hsa: Add ckpair & crypto engine in vpp_echo
Type: feature * vpp echo adds and dels a cert and key pair for each run * it passes the crypto engine to be used (openssl, picotls, vpp, mbedtls) Change-Id: Iaba1de2e6abb510e6c4edbe84b2324b2f4843f26 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
This commit is contained in:
Nathan Skrzypczak
committed by
Florin Coras
Florin Coras
parent
dcbbf2833d
commit
7c40a3837a
@ -868,6 +868,7 @@ print_usage_and_exit (void)
|
||||
" tx-results-diff Tx results different to pass test\n"
|
||||
" json Output global stats in json\n"
|
||||
" log=N Set the log level to [0: no output, 1:errors, 2:log]\n"
|
||||
" crypto [engine] Set the crypto engine [openssl, vpp, picotls, mbedtls]\n"
|
||||
"\n"
|
||||
" nclients N Open N clients sending data\n"
|
||||
" nthreads N Use N busy loop threads for data [in addition to main & msg queue]\n"
|
||||
@ -970,11 +971,8 @@ echo_process_opts (int argc, char **argv)
|
||||
}
|
||||
else if (unformat (a, "nthreads %d", &em->n_rx_threads))
|
||||
;
|
||||
else
|
||||
if (unformat
|
||||
(a, "crypto %U", echo_unformat_crypto_engine,
|
||||
&em->crypto_ctx_engine))
|
||||
;
|
||||
else if (unformat (a, "crypto %U", echo_unformat_crypto_engine, &tmp))
|
||||
em->crypto_engine = tmp;
|
||||
else if (unformat (a, "appns %_%v%_", &em->appns_id))
|
||||
;
|
||||
else if (unformat (a, "all-scope"))
|
||||
@ -1120,7 +1118,7 @@ main (int argc, char **argv)
|
||||
em->tx_buf_size = 1 << 20;
|
||||
em->data_source = ECHO_INVALID_DATA_SOURCE;
|
||||
em->uri = format (0, "%s%c", "tcp://0.0.0.0/1234", 0);
|
||||
em->crypto_ctx_engine = CRYPTO_ENGINE_NONE;
|
||||
em->crypto_engine = CRYPTO_ENGINE_NONE;
|
||||
echo_set_each_proto_defaults_before_opts (em);
|
||||
echo_process_opts (argc, argv);
|
||||
echo_process_uri (em);
|
||||
@ -1184,14 +1182,14 @@ main (int argc, char **argv)
|
||||
goto exit_on_error;
|
||||
}
|
||||
|
||||
if (em->crypto_ctx_engine == CRYPTO_ENGINE_NONE)
|
||||
/* when no crypto engine specified, dont expect crypto ctx */
|
||||
if (em->uri_elts.transport_proto != TRANSPORT_PROTO_QUIC
|
||||
&& em->uri_elts.transport_proto != TRANSPORT_PROTO_TLS)
|
||||
em->state = STATE_ATTACHED;
|
||||
else
|
||||
{
|
||||
ECHO_LOG (1, "Adding crypto context %U", echo_format_crypto_engine,
|
||||
em->crypto_ctx_engine);
|
||||
echo_send_add_crypto_ctx (em);
|
||||
em->crypto_engine);
|
||||
echo_send_add_cert_key (em);
|
||||
if (wait_for_state_change (em, STATE_ATTACHED, TIMEOUT))
|
||||
{
|
||||
ECHO_FAIL (ECHO_FAIL_APP_ATTACH,
|
||||
@ -1221,6 +1219,13 @@ main (int argc, char **argv)
|
||||
clients_run (em);
|
||||
echo_notify_event (em, ECHO_EVT_EXIT);
|
||||
echo_free_sessions (em);
|
||||
echo_send_del_cert_key (em);
|
||||
if (wait_for_state_change (em, STATE_CLEANED_CERT_KEY, TIMEOUT))
|
||||
{
|
||||
ECHO_FAIL (ECHO_FAIL_DEL_CERT_KEY, "Couldn't cleanup cert and key");
|
||||
goto exit_on_error;
|
||||
}
|
||||
|
||||
echo_send_detach (em);
|
||||
if (wait_for_state_change (em, STATE_DETACHED, TIMEOUT))
|
||||
{
|
||||
|
||||
@ -68,28 +68,38 @@ echo_send_detach (echo_main_t * em)
|
||||
}
|
||||
|
||||
void
|
||||
echo_send_add_crypto_ctx (echo_main_t * em)
|
||||
echo_send_add_cert_key (echo_main_t * em)
|
||||
{
|
||||
vl_api_application_tls_cert_add_t *cert_mp;
|
||||
vl_api_application_tls_key_add_t *key_mp;
|
||||
u32 cert_len = test_srv_crt_rsa_len;
|
||||
u32 key_len = test_srv_key_rsa_len;
|
||||
vl_api_app_add_cert_key_pair_t *bmp;
|
||||
|
||||
cert_mp = vl_msg_api_alloc (sizeof (*cert_mp) + test_srv_crt_rsa_len);
|
||||
clib_memset (cert_mp, 0, sizeof (*cert_mp));
|
||||
cert_mp->_vl_msg_id = ntohs (VL_API_APPLICATION_TLS_CERT_ADD);
|
||||
cert_mp->client_index = em->my_client_index;
|
||||
cert_mp->context = ntohl (0xfeedface);
|
||||
cert_mp->cert_len = clib_host_to_net_u16 (test_srv_crt_rsa_len);
|
||||
clib_memcpy_fast (cert_mp->cert, test_srv_crt_rsa, test_srv_crt_rsa_len);
|
||||
vl_msg_api_send_shmem (em->vl_input_queue, (u8 *) & cert_mp);
|
||||
bmp = vl_msg_api_alloc (sizeof (*bmp) + cert_len + key_len);
|
||||
clib_memset (bmp, 0, sizeof (*bmp) + cert_len + key_len);
|
||||
|
||||
key_mp = vl_msg_api_alloc (sizeof (*key_mp) + test_srv_key_rsa_len);
|
||||
clib_memset (key_mp, 0, sizeof (*key_mp) + test_srv_key_rsa_len);
|
||||
key_mp->_vl_msg_id = ntohs (VL_API_APPLICATION_TLS_KEY_ADD);
|
||||
key_mp->client_index = em->my_client_index;
|
||||
key_mp->context = ntohl (0xfeedface);
|
||||
key_mp->key_len = clib_host_to_net_u16 (test_srv_key_rsa_len);
|
||||
clib_memcpy_fast (key_mp->key, test_srv_key_rsa, test_srv_key_rsa_len);
|
||||
vl_msg_api_send_shmem (em->vl_input_queue, (u8 *) & key_mp);
|
||||
bmp->_vl_msg_id = ntohs (VL_API_APP_ADD_CERT_KEY_PAIR);
|
||||
bmp->client_index = em->my_client_index;
|
||||
bmp->context = ntohl (0xfeedface);
|
||||
bmp->cert_len = clib_host_to_net_u16 (cert_len);
|
||||
bmp->certkey_len = clib_host_to_net_u16 (key_len + cert_len);
|
||||
clib_memcpy_fast (bmp->certkey, test_srv_crt_rsa, cert_len);
|
||||
clib_memcpy_fast (bmp->certkey + cert_len, test_srv_key_rsa, key_len);
|
||||
|
||||
vl_msg_api_send_shmem (em->vl_input_queue, (u8 *) & bmp);
|
||||
}
|
||||
|
||||
void
|
||||
echo_send_del_cert_key (echo_main_t * em)
|
||||
{
|
||||
vl_api_app_del_cert_key_pair_t *bmp;
|
||||
bmp = vl_msg_api_alloc (sizeof (*bmp));
|
||||
clib_memset (bmp, 0, sizeof (*bmp));
|
||||
|
||||
bmp->_vl_msg_id = ntohs (VL_API_APP_DEL_CERT_KEY_PAIR);
|
||||
bmp->client_index = em->my_client_index;
|
||||
bmp->context = ntohl (0xfeedface);
|
||||
bmp->index = clib_host_to_net_u32 (em->ckpair_index);
|
||||
vl_msg_api_send_shmem (em->vl_input_queue, (u8 *) & bmp);
|
||||
}
|
||||
|
||||
void
|
||||
@ -109,6 +119,8 @@ echo_send_listen (echo_main_t * em)
|
||||
clib_memcpy_fast (&mp->ip, &em->uri_elts.ip, sizeof (mp->ip));
|
||||
mp->port = em->uri_elts.port;
|
||||
mp->proto = em->uri_elts.transport_proto;
|
||||
mp->ckpair_index = em->ckpair_index;
|
||||
mp->crypto_engine = em->crypto_engine;
|
||||
app_send_ctrl_evt_to_vpp (mq, app_evt);
|
||||
}
|
||||
|
||||
@ -148,6 +160,8 @@ echo_send_connect (u64 parent_session_handle, u32 opaque)
|
||||
mp->port = em->uri_elts.port;
|
||||
mp->proto = em->uri_elts.transport_proto;
|
||||
mp->parent_handle = parent_session_handle;
|
||||
mp->ckpair_index = em->ckpair_index;
|
||||
mp->crypto_engine = em->crypto_engine;
|
||||
app_send_ctrl_evt_to_vpp (mq, app_evt);
|
||||
}
|
||||
|
||||
@ -216,47 +230,40 @@ echo_segment_handle_add_del (echo_main_t * em, u64 segment_handle, u8 add)
|
||||
*/
|
||||
|
||||
static void
|
||||
vl_api_application_tls_cert_add_reply_t_handler
|
||||
(vl_api_application_tls_cert_add_reply_t * mp)
|
||||
vl_api_app_add_cert_key_pair_reply_t_handler
|
||||
(vl_api_app_add_cert_key_pair_reply_t * mp)
|
||||
{
|
||||
echo_main_t *em = &echo_main;
|
||||
if (mp->retval)
|
||||
{
|
||||
ECHO_FAIL (ECHO_FAIL_VL_API_TLS_CERT_ADD_REPLY,
|
||||
"tls cert add returned %d",
|
||||
ECHO_FAIL (ECHO_FAIL_VL_API_CERT_KEY_ADD_REPLY,
|
||||
"Adding cert and key returned %d",
|
||||
clib_net_to_host_u32 (mp->retval));
|
||||
return;
|
||||
}
|
||||
/* No concurrency here, only bapi thread writes */
|
||||
if (em->state != STATE_ATTACHED_NO_CERT
|
||||
&& em->state != STATE_ATTACHED_ONE_CERT)
|
||||
if (em->state != STATE_ATTACHED_NO_CERT)
|
||||
{
|
||||
ECHO_FAIL (ECHO_FAIL_VL_API_TLS_CERT_ADD_REPLY, "Wrong state");
|
||||
ECHO_FAIL (ECHO_FAIL_VL_API_CERT_KEY_ADD_REPLY, "Wrong state");
|
||||
return;
|
||||
}
|
||||
em->state++;
|
||||
em->ckpair_index = clib_net_to_host_u32 (mp->index);
|
||||
em->state = STATE_ATTACHED;
|
||||
}
|
||||
|
||||
static void
|
||||
vl_api_application_tls_key_add_reply_t_handler
|
||||
(vl_api_application_tls_key_add_reply_t * mp)
|
||||
vl_api_app_del_cert_key_pair_reply_t_handler
|
||||
(vl_api_app_del_cert_key_pair_reply_t * mp)
|
||||
{
|
||||
echo_main_t *em = &echo_main;
|
||||
if (mp->retval)
|
||||
{
|
||||
ECHO_FAIL (ECHO_FAIL_VL_API_TLS_KEY_ADD_REPLY,
|
||||
"tls key add returned %d",
|
||||
ECHO_FAIL (ECHO_FAIL_VL_API_CERT_KEY_DEL_REPLY,
|
||||
"Delete cert and key returned %d",
|
||||
clib_net_to_host_u32 (mp->retval));
|
||||
return;
|
||||
}
|
||||
/* No concurrency here, only bapi thread writes */
|
||||
if (em->state != STATE_ATTACHED_NO_CERT
|
||||
&& em->state != STATE_ATTACHED_ONE_CERT)
|
||||
{
|
||||
ECHO_FAIL (ECHO_FAIL_VL_API_TLS_CERT_ADD_REPLY, "Wrong state");
|
||||
return;
|
||||
}
|
||||
em->state++;
|
||||
em->state = STATE_CLEANED_CERT_KEY;
|
||||
}
|
||||
|
||||
static void
|
||||
@ -419,12 +426,12 @@ failed:
|
||||
vec_free (fds);
|
||||
}
|
||||
|
||||
#define foreach_quic_echo_msg \
|
||||
_(APP_ATTACH_REPLY, app_attach_reply) \
|
||||
_(APPLICATION_DETACH_REPLY, application_detach_reply) \
|
||||
_(MAP_ANOTHER_SEGMENT, map_another_segment) \
|
||||
_(APPLICATION_TLS_CERT_ADD_REPLY, application_tls_cert_add_reply) \
|
||||
_(APPLICATION_TLS_KEY_ADD_REPLY, application_tls_key_add_reply) \
|
||||
#define foreach_quic_echo_msg \
|
||||
_(APP_ATTACH_REPLY, app_attach_reply) \
|
||||
_(APPLICATION_DETACH_REPLY, application_detach_reply) \
|
||||
_(MAP_ANOTHER_SEGMENT, map_another_segment) \
|
||||
_(APP_ADD_CERT_KEY_PAIR_REPLY, app_add_cert_key_pair_reply) \
|
||||
_(APP_DEL_CERT_KEY_PAIR_REPLY, app_del_cert_key_pair_reply) \
|
||||
_(UNMAP_SEGMENT, unmap_segment)
|
||||
|
||||
void
|
||||
|
||||
@ -205,8 +205,6 @@ echo_format_app_state (u8 * s, va_list * args)
|
||||
return format (s, "STATE_ATTACHED (%u)", state);
|
||||
if (state == STATE_ATTACHED_NO_CERT)
|
||||
return format (s, "STATE_ATTACHED_NO_CERT (%u)", state);
|
||||
if (state == STATE_ATTACHED_ONE_CERT)
|
||||
return format (s, "STATE_ATTACHED_ONE_CERT (%u)", state);
|
||||
if (state == STATE_LISTEN)
|
||||
return format (s, "STATE_LISTEN (%u)", state);
|
||||
if (state == STATE_READY)
|
||||
|
||||
@ -64,6 +64,7 @@
|
||||
_(ECHO_FAIL_1ST_PTHREAD_CREATE, "ECHO_FAIL_1ST_PTHREAD_CREATE") \
|
||||
_(ECHO_FAIL_PTHREAD_CREATE, "ECHO_FAIL_PTHREAD_CREATE") \
|
||||
_(ECHO_FAIL_DETACH, "ECHO_FAIL_DETACH") \
|
||||
_(ECHO_FAIL_DEL_CERT_KEY, "ECHO_FAIL_DEL_CERT_KEY") \
|
||||
_(ECHO_FAIL_MQ_PTHREAD, "ECHO_FAIL_MQ_PTHREAD") \
|
||||
_(ECHO_FAIL_VL_API_APP_ATTACH, "ECHO_FAIL_VL_API_APP_ATTACH") \
|
||||
_(ECHO_FAIL_VL_API_MISSING_SEGMENT_NAME, \
|
||||
@ -79,10 +80,10 @@
|
||||
_(ECHO_FAIL_VL_API_UNBIND_REPLY, "ECHO_FAIL_VL_API_UNBIND_REPLY") \
|
||||
_(ECHO_FAIL_SESSION_DISCONNECT, "ECHO_FAIL_SESSION_DISCONNECT") \
|
||||
_(ECHO_FAIL_SESSION_RESET, "ECHO_FAIL_SESSION_RESET") \
|
||||
_(ECHO_FAIL_VL_API_TLS_CERT_ADD_REPLY, \
|
||||
"ECHO_FAIL_VL_API_TLS_CERT_ADD_REPLY") \
|
||||
_(ECHO_FAIL_VL_API_TLS_KEY_ADD_REPLY, \
|
||||
"ECHO_FAIL_VL_API_TLS_KEY_ADD_REPLY") \
|
||||
_(ECHO_FAIL_VL_API_CERT_KEY_ADD_REPLY, \
|
||||
"ECHO_FAIL_VL_API_CERT_KEY_ADD_REPLY") \
|
||||
_(ECHO_FAIL_VL_API_CERT_KEY_DEL_REPLY, \
|
||||
"ECHO_FAIL_VL_API_CERT_KEY_DEL_REPLY") \
|
||||
_(ECHO_FAIL_GET_SESSION_FROM_HANDLE, \
|
||||
"ECHO_FAIL_GET_SESSION_FROM_HANDLE") \
|
||||
_(ECHO_FAIL_QUIC_WRONG_CONNECT, "ECHO_FAIL_QUIC_WRONG_CONNECT") \
|
||||
@ -203,12 +204,12 @@ typedef enum
|
||||
{
|
||||
STATE_START,
|
||||
STATE_ATTACHED_NO_CERT,
|
||||
STATE_ATTACHED_ONE_CERT,
|
||||
STATE_ATTACHED,
|
||||
STATE_LISTEN,
|
||||
STATE_READY,
|
||||
STATE_DATA_DONE,
|
||||
STATE_DISCONNECTED,
|
||||
STATE_CLEANED_CERT_KEY,
|
||||
STATE_DETACHED
|
||||
} connection_state_t;
|
||||
|
||||
@ -308,7 +309,8 @@ typedef struct
|
||||
u8 log_lvl; /* Verbosity of the logging */
|
||||
int max_test_msg; /* Limit the number of incorrect data messages */
|
||||
u32 evt_q_size; /* Size of the vpp MQ (app<->vpp events) */
|
||||
u32 crypto_ctx_engine; /* crypto engine used */
|
||||
u32 ckpair_index; /* Cert key pair used */
|
||||
u8 crypto_engine; /* crypto engine used */
|
||||
|
||||
u8 *appns_id;
|
||||
u64 appns_flags;
|
||||
@ -409,7 +411,8 @@ void echo_send_unbind (echo_main_t * em, echo_session_t * s);
|
||||
void echo_send_connect (u64 vpp_session_handle, u32 opaque);
|
||||
void echo_send_disconnect_session (u64 handle, u32 opaque);
|
||||
void echo_api_hookup (echo_main_t * em);
|
||||
void echo_send_add_crypto_ctx (echo_main_t * em);
|
||||
void echo_send_add_cert_key (echo_main_t * em);
|
||||
void echo_send_del_cert_key (echo_main_t * em);
|
||||
|
||||
#endif /* __included_vpp_echo_common_h__ */
|
||||
|
||||
|
||||
@ -461,8 +461,6 @@ quic_echo_set_defaults_after_opts_cb ()
|
||||
echo_main_t *em = &echo_main;
|
||||
u8 default_f_active;
|
||||
|
||||
if (em->crypto_ctx_engine == CRYPTO_ENGINE_NONE)
|
||||
em->crypto_ctx_engine = CRYPTO_ENGINE_PICOTLS;
|
||||
em->n_connects = em->n_clients;
|
||||
em->n_sessions =
|
||||
clib_max (1, eqm->n_stream_clients) * em->n_clients + em->n_clients + 1;
|
||||
|
||||
@ -122,14 +122,6 @@ tcp_echo_reset_cb (session_reset_msg_t * mp, echo_session_t * s)
|
||||
s->session_state = ECHO_SESSION_STATE_CLOSING;
|
||||
}
|
||||
|
||||
static void
|
||||
tls_echo_set_defaults_after_opts_cb ()
|
||||
{
|
||||
echo_main_t *em = &echo_main;
|
||||
if (em->crypto_ctx_engine == CRYPTO_ENGINE_NONE)
|
||||
em->crypto_ctx_engine = CRYPTO_ENGINE_OPENSSL;
|
||||
}
|
||||
|
||||
echo_proto_cb_vft_t echo_tcp_proto_cb_vft = {
|
||||
.disconnected_cb = tcp_echo_disconnected_cb,
|
||||
.connected_cb = tcp_echo_connected_cb,
|
||||
@ -146,11 +138,10 @@ echo_proto_cb_vft_t echo_tls_proto_cb_vft = {
|
||||
.reset_cb = tcp_echo_reset_cb,
|
||||
.sent_disconnect_cb = tcp_echo_sent_disconnect_cb,
|
||||
.cleanup_cb = tcp_echo_cleanup_cb,
|
||||
.set_defaults_after_opts_cb = tls_echo_set_defaults_after_opts_cb,
|
||||
};
|
||||
|
||||
ECHO_REGISTER_PROTO (TRANSPORT_PROTO_TCP, echo_tcp_proto_cb_vft);
|
||||
ECHO_REGISTER_PROTO (TRANSPORT_PROTO_TLS, echo_tcp_proto_cb_vft);
|
||||
ECHO_REGISTER_PROTO (TRANSPORT_PROTO_TLS, echo_tls_proto_cb_vft);
|
||||
ECHO_REGISTER_PROTO (TRANSPORT_PROTO_SCTP, echo_tcp_proto_cb_vft);
|
||||
|
||||
/*
|
||||
|
||||
Reference in New Issue
Block a user