschedulingFlorin Coras1-8/+19
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ieb8bb9c6deb92479fdd3e045778fe5ae4782d1ea
2020-04-04session tls: improve app transports tx schedulingFlorin Coras1-13/+9
Type: improvement - allow apps to request rescheduling of tx events via SESSION_F_CUSTOM_TX flag - limit max burst per session custom tx dispatch In tls - use the new infra to reschedule tx events - use max burst bytes as upper limit to number of bytes to be encrypted Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I544a5a3337af7ebdff3406b776adf30cf96ebf3c
2020-04-03session: improve error reportingFlorin Coras1-8/+9
Type: improvement Change-Id: I9dd850a1ce85b0adb5136233f176117e0ee38817 Signed-off-by: Florin Coras <fcoras@cisco.com>
2020-03-25session: api to add new transport typesFlorin Coras1-0/+2
Type: feature Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: If4dee6dba1ea942daa921d566b35cdecdda680ee
2020-02-26tls session: fix unlistenFlorin Coras1-0/+15
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ie3bc31fc3df662e087f7931de6c274eb3608a2d8
2020-02-19tls: handle disconect and reset in async modeYu Ping1-3/+10
Type: fix When async is enabled and request is inflight, delay close oepration Change-Id: I713078fe9832c1599e8860fc0a6bb98588f20943 Signed-off-by: Yu Ping <ping.yu@intel.com>
2020-02-14tls: remove session lookup operation in TLSYu Ping1-2/+0
Type: fix Change-Id: I50329bda365d98f9f9d56a58187fb4fb2a4eb461 Signed-off-by: Yu Ping <ping.yu@intel.com>
2020-02-03tls: refactor for tls async event handlingYu Ping1-2/+0
Type: refactor Make sure one tls ctx has one event availble Thus ctx has the same life time with event, which can simplify the management. Change-Id: I1f4240e7316025d81bb97644946ffa399c00cd76 Signed-off-by: Yu Ping <ping.yu@intel.com>
2020-01-08tls: improve connection formatingFlorin Coras1-13/+43
Type: feature Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Iea8abe33cf33036267ccaf58760abc2f48470202
2020-01-02session: fix listener global endpoint lookupFlorin Coras1-1/+1
Type: fix Ensure listeners for app transport protocols are added to lookup tables using their session endpoints instead of their transport connections, which can override the network connection id in the transport connection. Change-Id: I56fa3666bb1422c0799fc7143cd099751ff6e2e6 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-11-18session: extra checks in session validationSrikanth Akula1-2/+2
Type: fix Adding few extra checks while doign session validationwq! Signed-off-by: Srikanth Akula <srakula@cisco.com> Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I4d18b5ad97d1802ce38a07aeb56b5f35939c1187
2019-10-30tls: fifo size is u32Dave Wallace1-3/+10
- unformat_memory_size() writes to a uword * - Limit cli input to u32 Type: fix Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: I453a5633e04f9ee6f2f1a843634f99063a81579b
2019-10-30tls: fix on tcp connection resetZeyu Zhang1-2/+10
VPP would fail in tcp_connection_reset() if the tls or app session was just created. Type: fix Change-Id: I45d107f57e4f3fc468c15ca3392d5e1c413bd690 Signed-off-by: Zeyu Zhang <zeyu.zhang@intel.com>
2019-10-12tls: allow disconnects from main threadFlorin Coras1-1/+4
Type: fix Use api with explicit thread index to retrieve tls contex on close. Change-Id: Ibdc4338747300b7fc8f91ef3e10bcd48ce7ae366 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-10-09hsa: use crypto_engine_type_t for TLSNathan Skrzypczak1-11/+11
Type: refactor This patch does the following conversions TLS_ENGINE_X -> CRYPTO_ENGINE_X tls_engine_type_t -> crypto_engine_t It does not change numbering of engines Change-Id: I872dfaec3a6713bf4229c84d1ffd98b8b2419995 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2019-10-09session: Add certificate storeNathan Skrzypczak1-0/+2
Type: feature This changes the behavior of both API calls APPLICATION_TLS_CERT_ADD & APPLICATION_TLS_KEY_ADD certificates and keys aren't bound to an app, they are passed to it via connect / listen using the message queue. This should be followed by a per protocol (QUIC/TLS) crypto_context store to save devrived structs Change-Id: I36873bc8b63b5c72776c69e8cd9febc9cae31882 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2019-08-09tls: mark as no lookup transportFlorin Coras1-0/+2
Type:fix Also fix transport close while handshake is ongoing. Change-Id: I004c56d2297d0847c2cb77202f8fba3edaacad29 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-08-09tls: handle transport resetFlorin Coras1-1/+6
Type:fix Change-Id: I5994fb53dc4b9fd58920b3d67472c38b41db27c2 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-08-08tls: fix close with dataFlorin Coras1-1/+18
Type:fix Also changes the way the ctx is freed. TLS now waits for tcp delete notification before freeing the ctx. Change-Id: I2f606a9ce7b3755ae9d11d6fe714fe11b65dcb98 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-07-26session tcp: handle rxt and acks as custom eventsFlorin Coras1-1/+1
Type: feature Control ack generation and retransmissions with session layer scheduler. Change-Id: Iacdf9f84ab81f44851980aa45a83e75f29be2b7b Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-07-24tls: handle engine listen failureFlorin Coras1-1/+12
Type:fix Change-Id: I528b7cfcb7a6aada94ee3649378e6fbe84d2e4e6 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-07-12tls quic: reduce default segment sizesAloys Augustin1-1/+1
This reduces the memory required by tls and quic, allowing to run them (and their tests) in more constrained environments by default. Change-Id: I954081c725fb4f5f173db1f8e76922d957c5b0a2 Signed-off-by: Aloys Augustin <aloaugus@cisco.com> Type: fix
2019-07-12session: add thread index to all formattersAloys Augustin1-0/+2
Add a thread_index argument to half-open and listener session formatters because QUIC can have listeners and half-open sessions in any thread. Change-Id: I1de60e35ece4c68ba8cfdd6b63f211bc620d687b Signed-off-by: Aloys Augustin <aloaugus@cisco.com> Type: feature
2019-06-27session: Add transport vft protocol optionsNathan Skrzypczak1-3/+5
Type: refactor Change-Id: I4e0afc206e4871596c2ed8a6ca00914a379f1526 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2019-06-17session: use listener_handle instead of listener_indexNathan Skrzypczak1-2/+3
Type: refactor Change-Id: I97fa59a0ba0b6b7a98698926020ffffcf6ae6ba3 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2019-05-07add TLS endpoint functionYu Ping1-0/+26
a bit like QUIC, and the added function can get the endpoint info in TLS, so that the VCL layer can get those info correctly Change-Id: Ied7aa3077087c1814499364dfa7654a088ad9910 Signed-off-by: Yu Ping <ping.yu@intel.com>
2019-04-18tls: allow engines to customize closeFlorin Coras1-18/+23
Change-Id: I11ac3e4f59206902e5dfc326f815c877c5dd6643 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-04-02session: use app cb function wrappersFlorin Coras1-7/+3
Change-Id: I77ad9eb4d4c7699397aa4be6a973ef37c60db4c5 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-03-25tls: make first segment and fifo size configurableFlorin Coras1-5/+12
Change-Id: I6169ebdd3ac2d5d77fd2e12068c8aab6d8072c03 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-03-11tls: fixes and improvementsFlorin Coras1-27/+32
- disconnect sessions through session layer apis instead of directly notifying the app worker. - improve cli - increase fifo sizes for tls app Change-Id: I8a7d2865b3b00724e2a9da29fa4a906ea867da9b Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-03-07session/tls: remove unused t_app_index fieldFlorin Coras1-2/+0
Change-Id: Idbf7f3a57dc399798b8dba9463daeb7d66470ab1 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-03-07session: use transport custom tx for app transportsFlorin Coras1-12/+13
Change-Id: I675f7090fa6b2ffdfb4ee748df858bfb7e39ce5a Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-03-07session: cleanup instances of deprecated io evtsFlorin Coras1-5/+5
Change-Id: Iad119e05ae5e570fbfcf66747c95822cee647c99 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-02-20tls: add vcl testFlorin Coras1-0/+5
Change-Id: If4c7efaf6506a827e7a95a56c2f6b6060df03fa1 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-02-18tls: fix openssl/mbedtls use of app_wrk indexFlorin Coras1-13/+13
Change-Id: I7ccc948357d815a1bd4279a7079cf4db2949183c Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-02-18session: move fifo allocation logic to app workerFlorin Coras1-31/+16
Change-Id: I1662ec4b5503cb64a8a86a2441842311d959b3a6 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-02-11session: cleanup application interfaceFlorin Coras1-6/+7
Change-Id: I89d240753b3f3c5e984aa303a7c8fa35fa59bf7f Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-02-09session: refactor listen logicFlorin Coras1-4/+4
Make app-listener the handle for app listens. Consequently transport and local listen sessions are now associated to the app-listener. Change-Id: I9397a26d42cccb100970b6b4794c15bac2e11465 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-02-06transport: cleanupFlorin Coras1-3/+3
- move transport specific types to transport_types - add transport wrapper functions for interaction with transport protocol vfts Change-Id: I93f70d884585fc2f41c4a605e310c80e8a8972f2 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-02-04session: cleanup part 1Florin Coras1-31/+31
Rename core data structures. This will break compatibility for out of tree builtin apps. - stream_session_t to session_t - server_rx/tx_fifo to rx/tx_fifo - stream_session.h to session_types.h - update copyright Change-Id: I414097c6e28bcbea866fbf13b8773c7db3f49325 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-01-17tls: preallocate app sessions on connect/acceptFlorin Coras1-8/+17
Avoid allocating session and possibly reallocating thread session pool on builtin session rx. Change-Id: I70e7c604678b44ce8d22603489e247a2c5faa439 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-01-03Fix an issue in tls.cPing Yu1-1/+3
Curernt code will overwrite parent_app_api_context, and defer the setting after this value is used in callback. Change-Id: Ie16e432fd0f4214e6deff3aa3b58b3be824b0331 Signed-off-by: Ping Yu <ping.yu@intel.com>