From a5a9efd4d1995ef6d46dfab4e5b8aba9c5d114ef Mon Sep 17 00:00:00 2001
From: Florin Coras <fcoras@cisco.com>
Date: Tue, 5 Jan 2021 17:03:29 -0800
Subject: vcl session: switch to generic cert key apis

Remove the deprecated tls apis.

Type: improvement

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ia1e12bd813671146f0aca22e83d04c23ac13e595
---
 src/vnet/session/application.c           | 28 ++---------
 src/vnet/session/application_interface.h |  4 +-
 src/vnet/session/session.api             |  4 +-
 src/vnet/session/session_api.c           | 79 ++------------------------------
 4 files changed, 14 insertions(+), 101 deletions(-)

(limited to 'src/vnet/session')

diff --git a/src/vnet/session/application.c b/src/vnet/session/application.c
index 20b0a9e137b..906a73e9d79 100644
--- a/src/vnet/session/application.c
+++ b/src/vnet/session/application.c
@@ -1320,26 +1320,6 @@ application_get_segment_manager_properties (u32 app_index)
   return &app->sm_properties;
 }
 
-clib_error_t *
-vnet_app_add_tls_cert (vnet_app_add_tls_cert_args_t * a)
-{
-  /* Deprected, will be remove after 20.01 */
-  app_cert_key_pair_t *ckpair;
-  ckpair = app_cert_key_pair_get_default ();
-  ckpair->cert = vec_dup (a->cert);
-  return 0;
-}
-
-clib_error_t *
-vnet_app_add_tls_key (vnet_app_add_tls_key_args_t * a)
-{
-  /* Deprected, will be remove after 20.01 */
-  app_cert_key_pair_t *ckpair;
-  ckpair = app_cert_key_pair_get_default ();
-  ckpair->key = vec_dup (a->key);
-  return 0;
-}
-
 static void
 application_format_listeners (application_t * app, int verbose)
 {
@@ -1706,8 +1686,10 @@ int
 vnet_app_add_cert_key_pair (vnet_app_add_cert_key_pair_args_t * a)
 {
   app_cert_key_pair_t *ckpair = app_cert_key_pair_alloc ();
-  ckpair->cert = vec_dup (a->cert);
-  ckpair->key = vec_dup (a->key);
+  vec_validate (ckpair->cert, a->cert_len - 1);
+  clib_memcpy_fast (ckpair->cert, a->cert, a->cert_len);
+  vec_validate (ckpair->key, a->key_len - 1);
+  clib_memcpy_fast (ckpair->key, a->key, a->key_len);
   a->index = ckpair->cert_key_index;
   return 0;
 }
@@ -1749,7 +1731,7 @@ vnet_app_del_cert_key_pair (u32 index)
 clib_error_t *
 application_init (vlib_main_t * vm)
 {
-  /* Add a certificate with index 0 to support legacy apis */
+  /* Index 0 was originally used by legacy apis, maintain as invalid */
   (void) app_cert_key_pair_alloc ();
   app_main.last_crypto_engine = CRYPTO_ENGINE_LAST;
   app_main.app_by_name = hash_create_vec (0, sizeof (u8), sizeof (uword));
diff --git a/src/vnet/session/application_interface.h b/src/vnet/session/application_interface.h
index 96142573b98..b2e0ef9da84 100644
--- a/src/vnet/session/application_interface.h
+++ b/src/vnet/session/application_interface.h
@@ -178,6 +178,8 @@ typedef struct _vnet_app_add_cert_key_pair_args_
 {
   u8 *cert;
   u8 *key;
+  u32 cert_len;
+  u32 key_len;
   u32 index;
 } vnet_app_add_cert_key_pair_args_t;
 
@@ -271,8 +273,6 @@ int vnet_connect (vnet_connect_args_t * a);
 int vnet_unlisten (vnet_unlisten_args_t * a);
 int vnet_disconnect_session (vnet_disconnect_args_t * a);
 
-clib_error_t *vnet_app_add_tls_cert (vnet_app_add_tls_cert_args_t * a);
-clib_error_t *vnet_app_add_tls_key (vnet_app_add_tls_key_args_t * a);
 int vnet_app_add_cert_key_pair (vnet_app_add_cert_key_pair_args_t * a);
 int vnet_app_del_cert_key_pair (u32 index);
 /** Ask for app cb on pair deletion */
diff --git a/src/vnet/session/session.api b/src/vnet/session/session.api
index 091b876faee..53e2834e839 100644
--- a/src/vnet/session/session.api
+++ b/src/vnet/session/session.api
@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-option version = "3.2.0";
+option version = "4.0.0";
 
 import "vnet/interface_types.api";
 import "vnet/ip/ip_types.api";
@@ -125,6 +125,7 @@ autoreply define app_del_cert_key_pair {
     @param cert - certificate as a string
 */
 autoreply define application_tls_cert_add {
+    option deprecated="to be removed post 21.06";
     u32 client_index;
     u32 context;
     u32 app_index;
@@ -140,6 +141,7 @@ autoreply define application_tls_cert_add {
     @param key - PEM encoded key as a string
 */
 autoreply define application_tls_key_add {
+    option deprecated="to be removed post 21.06";
     u32 client_index;
     u32 context;
     u32 app_index;
diff --git a/src/vnet/session/session_api.c b/src/vnet/session/session_api.c
index 2073a15af64..2e215f76051 100644
--- a/src/vnet/session/session_api.c
+++ b/src/vnet/session/session_api.c
@@ -49,8 +49,6 @@ _(SESSION_ENABLE_DISABLE, session_enable_disable)                   	\
 _(APP_NAMESPACE_ADD_DEL, app_namespace_add_del)				\
 _(SESSION_RULE_ADD_DEL, session_rule_add_del)				\
 _(SESSION_RULES_DUMP, session_rules_dump)				\
-_(APPLICATION_TLS_CERT_ADD, application_tls_cert_add)			\
-_(APPLICATION_TLS_KEY_ADD, application_tls_key_add)			\
 _(APP_ADD_CERT_KEY_PAIR, app_add_cert_key_pair)				\
 _(APP_DEL_CERT_KEY_PAIR, app_del_cert_key_pair)				\
 _(APP_WORKER_ADD_DEL, app_worker_add_del)				\
@@ -1065,13 +1063,11 @@ vl_api_app_add_cert_key_pair_t_handler (vl_api_app_add_cert_key_pair_t * mp)
     }
 
   clib_memset (a, 0, sizeof (*a));
-  vec_validate (a->cert, cert_len);
-  vec_validate (a->key, key_len);
-  clib_memcpy_fast (a->cert, mp->certkey, cert_len);
-  clib_memcpy_fast (a->key, mp->certkey + cert_len, key_len);
+  a->cert = mp->certkey;
+  a->key = mp->certkey + cert_len;
+  a->cert_len = cert_len;
+  a->key_len = key_len;
   rv = vnet_app_add_cert_key_pair (a);
-  vec_free (a->cert);
-  vec_free (a->key);
 
 done:
   /* *INDENT-OFF* */
@@ -1100,73 +1096,6 @@ done:
   REPLY_MACRO (VL_API_APP_DEL_CERT_KEY_PAIR_REPLY);
 }
 
-/* ### WILL BE DEPRECATED POST 20.01 ### */
-static void
-vl_api_application_tls_cert_add_t_handler (vl_api_application_tls_cert_add_t *
-					   mp)
-{
-  vl_api_application_tls_cert_add_reply_t *rmp;
-  app_cert_key_pair_t *ckpair;
-  application_t *app;
-  u32 cert_len;
-  int rv = 0;
-  if (session_main_is_enabled () == 0)
-    {
-      rv = VNET_API_ERROR_FEATURE_DISABLED;
-      goto done;
-    }
-  if (!(app = application_lookup (mp->client_index)))
-    {
-      rv = VNET_API_ERROR_APPLICATION_NOT_ATTACHED;
-      goto done;
-    }
-  cert_len = clib_net_to_host_u16 (mp->cert_len);
-  if (cert_len > 10000)
-    {
-      rv = VNET_API_ERROR_INVALID_VALUE;
-      goto done;
-    }
-  ckpair = app_cert_key_pair_get_default ();
-  vec_validate (ckpair->cert, cert_len);
-  clib_memcpy_fast (ckpair->cert, mp->cert, cert_len);
-
-done:
-  REPLY_MACRO (VL_API_APPLICATION_TLS_CERT_ADD_REPLY);
-}
-
-/* ### WILL BE DEPRECATED POST 20.01 ### */
-static void
-vl_api_application_tls_key_add_t_handler (vl_api_application_tls_key_add_t *
-					  mp)
-{
-  vl_api_application_tls_key_add_reply_t *rmp;
-  app_cert_key_pair_t *ckpair;
-  application_t *app;
-  u32 key_len;
-  int rv = 0;
-  if (session_main_is_enabled () == 0)
-    {
-      rv = VNET_API_ERROR_FEATURE_DISABLED;
-      goto done;
-    }
-  if (!(app = application_lookup (mp->client_index)))
-    {
-      rv = VNET_API_ERROR_APPLICATION_NOT_ATTACHED;
-      goto done;
-    }
-  key_len = clib_net_to_host_u16 (mp->key_len);
-  if (key_len > 10000)
-    {
-      rv = VNET_API_ERROR_INVALID_VALUE;
-      goto done;
-    }
-  ckpair = app_cert_key_pair_get_default ();
-  vec_validate (ckpair->key, key_len);
-  clib_memcpy_fast (ckpair->key, mp->key, key_len);
-done:
-  REPLY_MACRO (VL_API_APPLICATION_TLS_KEY_ADD_REPLY);
-}
-
 static clib_error_t *
 application_reaper_cb (u32 client_index)
 {
-- 
cgit 1.2.3-korg