/* * Copyright (c) 2015 Cisco and/or its affiliates. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at: * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ /* Copyright (c) 2001-2005 Eliot Dresselhaus Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ #include #include #include #include /* for clib_arch_is_big_endian */ always_inline void zero_pair (hash_t * h, hash_pair_t * p) { clib_memset (p, 0, hash_pair_bytes (h)); } always_inline void init_pair (hash_t * h, hash_pair_t * p) { clib_memset (p->value, ~0, hash_value_bytes (h)); } always_inline hash_pair_union_t * get_pair (void *v, uword i) { hash_t *h = hash_header (v); hash_pair_t *p; ASSERT (i < vec_len (v)); p = v; p += i << h->log2_pair_size; return (hash_pair_union_t *) p; } always_inline void set_is_user (void *v, uword i, uword is_user) { hash_t *h = hash_header (v); uword i0 = i / BITS (h->is_user[0]); uword i1 = (uword) 1 << (i % BITS (h->is_user[0])); if (is_user) h->is_user[i0] |= i1; else h->is_user[i0] &= ~i1; } static u8 *hash_format_pair_default (u8 * s, va_list * args); #if uword_bits == 64 static inline u64 zap64 (u64 x, word n) { #define _(n) (((u64) 1 << (u64) (8*(n))) - (u64) 1) static u64 masks_little_endian[] = { 0, _(1), _(2), _(3), _(4), _(5), _(6), _(7), }; static u64 masks_big_endian[] = { 0, ~_(7), ~_(6), ~_(5), ~_(4), ~_(3), ~_(2), ~_(1), }; #undef _ if (clib_arch_is_big_endian) return x & masks_big_endian[n]; else return x & masks_little_endian[n]; } /** * make address-sanitizer skip this: * clib_mem_unaligned + zap64 casts its input as u64, computes a mask * according to the input length, and returns the casted maked value. * Therefore all the 8 Bytes of the u64 are systematically read, which * rightfully causes address-sanitizer to raise an error on smaller inputs. * * However the invalid Bytes are discarded within zap64(), whicj is why * this can be silenced safely. */ static inline u64 __attribute__ ((no_sanitize_address)) hash_memory64 (void *p, word n_bytes, u64 state) { u64 *q = p; u64 a, b, c, n; a = b = 0x9e3779b97f4a7c13LL; c = state; n = n_bytes; while (n >= 3 * sizeof (u64)) { a += clib_mem_unaligned (q + 0, u64); b += clib_mem_unaligned (q + 1, u64); c += clib_mem_unaligned (q + 2, u64); hash_mix64 (a, b, c); n -= 3 * sizeof (u64); q += 3; } c += n_bytes; switch (n / sizeof (u64)) { case 2: a += clib_mem_unaligned (q + 0, u64); b += clib_mem_unaligned (q + 1, u64); if (n % sizeof (u64)) c += zap64 (clib_mem_unaligned (q + 2, u64), n % sizeof (u64)) << 8; break; case 1: a += clib_mem_unaligned (q + 0, u64); if (n % sizeof (u64)) b += zap64 (clib_mem_unaligned (q + 1, u64), n % sizeof (u64)); break; case 0: if (n % sizeof (u64)) a += zap64 (clib_mem_unaligned (q + 0, u64), n % sizeof (u64)); break; } hash_mix64 (a, b, c); return c; } #else /* if uword_bits == 64 */ static inline u32 zap32 (u32 x, word n) { #define _(n) (((u32) 1 << (u32) (8*(n))) - (u32) 1) static u32 masks_little_endian[] = { 0, _(1), _(2), _(3), }; static u32 masks_big_endian[] = { 0, ~_(3), ~_(2), ~_(1), }; #undef _ if (clib_arch_is_big_endian) return x & masks_big_endian[n]; else return x & masks_little_endian[n]; } static inline u32 hash_memory32 (void *p, word n_bytes, u32 state) { u32 *q = p; u32 a, b, c, n; a = b = 0x9e3779b9; c = state; n = n_bytes; while (n >= 3 * sizeof (u32)) { a += clib_mem_unaligned (q + 0, u32); b += clib_mem_unaligned (q + 1, u32); c += clib_mem_unaligned (q + 2, u32); hash_mix32 (a, b, c); n -= 3 * sizeof (u32); q += 3; } c += n_bytes; switch (n / sizeof (u32)) { case 2: a += clib_mem_unaligned (q + 0, u32); b += clib_mem_unaligned (q + 1, u32); if (n % sizeof (u32)) c += zap32 (clib_mem_unaligned (q + 2, u32), n % sizeof (u32)) << 8; break; case 1: a += clib_mem_unaligned (q + 0, u32); if (n % sizeof (u32)) b += zap32 (clib_mem_unaligned (q + 1, u32), n % sizeof (u32)); break; case 0: if (n % sizeof (u32)) a += zap32 (clib_mem_unaligned (q + 0, u32), n % sizeof (u32)); break; } hash_mix32 (a, b, c); return c; } #endif uword hash_memory (void *p, word n_bytes, uword state) { uword *q = p; #if uword_bits == 64 return hash_memory64 (q, n_bytes, state); #else return hash_memory32 (q, n_bytes, state); #endif } #if uword_bits == 64 always_inline uword hash_uword (uword
# Copyright (c) 2018 Cisco and/or its affiliates.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at:
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

find_path(MBEDTLS_INCLUDE_DIR NAMES mbedtls/ssl.h)

if (NOT MBEDTLS_INCLUDE_DIR)
  message(WARNING "-- mbedtls headers not found - tlsmbedtls plugin disabled")
  return()
endif()

vpp_plugin_find_library(tlsmbedtls MBEDTLS_LIB1 mbedtls)
vpp_plugin_find_library(tlsmbedtls MBEDTLS_LIB2 mbedx509)
vpp_plugin_find_library(tlsmbedtls MBEDTLS_LIB3 mbedcrypto)

if (NOT MBEDTLS_LIB1 AND NOT MBEDTLS_LIB2 AND NOT MBEDTLS_LIB3)
  message(WARNING "-- mbedtls libraries not found - tlsmbedtls plugin disabled")
  return()
endif ()

set (MBEDTLS_LIB ${MBEDTLS_LIB1} ${MBEDTLS_LIB2} ${MBEDTLS_LIB3})

include_directories(${MBEDTLS_INCLUDE_DIR})
add_vpp_plugin(tlsmbedtls
  SOURCES
  tls_mbedtls.c

  LINK_LIBRARIES
  ${MBEDTLS_LIB}
)
3 (void *v, uword key, void *value, void *old_value) { hash_t *h; if (!v) v = hash_create (0, sizeof (uword)); h = hash_header (v); (void) lookup (v, key, SET, value, old_value); if (!(h->flags & HASH_FLAG_NO_AUTO_GROW)) { /* Resize when 3/4 full. */ if (4 * (h->elts + 1) > 3 * vec_len (v)) v = hash_resize (v, 2 * vec_len (v)); } return v; } uword vec_key_sum (hash_t * h, uword key) { void *v = uword_to_pointer (key, void *); return hash_memory (v, vec_len (v) * h->user, 0); } uword vec_key_equal (hash_t * h, uword key1, uword key2) { void *v1 = uword_to_pointer (key1, void *); void *v2 = uword_to_pointer (key2, void *); uword l1 = vec_len (v1); uword l2 = vec_len (v2); return l1 == l2 && 0 == memcmp (v1, v2, l1 * h->user); } u8 * vec_key_format_pair (u8 * s, va_list * args) { void *CLIB_UNUSED (user_arg) = va_arg (*args, void *); void *v = va_arg (*args, void *); hash_pair_t *p = va_arg (*args, hash_pair_t *); hash_t *h = hash_header (v); void *u = uword_to_pointer (p->key, void *); int i; switch (h->user) { case 1: s = format (s, "%v", u); break; case 2: { u16 *w = u; for (i = 0; i < vec_len (w); i++) s = format (s, "0x%x, ", w[i]); break; } case 4: { u32 *w = u; for (i = 0; i < vec_len (w); i++) s = format (s, "0x%x, ", w[i]); break; } case 8: { u64 *w = u; for (i = 0; i < vec_len (w); i++) s = format (s, "0x%Lx, ", w[i]); break; } default: s = format (s, "0x%U", format_hex_bytes, u, vec_len (u) * h->user); break; } if (hash_value_bytes (h) > 0) s = format (s, " -> 0x%wx", p->value[0]); return s; } uword mem_key_sum (hash_t * h, uword key) { uword *v = uword_to_pointer (key, void *); return hash_memory (v, h->user, 0); } uword mem_key_equal (hash_t * h, uword key1, uword key2) { void *v1 = uword_to_pointer (key1, void *); void *v2 = uword_to_pointer (key2, void *); return v1 && v2 && 0 == memcmp (v1, v2, h->user); } uword string_key_sum (hash_t * h, uword key) { char *v = uword_to_pointer (key, char *); return hash_memory (v, strlen (v), 0); } uword string_key_equal (hash_t * h, uword key1, uword key2) { void *v1 = uword_to_pointer (key1, void *); void *v2 = uword_to_pointer (key2, void *); return v1 && v2 && 0 == strcmp (v1, v2); } u8 * string_key_format_pair (u8 * s, va_list * args) { void *CLIB_UNUSED (user_arg) = va_arg (*args, void *); void *v = va_arg (*args, void *); hash_pair_t *p = va_arg (*args, hash_pair_t *); hash_t *h = hash_header (v); void *u = uword_to_pointer (p->key, void *); s = format (s, "%s", u); if (hash_value_bytes (h) > 0) s = format (s, " -> 0x%8U", format_hex_bytes, &p->value[0], hash_value_bytes (h)); return s; } static u8 * hash_format_pair_default (u8 * s, va_list * args) { void *CLIB_UNUSED (user_arg) = va_arg (*args, void *); void *v = va_arg (*args, void *); hash_pair_t *p = va_arg (*args, hash_pair_t *); hash_t *h = hash_header (v); s = format (s, "0x%08x", p->key); if (hash_value_bytes (h) > 0) s = format (s, " -> 0x%8U", format_hex_bytes, &p->value[0], hash_value_bytes (h)); return s; } uword hash_bytes (void *v) { uword i, bytes; hash_t *h = hash_header (v); if (!v) return 0; bytes = vec_capacity (v, hash_header_bytes (v)); for (i = 0; i < hash_capacity (v); i++) { if (!hash_is_user (v, i)) { hash_pair_union_t *p = get_pair (v, i); if (h->log2_pair_size > 0) bytes += 1 << indirect_pair_get_log2_bytes (&p->indirect); else bytes += vec_capacity (p->indirect.pairs, 0); } } return bytes; } u8 * format_hash (u8 * s, va_list * va) { void *v = va_arg (*va, void *); int verbose = va_arg (*va, int); hash_pair_t *p; hash_t *h = hash_header (v); uword i; s = format (s, "hash %p, %wd elts, capacity %wd, %wd bytes used,\n", v, hash_elts (v), hash_capacity (v), hash_bytes (v)); { uword *occupancy = 0; /* Count number of buckets with each occupancy. */ for (i = 0; i < hash_capacity (v); i++) { uword j; if (hash_is_user (v, i)) { j = 1; } else { hash_pair_union_t *p = get_pair (v, i); if (h->log2_pair_size > 0) j = indirect_pair_get_len (&p->indirect); else j = vec_len (p->indirect.pairs); } vec_validate (occupancy, j); occupancy[j]++; } s = format (s, " profile "); for (i = 0; i < vec_len (occupancy); i++) s = format (s, "%wd%c", occupancy[i], i + 1 == vec_len (occupancy) ? '\n' : ' '); s = format (s, " lookup # of compares: "); for (i = 1; i < vec_len (occupancy); i++) s = format (s, "%wd: .%03d%c", i, (1000 * i * occupancy[i]) / hash_elts (v), i + 1 == vec_len (occupancy) ? '\n' : ' '); vec_free (occupancy); } if (verbose) { /* *INDENT-OFF* */ hash_foreach_pair (p, v, { s = format (s, " %U\n", h->format_pair, h->format_pair_arg, v, p); }); /* *INDENT-ON* */ } return s; } static uword unformat_hash_string_internal (unformat_input_t * input, va_list * va, int is_vec) { uword *hash = va_arg (*va, uword *); int *result = va_arg (*va, int *); u8 *string = 0; uword *p; if (!unformat (input, is_vec ? "%v%_" : "%s%_", &string)) return 0; p = hash_get_mem (hash, string); if (p) *result = *p; vec_free (string); return p ? 1 : 0; } uword unformat_hash_vec_string (unformat_input_t * input, va_list * va) { return unformat_hash_string_internal (input, va, /* is_vec */ 1); } uword unformat_hash_string (unformat_input_t * input, va_list * va) { return unformat_hash_string_internal (input, va, /* is_vec */ 0); } clib_error_t * hash_validate (void *v) { hash_t *h = hash_header (v); uword i, j; uword *keys = 0; clib_error_t *error = 0; #define CHECK(x) if ((error = ERROR_ASSERT (x))) goto done; for (i = 0; i < hash_capacity (v); i++) { hash_pair_union_t *pu = get_pair (v, i); if (hash_is_user (v, i)) { CHECK (pu->direct.key != 0); vec_add1 (keys, pu->direct.key); } else { hash_pair_t *p; hash_pair_indirect_t *pi = &pu->indirect; uword n; n = h->log2_pair_size > 0 ? indirect_pair_get_len (pi) : vec_len (pi->pairs); for (p = pi->pairs; n-- > 0; p = hash_forward1 (h, p)) { /* Assert key uniqueness. */ for (j = 0; j < vec_len (keys); j++) CHECK (keys[j] != p->key); vec_add1 (keys, p->key); } } } CHECK (vec_len (keys) == h->elts); vec_free (keys); done: return error; } /* * fd.io coding-style-patch-verification: ON * * Local Variables: * eval: (c-set-style "gnu") * End: */