From 371ca50a74a9c4f1b74c4c1b65c6fdec610fcfc3 Mon Sep 17 00:00:00 2001 From: Florin Coras Date: Wed, 21 Feb 2018 12:07:41 -0800 Subject: session: first approximation implementation of tls It consists of two main parts. First, add an application transport type whereby applications can offer transport to other applications. For instance, a tls app can offer transport services to other applications. And second, a tls transport app that leverages the mbedtls library for tls protocol implementation. Change-Id: I616996c6e6539a9e2368fab8a1ac874d7c5d9838 Signed-off-by: Florin Coras --- src/vnet/session/application.c | 45 +++++++++++++++++++++++++++++++++++++----- 1 file changed, 40 insertions(+), 5 deletions(-) (limited to 'src/vnet/session/application.c') diff --git a/src/vnet/session/application.c b/src/vnet/session/application.c index b80aa3391a6..12f816bfe3b 100644 --- a/src/vnet/session/application.c +++ b/src/vnet/session/application.c @@ -209,6 +209,9 @@ application_del (application_t * app) */ application_local_sessions_del (app); + vec_free (app->tls_cert); + vec_free (app->tls_key); + application_table_del (app); pool_put (app_pool, app); } @@ -473,10 +476,22 @@ int application_open_session (application_t * app, session_endpoint_t * sep, u32 api_context) { - segment_manager_t *sm; int rv; /* Make sure we have a segment manager for connects */ + application_alloc_connects_segment_manager (app); + + if ((rv = session_open (app->index, sep, api_context))) + return rv; + + return 0; +} + +int +application_alloc_connects_segment_manager (application_t * app) +{ + segment_manager_t *sm; + if (app->connects_seg_manager == APP_INVALID_SEGMENT_MANAGER_INDEX) { sm = application_alloc_segment_manager (app); @@ -484,10 +499,6 @@ application_open_session (application_t * app, session_endpoint_t * sep, return -1; app->connects_seg_manager = segment_manager_index (sm); } - - if ((rv = session_open (app->index, sep, api_context))) - return rv; - return 0; } @@ -1156,6 +1167,30 @@ application_local_sessions_del (application_t * app) segment_manager_del (sm); } +clib_error_t * +vnet_app_add_tls_cert (vnet_app_add_tls_cert_args_t * a) +{ + application_t *app; + app = application_get (a->app_index); + if (!app) + return clib_error_return_code (0, VNET_API_ERROR_APPLICATION_NOT_ATTACHED, + 0, "app %u doesn't exist", a->app_index); + app->tls_cert = vec_dup (a->cert); + return 0; +} + +clib_error_t * +vnet_app_add_tls_key (vnet_app_add_tls_key_args_t * a) +{ + application_t *app; + app = application_get (a->app_index); + if (!app) + return clib_error_return_code (0, VNET_API_ERROR_APPLICATION_NOT_ATTACHED, + 0, "app %u doesn't exist", a->app_index); + app->tls_key = vec_dup (a->key); + return 0; +} + u8 * format_application_listener (u8 * s, va_list * args) { -- cgit 1.2.3-korg