Add delete_key().

16806d35 · Geoff Simmons · 7d8800eb · 16806d35 · 16806d35 · 16806d35
Commit 16806d35 authored Sep 16, 2019 by Geoff Simmons
Hide whitespace changes
Inline Side-by-side

Showing with 96 additions and 24 deletions

keys.c src/keys.c +16 -0

keys.h src/keys.h +1 -0

keys.vtc src/tests/keys.vtc +50 -22

vmod_ece.c src/vmod_ece.c +23 -2

vmod_ece.vcc src/vmod_ece.vcc +6 -0

No files found.
--- a/src/keys.c
+++ b/src/keys.c
@@ -452,3 +452,19 @@ KEY_Delete(VRT_CTX, uint8_t *id, uint8_t idlen)
 	Lck_Unlock(&page_mtx);
 	return (0);
 }
+
+VCL_BOOL
+KEY_Exists(uint8_t *id, uint8_t idlen)
+{
+	struct key_tree *tree_h;
+	VCL_BOOL ret;
+
+	AN(id);
+
+	KEY_Rdlock(idlen);
+	tree_h = &key_tbl[idlen].tree;
+	ret = (key_find(tree_h, id, idlen) != NULL);
+	KEY_Unlock(idlen);
+
+	return (ret);
+}
--- a/src/keys.h
+++ b/src/keys.h
@@ -40,3 +40,4 @@ uint8_t *KEY_Get(uint8_t *id, uint8_t idlen);
 int KEY_Set(VRT_CTX, uint8_t *id, uint8_t idlen, const uint8_t *key);
 void KEY_Wipe(void * const key);
 int KEY_Delete(VRT_CTX, uint8_t *id, uint8_t idlen);
+VCL_BOOL KEY_Exists(uint8_t *id, uint8_t idlen);
--- a/src/tests/keys.vtc
+++ b/src/tests/keys.vtc
@@ -16,17 +16,33 @@ varnish v1 -vcl+backend {
 		                           encoded="paFlLDjHC3rnUp4hOmph+g=="));
 	}

+	sub vcl_recv {
+		set req.http.Exists-Before = ece.key_exists("delete me");
+	}
+
 	sub vcl_backend_response {
 		ece.delete_key("delete me");
 		set bereq.http.X-ECE-Key-ID = "delete me";
 		set beresp.filters = "ece_encrypt";
 	}
+
+	sub vcl_deliver {
+		set resp.http.Exists-Before = req.http.Exists-Before;
+		set resp.http.Exists-After = ece.key_exists("delete me");
+		if (ece.key_exists("no such key")) {
+			set resp.http.No-Such-Header = "doesn't get set";
+		}
+	}
 } -start

 client c1 {
 	txreq
 	rxresp
 	expect resp.status == 503
+	expect resp.reason == "Backend fetch failed"
+	expect resp.http.Exists-Before == "true"
+	expect resp.http.Exists-After == "false"
+	expect resp.http.No-Such-Header == <undef>
 } -run

 logexpect l1 -v v1 -d 1 -g vxid -q "FetchError" {
@@ -35,46 +51,58 @@ logexpect l1 -v v1 -d 1 -g vxid -q "FetchError" {
 	expect * = End
 } -run

-varnish v1 -errvcl {key "no such key" not found} {
-	import ${vmod_ece};
-	backend b { .host="${bad_ip}"; }
-
-	sub vcl_init {
-		ece.delete_key("no such key");
-	}
-}
-
-varnish v1 -errvcl {too long} {
+varnish v1 -vcl {
 	import ${vmod_ece};
 	backend b { .host="${bad_ip}"; }

-	sub vcl_init {
-		ece.delete_key({"
+	sub vcl_recv {
+		if (req.url == "/delete/none") {
+			ece.delete_key("no such key");
+		}
+		elsif (req.url == "/delete/null") {
+			ece.delete_key(req.http.No-Such-Header);
+		}
+		elsif (req.url == "/delete/toolong") {
+			ece.delete_key({"
 1234567890123456789012345678901234567890123456789012345678901234567890
 1234567890123456789012345678901234567890123456789012345678901234567890
 1234567890123456789012345678901234567890123456789012345678901234567890
 1234567890123456789012345678901234567890123456789012345678901234567890
 "});
-	}
-}
-
-varnish v1 -vcl {
-	import ${vmod_ece};
-	backend b { .host="${bad_ip}"; }
-
-	sub vcl_recv {
-		ece.delete_key(req.http.No-Such-Header);
+		}
 	}
 }

 logexpect l1 -v v1 -d 0 -g vxid -q "VCL_Error" {
+	expect 0 * Begin	req
+	expect * = VCL_Error	{^key "no such key" not found$}
+	expect * = End
+
 	expect 0 * Begin	req
 	expect * = VCL_Error	{^key id is NULL$}
 	expect * = End
+
+	expect 0 * Begin	req
+	expect * = VCL_Error	{(?s)^key id .+ too long \(length \d+ > 255\)$}
+	expect * = End
 } -start

 client c1 {
-	txreq
+	txreq -url /delete/none
+	rxresp
+	expect resp.status == 503
+	expect resp.reason == "VCL failed"
+} -run
+
+client c1 {
+	txreq -url /delete/null
+	rxresp
+	expect resp.status == 503
+	expect resp.reason == "VCL failed"
+} -run
+
+client c1 {
+	txreq -url /delete/toolong
 	rxresp
 	expect resp.status == 503
 	expect resp.reason == "VCL failed"

--- a/src/vmod_ece.c
+++ b/src/vmod_ece.c
@@ -114,8 +114,8 @@ vmod_delete_key(VRT_CTX, VCL_STRING id)
 	}
 	len = strlen(id);
 	if (len > 255) {
-		VRT_fail(ctx, "key id \"%s\" too long (length %zu > 255)", id,
-			 len);
+		VRT_fail(ctx, "key id \"%.80s...\" too long (length %zu > 255)",
+			 id, len);
 		return;
 	}

@@ -123,6 +123,27 @@ vmod_delete_key(VRT_CTX, VCL_STRING id)
 	(void)KEY_Delete(ctx, (uint8_t *)id, (uint8_t)len);
 }

+VCL_BOOL
+vmod_key_exists(VRT_CTX, VCL_STRING id)
+{
+	size_t len;
+
+	CHECK_OBJ_NOTNULL(ctx, VRT_CTX_MAGIC);
+
+	if (id == NULL) {
+		VRT_fail(ctx, "key id is NULL");
+		return (0);
+	}
+	len = strlen(id);
+	if (len > 255) {
+		VRT_fail(ctx, "key id \"%s\" too long (length %zu > 255)", id,
+			 len);
+		return (0);
+	}
+
+	return (KEY_Exists((uint8_t *)id, (uint8_t)len));
+}
+
 VCL_STRING
 vmod_libcrypto_version(VRT_CTX)
 {

--- a/src/vmod_ece.vcc
+++ b/src/vmod_ece.vcc
@@ -69,6 +69,12 @@ Remove the keying material identified by ``id``.

 XXX ...

+$Function BOOL key_exists(STRING id)
+
+Returns true iff the keying material identified by ``id`` has been added.
+
+XXX ...
+
 $Function STRING libcrypto_version()

 Return the libcrypto version string.