summaryrefslogtreecommitdiffstats
path: root/src/vnet/tls/tls.h
AgeCommit message (Collapse)AuthorFilesLines
2022-10-31tls: use safe pool reallocsFlorin Coras1-1/+0
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ia2c771cbf826526d2d06b6da022509ab02917350
2022-03-30tls: support to reinitialise ca_chain wo restartSaravanan Murugesan1-0/+2
Type: improvement Signed-off-by: Saravanan Murugesan <sarmurug@cisco.com> Change-Id: I90e90678ae6586019cc842f9d504d53991cfabe4
2022-02-28tls: handle read write ssl errorsFlorin Coras1-0/+1
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: If5eed7dac4951f0510a4b4b092f66f44d0d3cacd
2021-11-19tls: add option to config additional segment sizeFlorin Coras1-0/+1
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Idf3b49ec61bf5da498ffdd8cebab7148fce73f5f
2021-05-12tls: switch to vc service and track half-open sessionsFlorin Coras1-1/+1
Half-open tls sessions are now tracked by the app worker and are cleaned up only when tcp cleans up its half-open session, i.e., independent of when the established tls context is allocated. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: If5d594d7095192dd527daf4ea1358ffeccdfcc7a
2021-02-09tls: dtls initial implementationFlorin Coras1-1/+8
Type: feature Basic dtls transport protocol implementation that relies on openssl wire protocol implementation. Retries/timeouts not yet supported. To test using vcl test apps, first ensure all arp entries are properly resolved and subsequently: server: vcl_server -p dtls 1234 client: vcl_client -p dtls <server-ip> 1234 -U -N 2000000 -T 1460 -X Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I04b4516a8fe9ce85ba230bcdd891f33a900046ed
2020-04-04session tls: support tls deschedulingFlorin Coras1-1/+2
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ieb8bb9c6deb92479fdd3e045778fe5ae4782d1ea
2020-04-04session tls: improve app transports tx schedulingFlorin Coras1-1/+1
Type: improvement - allow apps to request rescheduling of tx events via SESSION_F_CUSTOM_TX flag - limit max burst per session custom tx dispatch In tls - use the new infra to reschedule tx events - use max burst bytes as upper limit to number of bytes to be encrypted Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I544a5a3337af7ebdff3406b776adf30cf96ebf3c
2020-04-03session: improve error reportingFlorin Coras1-1/+1
Type: improvement Change-Id: I9dd850a1ce85b0adb5136233f176117e0ee38817 Signed-off-by: Florin Coras <fcoras@cisco.com>
2020-02-03tls: refactor for tls async event handlingYu Ping1-0/+1
Type: refactor Make sure one tls ctx has one event availble Thus ctx has the same life time with event, which can simplify the management. Change-Id: I1f4240e7316025d81bb97644946ffa399c00cd76 Signed-off-by: Yu Ping <ping.yu@intel.com>
2019-10-09hsa: use crypto_engine_type_t for TLSNathan Skrzypczak1-1/+1
Type: refactor This patch does the following conversions TLS_ENGINE_X -> CRYPTO_ENGINE_X tls_engine_type_t -> crypto_engine_t It does not change numbering of engines Change-Id: I872dfaec3a6713bf4229c84d1ffd98b8b2419995 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2019-10-09session: Add certificate storeNathan Skrzypczak1-0/+1
Type: feature This changes the behavior of both API calls APPLICATION_TLS_CERT_ADD & APPLICATION_TLS_KEY_ADD certificates and keys aren't bound to an app, they are passed to it via connect / listen using the message queue. This should be followed by a per protocol (QUIC/TLS) crypto_context store to save devrived structs Change-Id: I36873bc8b63b5c72776c69e8cd9febc9cae31882 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2019-08-08tls: fix close with dataFlorin Coras1-0/+2
Type:fix Also changes the way the ctx is freed. TLS now waits for tcp delete notification before freeing the ctx. Change-Id: I2f606a9ce7b3755ae9d11d6fe714fe11b65dcb98 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-07-27session: define connection id lengthFlorin Coras1-4/+5
Type:feature To be used by transports overwriting the connection id. Change-Id: Ia5dbd9dccc2e3eb62e602514b24882ddc12ff1f2 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-04-18tls: allow engines to customize closeFlorin Coras1-0/+3
Change-Id: I11ac3e4f59206902e5dfc326f815c877c5dd6643 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-03-25tls: make first segment and fifo size configurableFlorin Coras1-0/+2
Change-Id: I6169ebdd3ac2d5d77fd2e12068c8aab6d8072c03 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-02-18tls: fix openssl/mbedtls use of app_wrk indexFlorin Coras1-2/+2
Change-Id: I7ccc948357d815a1bd4279a7079cf4db2949183c Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-02-11session: cleanup application interfaceFlorin Coras1-0/+1
Change-Id: I89d240753b3f3c5e984aa303a7c8fa35fa59bf7f Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-02-09tls: move test certificates to separate header fileFlorin Coras1-9/+1
Change-Id: I543cb78e268d7a4a7fba590d305351ec79f4e4da Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-02-09session: refactor listen logicFlorin Coras1-1/+2
Make app-listener the handle for app listens. Consequently transport and local listen sessions are now associated to the app-listener. Change-Id: I9397a26d42cccb100970b6b4794c15bac2e11465 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-02-04session: cleanup part 1Florin Coras1-7/+7
Rename core data structures. This will break compatibility for out of tree builtin apps. - stream_session_t to session_t - server_rx/tx_fifo to rx/tx_fifo - stream_session.h to session_types.h - update copyright Change-Id: I414097c6e28bcbea866fbf13b8773c7db3f49325 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-01-17tls: preallocate app sessions on connect/acceptFlorin Coras1-2/+5
Avoid allocating session and possibly reallocating thread session pool on builtin session rx. Change-Id: I70e7c604678b44ce8d22603489e247a2c5faa439 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-10-02tls: fix disconnects for sessions with pending dataFlorin Coras1-1/+4
TLS can enqueue events to itself when app session queue cannot be entirely drained. If a pending disconnect is handled before any such event, session layer may try to dequeue data on deallocated sessions. Change-Id: I5bfc4d53ce95bc16b6a01e1b0e644aafa1ca311b Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-08-17optimize init_server to reduce session overheadPing Yu1-0/+4
move un-necessary session based operation to listener split orignal openssl ctx to be session based ctx and listen ctx Change-Id: Id6c54f47b0e2171fd8924a45efcd5266ce5402d5 Signed-off-by: Ping Yu <ping.yu@intel.com>
2018-07-19Add a new communication channel between VPP and openssl enginePing Yu1-1/+1
Thus when engine buffer is full during a burst in performance tesing, this code will help VPP handle retry machansim. Change-Id: I0f9fc05d3dba8a54d34dca4c6137700d6c80f714 Signed-off-by: Ping Yu <ping.yu@intel.com>
2018-06-15TLS async supportPing Yu1-0/+1
Change-Id: I26194e00dfb85e5cd1c65ff4e6ffd665be2d719b Signed-off-by: Ping Yu <ping.yu@intel.com>
2018-03-15tls: add openssl engineFlorin Coras1-13/+11
Change-Id: I6c215858d2c9c620787632b570950b15274c0df2 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-03-08tls: make tls engines pluggableFlorin Coras1-0/+127
- add infra for pluggable tls "engines" - makes mbedtls specific code a plugin Change-Id: I2c5b099e2b69d2be0038e3ef02b208ff907727e7 Signed-off-by: Florin Coras <fcoras@cisco.com>