tls: refactor vft functionsn to allow for reuse
Type: refactor
Change-Id: I3d7ff64e2e54b113f8d4b26f2dbf5b9c67b80976
Signed-off-by: Florin Coras <fcoras@cisco.com>
diff --git a/src/vnet/tls/tls.c b/src/vnet/tls/tls.c
index 5f00e6e..9bc9323 100644
--- a/src/vnet/tls/tls.c
+++ b/src/vnet/tls/tls.c
@@ -16,13 +16,10 @@
#include <vnet/session/application_interface.h>
#include <vppinfra/lock.h>
#include <vnet/tls/tls.h>
+#include <vnet/tls/tls_inlines.h>
static tls_main_t tls_main;
-static tls_engine_vft_t *tls_vfts;
-
-#define TLS_INVALID_HANDLE ~0
-#define TLS_IDX_MASK 0x00FFFFFF
-#define TLS_ENGINE_TYPE_SHIFT 28
+tls_engine_vft_t *tls_vfts;
void tls_disconnect (u32 ctx_handle, u32 thread_index);
@@ -50,6 +47,21 @@
return CRYPTO_ENGINE_NONE;
}
+static crypto_engine_type_t
+tls_get_engine_type (crypto_engine_type_t requested,
+ crypto_engine_type_t preferred)
+{
+ if (requested != CRYPTO_ENGINE_NONE)
+ {
+ if (tls_vfts[requested].ctx_alloc)
+ return requested;
+ return CRYPTO_ENGINE_NONE;
+ }
+ if (!tls_vfts[preferred].ctx_alloc)
+ return tls_get_available_engine ();
+ return preferred;
+}
+
int
tls_add_vpp_q_rx_evt (session_t * s)
{
@@ -295,140 +307,6 @@
ctx->parent_app_api_context);
}
-static inline void
-tls_ctx_parse_handle (u32 ctx_handle, u32 * ctx_index, u32 * engine_type)
-{
- *ctx_index = ctx_handle & TLS_IDX_MASK;
- *engine_type = ctx_handle >> TLS_ENGINE_TYPE_SHIFT;
-}
-
-static inline crypto_engine_type_t
-tls_get_engine_type (crypto_engine_type_t requested,
- crypto_engine_type_t preferred)
-{
- if (requested != CRYPTO_ENGINE_NONE)
- {
- if (tls_vfts[requested].ctx_alloc)
- return requested;
- return CRYPTO_ENGINE_NONE;
- }
- if (!tls_vfts[preferred].ctx_alloc)
- return tls_get_available_engine ();
- return preferred;
-}
-
-static inline u32
-tls_ctx_alloc (crypto_engine_type_t engine_type)
-{
- u32 ctx_index;
- ctx_index = tls_vfts[engine_type].ctx_alloc ();
- return (((u32) engine_type << TLS_ENGINE_TYPE_SHIFT) | ctx_index);
-}
-
-static inline u32
-tls_ctx_alloc_w_thread (crypto_engine_type_t engine_type, u32 thread_index)
-{
- u32 ctx_index;
- ctx_index = tls_vfts[engine_type].ctx_alloc_w_thread (thread_index);
- return (((u32) engine_type << TLS_ENGINE_TYPE_SHIFT) | ctx_index);
-}
-
-static inline u32
-tls_ctx_attach (crypto_engine_type_t engine_type, u32 thread_index, void *ctx)
-{
- u32 ctx_index;
- ctx_index = tls_vfts[engine_type].ctx_attach (thread_index, ctx);
- return (((u32) engine_type << TLS_ENGINE_TYPE_SHIFT) | ctx_index);
-}
-
-static inline void *
-tls_ctx_detach (tls_ctx_t *ctx)
-{
- return tls_vfts[ctx->tls_ctx_engine].ctx_detach (ctx);
-}
-
-static inline tls_ctx_t *
-tls_ctx_get (u32 ctx_handle)
-{
- u32 ctx_index, engine_type;
- tls_ctx_parse_handle (ctx_handle, &ctx_index, &engine_type);
- return tls_vfts[engine_type].ctx_get (ctx_index);
-}
-
-static inline tls_ctx_t *
-tls_ctx_get_w_thread (u32 ctx_handle, u8 thread_index)
-{
- u32 ctx_index, engine_type;
- tls_ctx_parse_handle (ctx_handle, &ctx_index, &engine_type);
- return tls_vfts[engine_type].ctx_get_w_thread (ctx_index, thread_index);
-}
-
-static inline int
-tls_ctx_init_server (tls_ctx_t * ctx)
-{
- return tls_vfts[ctx->tls_ctx_engine].ctx_init_server (ctx);
-}
-
-static inline int
-tls_ctx_init_client (tls_ctx_t * ctx)
-{
- return tls_vfts[ctx->tls_ctx_engine].ctx_init_client (ctx);
-}
-
-static inline int
-tls_ctx_write (tls_ctx_t * ctx, session_t * app_session,
- transport_send_params_t * sp)
-{
- u32 n_wrote;
-
- sp->max_burst_size = sp->max_burst_size * TRANSPORT_PACER_MIN_MSS;
- n_wrote = tls_vfts[ctx->tls_ctx_engine].ctx_write (ctx, app_session, sp);
- sp->bytes_dequeued = n_wrote;
- return n_wrote > 0 ? clib_max (n_wrote / TRANSPORT_PACER_MIN_MSS, 1) : 0;
-}
-
-static inline int
-tls_ctx_read (tls_ctx_t * ctx, session_t * tls_session)
-{
- return tls_vfts[ctx->tls_ctx_engine].ctx_read (ctx, tls_session);
-}
-
-static inline int
-tls_ctx_transport_close (tls_ctx_t * ctx)
-{
- return tls_vfts[ctx->tls_ctx_engine].ctx_transport_close (ctx);
-}
-
-static inline int
-tls_ctx_transport_reset (tls_ctx_t *ctx)
-{
- return tls_vfts[ctx->tls_ctx_engine].ctx_transport_reset (ctx);
-}
-
-static inline int
-tls_ctx_app_close (tls_ctx_t * ctx)
-{
- return tls_vfts[ctx->tls_ctx_engine].ctx_app_close (ctx);
-}
-
-void
-tls_ctx_free (tls_ctx_t * ctx)
-{
- tls_vfts[ctx->tls_ctx_engine].ctx_free (ctx);
-}
-
-u8
-tls_ctx_handshake_is_over (tls_ctx_t * ctx)
-{
- return tls_vfts[ctx->tls_ctx_engine].ctx_handshake_is_over (ctx);
-}
-
-int
-tls_reinit_ca_chain (crypto_engine_type_t tls_engine_id)
-{
- return tls_vfts[tls_engine_id].ctx_reinit_cachain ();
-}
-
void
tls_notify_app_io_error (tls_ctx_t *ctx)
{
diff --git a/src/vnet/tls/tls.h b/src/vnet/tls/tls.h
index 6bd1371..38f4c4b 100644
--- a/src/vnet/tls/tls.h
+++ b/src/vnet/tls/tls.h
@@ -28,6 +28,10 @@
#define TLS_CHUNK_SIZE (1 << 14)
#define TLS_CA_CERT_PATH "/etc/ssl/certs/ca-certificates.crt"
+#define TLS_INVALID_HANDLE ~0
+#define TLS_IDX_MASK 0x00FFFFFF
+#define TLS_ENGINE_TYPE_SHIFT 28
+
#if TLS_DEBUG
#define TLS_DBG(_lvl, _fmt, _args...) \
if (_lvl <= TLS_DEBUG) \
@@ -148,6 +152,8 @@
int (*ctx_reinit_cachain) (void);
} tls_engine_vft_t;
+extern tls_engine_vft_t *tls_vfts;
+
tls_main_t *vnet_tls_get_main (void);
void tls_register_engine (const tls_engine_vft_t * vft,
crypto_engine_type_t type);
@@ -160,7 +166,6 @@
void tls_notify_app_enqueue (tls_ctx_t * ctx, session_t * app_session);
void tls_notify_app_io_error (tls_ctx_t *ctx);
void tls_disconnect_transport (tls_ctx_t * ctx);
-int tls_reinit_ca_chain (crypto_engine_type_t tls_engine_id);
void tls_add_postponed_ho_cleanups (u32 ho_index);
void tls_flush_postponed_ho_cleanups ();
diff --git a/src/vnet/tls/tls_inlines.h b/src/vnet/tls/tls_inlines.h
new file mode 100644
index 0000000..1800273
--- /dev/null
+++ b/src/vnet/tls/tls_inlines.h
@@ -0,0 +1,129 @@
+/* SPDX-License-Identifier: Apache-2.0
+ * Copyright(c) 2024 Cisco Systems, Inc.
+ */
+
+#ifndef SRC_VNET_TLS_TLS_INLINES_H_
+#define SRC_VNET_TLS_TLS_INLINES_H_
+
+#include <vnet/tls/tls.h>
+
+static inline void
+tls_ctx_parse_handle (u32 ctx_handle, u32 *ctx_index, u32 *engine_type)
+{
+ *ctx_index = ctx_handle & TLS_IDX_MASK;
+ *engine_type = ctx_handle >> TLS_ENGINE_TYPE_SHIFT;
+}
+
+static inline u32
+tls_ctx_alloc (crypto_engine_type_t engine_type)
+{
+ u32 ctx_index;
+ ctx_index = tls_vfts[engine_type].ctx_alloc ();
+ return (((u32) engine_type << TLS_ENGINE_TYPE_SHIFT) | ctx_index);
+}
+
+static inline u32
+tls_ctx_alloc_w_thread (crypto_engine_type_t engine_type, u32 thread_index)
+{
+ u32 ctx_index;
+ ctx_index = tls_vfts[engine_type].ctx_alloc_w_thread (thread_index);
+ return (((u32) engine_type << TLS_ENGINE_TYPE_SHIFT) | ctx_index);
+}
+
+static inline tls_ctx_t *
+tls_ctx_get (u32 ctx_handle)
+{
+ u32 ctx_index, engine_type;
+ tls_ctx_parse_handle (ctx_handle, &ctx_index, &engine_type);
+ return tls_vfts[engine_type].ctx_get (ctx_index);
+}
+
+static inline tls_ctx_t *
+tls_ctx_get_w_thread (u32 ctx_handle, u8 thread_index)
+{
+ u32 ctx_index, engine_type;
+ tls_ctx_parse_handle (ctx_handle, &ctx_index, &engine_type);
+ return tls_vfts[engine_type].ctx_get_w_thread (ctx_index, thread_index);
+}
+
+static inline void
+tls_ctx_free (tls_ctx_t *ctx)
+{
+ tls_vfts[ctx->tls_ctx_engine].ctx_free (ctx);
+}
+
+static inline int
+tls_ctx_init_server (tls_ctx_t *ctx)
+{
+ return tls_vfts[ctx->tls_ctx_engine].ctx_init_server (ctx);
+}
+
+static inline int
+tls_ctx_init_client (tls_ctx_t *ctx)
+{
+ return tls_vfts[ctx->tls_ctx_engine].ctx_init_client (ctx);
+}
+
+static inline u32
+tls_ctx_attach (crypto_engine_type_t engine_type, u32 thread_index, void *ctx)
+{
+ u32 ctx_index;
+ ctx_index = tls_vfts[engine_type].ctx_attach (thread_index, ctx);
+ return (((u32) engine_type << TLS_ENGINE_TYPE_SHIFT) | ctx_index);
+}
+
+static inline void *
+tls_ctx_detach (tls_ctx_t *ctx)
+{
+ return tls_vfts[ctx->tls_ctx_engine].ctx_detach (ctx);
+}
+
+static inline int
+tls_ctx_write (tls_ctx_t *ctx, session_t *app_session,
+ transport_send_params_t *sp)
+{
+ u32 n_wrote;
+
+ sp->max_burst_size = sp->max_burst_size * TRANSPORT_PACER_MIN_MSS;
+ n_wrote = tls_vfts[ctx->tls_ctx_engine].ctx_write (ctx, app_session, sp);
+ sp->bytes_dequeued = n_wrote;
+ return n_wrote > 0 ? clib_max (n_wrote / TRANSPORT_PACER_MIN_MSS, 1) : 0;
+}
+
+static inline int
+tls_ctx_read (tls_ctx_t *ctx, session_t *tls_session)
+{
+ return tls_vfts[ctx->tls_ctx_engine].ctx_read (ctx, tls_session);
+}
+
+static inline int
+tls_ctx_transport_close (tls_ctx_t *ctx)
+{
+ return tls_vfts[ctx->tls_ctx_engine].ctx_transport_close (ctx);
+}
+
+static inline int
+tls_ctx_transport_reset (tls_ctx_t *ctx)
+{
+ return tls_vfts[ctx->tls_ctx_engine].ctx_transport_reset (ctx);
+}
+
+static inline int
+tls_ctx_app_close (tls_ctx_t *ctx)
+{
+ return tls_vfts[ctx->tls_ctx_engine].ctx_app_close (ctx);
+}
+
+static inline u8
+tls_ctx_handshake_is_over (tls_ctx_t *ctx)
+{
+ return tls_vfts[ctx->tls_ctx_engine].ctx_handshake_is_over (ctx);
+}
+
+static inline int
+tls_reinit_ca_chain (crypto_engine_type_t tls_engine_id)
+{
+ return tls_vfts[tls_engine_id].ctx_reinit_cachain ();
+}
+
+#endif /* SRC_VNET_TLS_TLS_INLINES_H_ */
\ No newline at end of file