From 34a3a08d993cbbb3846b83b69b5338d452463e15 Mon Sep 17 00:00:00 2001 From: Ping Yu Date: Fri, 30 Nov 2018 19:16:17 -0500 Subject: Add TLS support for VCL Ater this patch, vcl_test_client and vcl_test_server can work happily with TLS connection. "-S" is to indicate TLS connection. Change-Id: I761894b0b5929912691625f0fe63604725b55978 Signed-off-by: Ping Yu --- src/vcl/vcl_bapi.c | 64 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 64 insertions(+) (limited to 'src/vcl/vcl_bapi.c') diff --git a/src/vcl/vcl_bapi.c b/src/vcl/vcl_bapi.c index b513bd7a6b3..de5e80a55b3 100644 --- a/src/vcl/vcl_bapi.c +++ b/src/vcl/vcl_bapi.c @@ -367,6 +367,31 @@ vl_api_connect_session_reply_t_handler (vl_api_connect_sock_reply_t * mp) ntohl (mp->retval)); } +static void + vl_api_application_tls_cert_add_reply_t_handler + (vl_api_application_tls_cert_add_reply_t * mp) +{ + if (mp->retval) + { + clib_warning ("VCL<%d>: add cert failed: %U", getpid (), + format_api_error, ntohl (mp->retval)); + return; + } +} + +static void + vl_api_application_tls_key_add_reply_t_handler + (vl_api_application_tls_key_add_reply_t * mp) +{ + if (mp->retval) + { + clib_warning ("VCL<%d>: add key failed: %U", getpid (), + format_api_error, ntohl (mp->retval)); + return; + } + +} + #define foreach_sock_msg \ _(SESSION_ENABLE_DISABLE_REPLY, session_enable_disable_reply) \ _(BIND_SOCK_REPLY, bind_sock_reply) \ @@ -375,6 +400,8 @@ _(CONNECT_SESSION_REPLY, connect_session_reply) \ _(DISCONNECT_SESSION_REPLY, disconnect_session_reply) \ _(APPLICATION_ATTACH_REPLY, application_attach_reply) \ _(APPLICATION_DETACH_REPLY, application_detach_reply) \ +_(APPLICATION_TLS_CERT_ADD_REPLY, application_tls_cert_add_reply) \ +_(APPLICATION_TLS_KEY_ADD_REPLY, application_tls_key_add_reply) \ _(MAP_ANOTHER_SEGMENT, map_another_segment) \ _(UNMAP_SEGMENT, unmap_segment) \ _(APP_CUT_THROUGH_REGISTRATION_ADD, app_cut_through_registration_add) \ @@ -444,6 +471,7 @@ vppcom_app_send_attach (void) bmp->options[APP_OPTIONS_PREALLOC_FIFO_PAIRS] = vcm->cfg.preallocated_fifo_pairs; bmp->options[APP_OPTIONS_EVT_QUEUE_SIZE] = vcm->cfg.event_queue_size; + bmp->options[APP_OPTIONS_TLS_ENGINE] = TLS_ENGINE_OPENSSL; if (nsid_len) { bmp->namespace_id_len = nsid_len; @@ -596,6 +624,42 @@ vppcom_send_accept_session_reply (u64 handle, u32 context, int retval) vl_msg_api_send_shmem (wrk->vl_input_queue, (u8 *) & rmp); } +void +vppcom_send_application_tls_cert_add (vcl_session_t * session, char *cert, + u32 cert_len) +{ + vcl_worker_t *wrk = vcl_worker_get_current (); + vl_api_application_tls_cert_add_t *cert_mp; + + cert_mp = vl_msg_api_alloc (sizeof (*cert_mp) + cert_len); + clib_memset (cert_mp, 0, sizeof (*cert_mp)); + cert_mp->_vl_msg_id = ntohs (VL_API_APPLICATION_TLS_CERT_ADD); + cert_mp->client_index = wrk->my_client_index; + cert_mp->context = session->session_index; + cert_mp->cert_len = clib_host_to_net_u16 (cert_len); + clib_memcpy_fast (cert_mp->cert, cert, cert_len); + vl_msg_api_send_shmem (wrk->vl_input_queue, (u8 *) & cert_mp); + +} + +void +vppcom_send_application_tls_key_add (vcl_session_t * session, char *key, + u32 key_len) +{ + vcl_worker_t *wrk = vcl_worker_get_current (); + vl_api_application_tls_key_add_t *key_mp; + + key_mp = vl_msg_api_alloc (sizeof (*key_mp) + key_len); + clib_memset (key_mp, 0, sizeof (*key_mp)); + key_mp->_vl_msg_id = ntohs (VL_API_APPLICATION_TLS_KEY_ADD); + key_mp->client_index = wrk->my_client_index; + key_mp->context = session->session_index; + key_mp->key_len = clib_host_to_net_u16 (key_len); + clib_memcpy_fast (key_mp->key, key, key_len); + vl_msg_api_send_shmem (wrk->vl_input_queue, (u8 *) & key_mp); + +} + u32 vcl_max_nsid_len (void) { -- cgit 1.2.3-korg