From a5a9efd4d1995ef6d46dfab4e5b8aba9c5d114ef Mon Sep 17 00:00:00 2001 From: Florin Coras Date: Tue, 5 Jan 2021 17:03:29 -0800 Subject: vcl session: switch to generic cert key apis Remove the deprecated tls apis. Type: improvement Signed-off-by: Florin Coras Change-Id: Ia1e12bd813671146f0aca22e83d04c23ac13e595 --- src/vcl/vcl_bapi.c | 130 +++++++++++++++++++++++------------------------------ 1 file changed, 55 insertions(+), 75 deletions(-) (limited to 'src/vcl/vcl_bapi.c') diff --git a/src/vcl/vcl_bapi.c b/src/vcl/vcl_bapi.c index 8e24bfeee0c..7d241624d01 100644 --- a/src/vcl/vcl_bapi.c +++ b/src/vcl/vcl_bapi.c @@ -244,41 +244,39 @@ failed: } static void - vl_api_application_tls_cert_add_reply_t_handler - (vl_api_application_tls_cert_add_reply_t * mp) +vl_api_app_add_cert_key_pair_reply_t_handler ( + vl_api_app_add_cert_key_pair_reply_t *mp) { vcl_worker_t *wrk = vcl_worker_get_current (); if (mp->retval) { - VDBG (0, "add cert failed: %U", format_api_error, ntohl (mp->retval)); - wrk->bapi_app_state = STATE_APP_FAILED; + VDBG (0, "Adding cert and key failed: %U", format_api_error, + ntohl (mp->retval)); return; } + wrk->bapi_return = clib_net_to_host_u32 (mp->index); wrk->bapi_app_state = STATE_APP_READY; } static void - vl_api_application_tls_key_add_reply_t_handler - (vl_api_application_tls_key_add_reply_t * mp) +vl_api_app_del_cert_key_pair_reply_t_handler ( + vl_api_app_del_cert_key_pair_reply_t *mp) { - vcl_worker_t *wrk = vcl_worker_get_current (); - if (mp->retval) { - VDBG (0, "add key failed: %U", format_api_error, ntohl (mp->retval)); - wrk->bapi_app_state = STATE_APP_FAILED; + VDBG (0, "Deleting cert and key failed: %U", format_api_error, + ntohl (mp->retval)); return; } - wrk->bapi_app_state = STATE_APP_READY; } -#define foreach_sock_msg \ -_(SESSION_ENABLE_DISABLE_REPLY, session_enable_disable_reply) \ -_(APP_ATTACH_REPLY, app_attach_reply) \ -_(APPLICATION_TLS_CERT_ADD_REPLY, application_tls_cert_add_reply) \ -_(APPLICATION_TLS_KEY_ADD_REPLY, application_tls_key_add_reply) \ -_(APP_WORKER_ADD_DEL_REPLY, app_worker_add_del_reply) \ +#define foreach_sock_msg \ + _ (SESSION_ENABLE_DISABLE_REPLY, session_enable_disable_reply) \ + _ (APP_ATTACH_REPLY, app_attach_reply) \ + _ (APP_ADD_CERT_KEY_PAIR_REPLY, app_add_cert_key_pair_reply) \ + _ (APP_DEL_CERT_KEY_PAIR_REPLY, app_del_cert_key_pair_reply) \ + _ (APP_WORKER_ADD_DEL_REPLY, app_worker_add_del_reply) static void vcl_bapi_hookup (void) @@ -408,38 +406,41 @@ vcl_bapi_send_child_worker_del (vcl_worker_t * child_wrk) vl_msg_api_send_shmem (wrk->vl_input_queue, (u8 *) & mp); } -void -vcl_bapi_send_application_tls_cert_add (vcl_session_t * session, char *cert, - u32 cert_len) +static void +vcl_bapi_send_app_add_cert_key_pair (vppcom_cert_key_pair_t *ckpair) { vcl_worker_t *wrk = vcl_worker_get_current (); - vl_api_application_tls_cert_add_t *cert_mp; - - cert_mp = vl_msg_api_alloc (sizeof (*cert_mp) + cert_len); - clib_memset (cert_mp, 0, sizeof (*cert_mp)); - cert_mp->_vl_msg_id = ntohs (VL_API_APPLICATION_TLS_CERT_ADD); - cert_mp->client_index = wrk->api_client_handle; - cert_mp->context = session->session_index; - cert_mp->cert_len = clib_host_to_net_u16 (cert_len); - clib_memcpy_fast (cert_mp->cert, cert, cert_len); - vl_msg_api_send_shmem (wrk->vl_input_queue, (u8 *) & cert_mp); + u32 cert_len = test_srv_crt_rsa_len; + u32 key_len = test_srv_key_rsa_len; + vl_api_app_add_cert_key_pair_t *bmp; + + bmp = vl_msg_api_alloc (sizeof (*bmp) + cert_len + key_len); + clib_memset (bmp, 0, sizeof (*bmp) + cert_len + key_len); + + bmp->_vl_msg_id = ntohs (VL_API_APP_ADD_CERT_KEY_PAIR); + bmp->client_index = wrk->api_client_handle; + bmp->context = wrk->wrk_index; + bmp->cert_len = clib_host_to_net_u16 (cert_len); + bmp->certkey_len = clib_host_to_net_u16 (key_len + cert_len); + clib_memcpy_fast (bmp->certkey, test_srv_crt_rsa, cert_len); + clib_memcpy_fast (bmp->certkey + cert_len, test_srv_key_rsa, key_len); + + vl_msg_api_send_shmem (wrk->vl_input_queue, (u8 *) &bmp); } -void -vcl_bapi_send_application_tls_key_add (vcl_session_t * session, char *key, - u32 key_len) +static void +vcl_bapi_send_app_del_cert_key_pair (u32 ckpair_index) { vcl_worker_t *wrk = vcl_worker_get_current (); - vl_api_application_tls_key_add_t *key_mp; - - key_mp = vl_msg_api_alloc (sizeof (*key_mp) + key_len); - clib_memset (key_mp, 0, sizeof (*key_mp)); - key_mp->_vl_msg_id = ntohs (VL_API_APPLICATION_TLS_KEY_ADD); - key_mp->client_index = wrk->api_client_handle; - key_mp->context = session->session_index; - key_mp->key_len = clib_host_to_net_u16 (key_len); - clib_memcpy_fast (key_mp->key, key, key_len); - vl_msg_api_send_shmem (wrk->vl_input_queue, (u8 *) & key_mp); + vl_api_app_del_cert_key_pair_t *bmp; + bmp = vl_msg_api_alloc (sizeof (*bmp)); + clib_memset (bmp, 0, sizeof (*bmp)); + + bmp->_vl_msg_id = ntohs (VL_API_APP_DEL_CERT_KEY_PAIR); + bmp->client_index = wrk->api_client_handle; + bmp->context = wrk->wrk_index; + bmp->index = clib_host_to_net_u32 (ckpair_index); + vl_msg_api_send_shmem (wrk->vl_input_queue, (u8 *) &bmp); } u32 @@ -706,48 +707,27 @@ vcl_bapi_recv_fds (vcl_worker_t * wrk, int *fds, int n_fds) } int -vppcom_session_tls_add_cert (uint32_t session_handle, char *cert, - uint32_t cert_len) +vcl_bapi_add_cert_key_pair (vppcom_cert_key_pair_t *ckpair) { - vcl_worker_t *wrk = vcl_worker_get_current (); - vcl_session_t *session = 0; - session = vcl_session_get_w_handle (wrk, session_handle); - if (!session) - return VPPCOM_EBADFD; + if (ckpair->key_len == 0 || ckpair->key_len == ~0) + return VPPCOM_EINVAL; - if (cert_len == 0 || cert_len == ~0) - return VPPCOM_EBADFD; - - /* - * Send listen request to vpp and wait for reply - */ - vcl_bapi_send_application_tls_cert_add (session, cert, cert_len); + vcl_bapi_send_app_add_cert_key_pair (ckpair); wrk->bapi_app_state = STATE_APP_ADDING_TLS_DATA; vcl_bapi_wait_for_wrk_state_change (STATE_APP_READY); - return VPPCOM_OK; + if (wrk->bapi_app_state == STATE_APP_READY) + return wrk->bapi_return; + return VPPCOM_EFAULT; } int -vppcom_session_tls_add_key (uint32_t session_handle, char *key, - uint32_t key_len) +vcl_bapi_del_cert_key_pair (u32 ckpair_index) { - - vcl_worker_t *wrk = vcl_worker_get_current (); - vcl_session_t *session = 0; - - session = vcl_session_get_w_handle (wrk, session_handle); - if (!session) - return VPPCOM_EBADFD; - - if (key_len == 0 || key_len == ~0) - return VPPCOM_EBADFD; - - vcl_bapi_send_application_tls_key_add (session, key, key_len); - wrk->bapi_app_state = STATE_APP_ADDING_TLS_DATA; - vcl_bapi_wait_for_wrk_state_change (STATE_APP_READY); - return VPPCOM_OK; + /* Don't wait for reply */ + vcl_bapi_send_app_del_cert_key_pair (ckpair_index); + return 0; } int -- cgit 1.2.3-korg