Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
L
libvmod-ece
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
uplex-varnish
libvmod-ece
Commits
16806d35
Commit
16806d35
authored
Sep 16, 2019
by
Geoff Simmons
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add delete_key().
parent
7d8800eb
Changes
5
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
96 additions
and
24 deletions
+96
-24
keys.c
src/keys.c
+16
-0
keys.h
src/keys.h
+1
-0
keys.vtc
src/tests/keys.vtc
+50
-22
vmod_ece.c
src/vmod_ece.c
+23
-2
vmod_ece.vcc
src/vmod_ece.vcc
+6
-0
No files found.
src/keys.c
View file @
16806d35
...
...
@@ -452,3 +452,19 @@ KEY_Delete(VRT_CTX, uint8_t *id, uint8_t idlen)
Lck_Unlock
(
&
page_mtx
);
return
(
0
);
}
VCL_BOOL
KEY_Exists
(
uint8_t
*
id
,
uint8_t
idlen
)
{
struct
key_tree
*
tree_h
;
VCL_BOOL
ret
;
AN
(
id
);
KEY_Rdlock
(
idlen
);
tree_h
=
&
key_tbl
[
idlen
].
tree
;
ret
=
(
key_find
(
tree_h
,
id
,
idlen
)
!=
NULL
);
KEY_Unlock
(
idlen
);
return
(
ret
);
}
src/keys.h
View file @
16806d35
...
...
@@ -40,3 +40,4 @@ uint8_t *KEY_Get(uint8_t *id, uint8_t idlen);
int
KEY_Set
(
VRT_CTX
,
uint8_t
*
id
,
uint8_t
idlen
,
const
uint8_t
*
key
);
void
KEY_Wipe
(
void
*
const
key
);
int
KEY_Delete
(
VRT_CTX
,
uint8_t
*
id
,
uint8_t
idlen
);
VCL_BOOL
KEY_Exists
(
uint8_t
*
id
,
uint8_t
idlen
);
src/tests/keys.vtc
View file @
16806d35
...
...
@@ -16,17 +16,33 @@ varnish v1 -vcl+backend {
encoded="paFlLDjHC3rnUp4hOmph+g=="));
}
sub vcl_recv {
set req.http.Exists-Before = ece.key_exists("delete me");
}
sub vcl_backend_response {
ece.delete_key("delete me");
set bereq.http.X-ECE-Key-ID = "delete me";
set beresp.filters = "ece_encrypt";
}
sub vcl_deliver {
set resp.http.Exists-Before = req.http.Exists-Before;
set resp.http.Exists-After = ece.key_exists("delete me");
if (ece.key_exists("no such key")) {
set resp.http.No-Such-Header = "doesn't get set";
}
}
} -start
client c1 {
txreq
rxresp
expect resp.status == 503
expect resp.reason == "Backend fetch failed"
expect resp.http.Exists-Before == "true"
expect resp.http.Exists-After == "false"
expect resp.http.No-Such-Header == <undef>
} -run
logexpect l1 -v v1 -d 1 -g vxid -q "FetchError" {
...
...
@@ -35,46 +51,58 @@ logexpect l1 -v v1 -d 1 -g vxid -q "FetchError" {
expect * = End
} -run
varnish v1 -errvcl {key "no such key" not found} {
import ${vmod_ece};
backend b { .host="${bad_ip}"; }
sub vcl_init {
ece.delete_key("no such key");
}
}
varnish v1 -errvcl {too long} {
varnish v1 -vcl {
import ${vmod_ece};
backend b { .host="${bad_ip}"; }
sub vcl_init {
ece.delete_key({"
sub vcl_recv {
if (req.url == "/delete/none") {
ece.delete_key("no such key");
}
elsif (req.url == "/delete/null") {
ece.delete_key(req.http.No-Such-Header);
}
elsif (req.url == "/delete/toolong") {
ece.delete_key({"
1234567890123456789012345678901234567890123456789012345678901234567890
1234567890123456789012345678901234567890123456789012345678901234567890
1234567890123456789012345678901234567890123456789012345678901234567890
1234567890123456789012345678901234567890123456789012345678901234567890
"});
}
}
varnish v1 -vcl {
import ${vmod_ece};
backend b { .host="${bad_ip}"; }
sub vcl_recv {
ece.delete_key(req.http.No-Such-Header);
}
}
}
logexpect l1 -v v1 -d 0 -g vxid -q "VCL_Error" {
expect 0 * Begin req
expect * = VCL_Error {^key "no such key" not found$}
expect * = End
expect 0 * Begin req
expect * = VCL_Error {^key id is NULL$}
expect * = End
expect 0 * Begin req
expect * = VCL_Error {(?s)^key id .+ too long \(length \d+ > 255\)$}
expect * = End
} -start
client c1 {
txreq
txreq -url /delete/none
rxresp
expect resp.status == 503
expect resp.reason == "VCL failed"
} -run
client c1 {
txreq -url /delete/null
rxresp
expect resp.status == 503
expect resp.reason == "VCL failed"
} -run
client c1 {
txreq -url /delete/toolong
rxresp
expect resp.status == 503
expect resp.reason == "VCL failed"
...
...
src/vmod_ece.c
View file @
16806d35
...
...
@@ -114,8 +114,8 @@ vmod_delete_key(VRT_CTX, VCL_STRING id)
}
len
=
strlen
(
id
);
if
(
len
>
255
)
{
VRT_fail
(
ctx
,
"key id
\"
%
s
\"
too long (length %zu > 255)"
,
id
,
len
);
VRT_fail
(
ctx
,
"key id
\"
%
.80s...
\"
too long (length %zu > 255)"
,
id
,
len
);
return
;
}
...
...
@@ -123,6 +123,27 @@ vmod_delete_key(VRT_CTX, VCL_STRING id)
(
void
)
KEY_Delete
(
ctx
,
(
uint8_t
*
)
id
,
(
uint8_t
)
len
);
}
VCL_BOOL
vmod_key_exists
(
VRT_CTX
,
VCL_STRING
id
)
{
size_t
len
;
CHECK_OBJ_NOTNULL
(
ctx
,
VRT_CTX_MAGIC
);
if
(
id
==
NULL
)
{
VRT_fail
(
ctx
,
"key id is NULL"
);
return
(
0
);
}
len
=
strlen
(
id
);
if
(
len
>
255
)
{
VRT_fail
(
ctx
,
"key id
\"
%s
\"
too long (length %zu > 255)"
,
id
,
len
);
return
(
0
);
}
return
(
KEY_Exists
((
uint8_t
*
)
id
,
(
uint8_t
)
len
));
}
VCL_STRING
vmod_libcrypto_version
(
VRT_CTX
)
{
...
...
src/vmod_ece.vcc
View file @
16806d35
...
...
@@ -69,6 +69,12 @@ Remove the keying material identified by ``id``.
XXX ...
$Function BOOL key_exists(STRING id)
Returns true iff the keying material identified by ``id`` has been added.
XXX ...
$Function STRING libcrypto_version()
Return the libcrypto version string.
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment