Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
L
libvmod-ece
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
uplex-varnish
libvmod-ece
Commits
2cc4dc7e
Commit
2cc4dc7e
authored
Sep 16, 2019
by
Geoff Simmons
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add update_key().
parent
e319b598
Changes
5
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
169 additions
and
1 deletion
+169
-1
keys.c
src/keys.c
+30
-0
keys.h
src/keys.h
+1
-0
keys.vtc
src/tests/keys.vtc
+115
-0
vmod_ece.c
src/vmod_ece.c
+14
-0
vmod_ece.vcc
src/vmod_ece.vcc
+9
-1
No files found.
src/keys.c
View file @
2cc4dc7e
...
...
@@ -464,6 +464,36 @@ KEY_Set(VRT_CTX, uint8_t *id, uint8_t idlen, const uint8_t *key)
return
(
0
);
}
int
KEY_Update
(
VRT_CTX
,
uint8_t
*
id
,
uint8_t
idlen
,
const
uint8_t
*
key
)
{
struct
key_tree
*
tree_h
;
struct
key
*
k
;
CHECK_OBJ_NOTNULL
(
ctx
,
VRT_CTX_MAGIC
);
AN
(
id
);
AN
(
key
);
key_wrlock
(
idlen
);
tree_h
=
&
key_tbl
[
idlen
].
tree
;
k
=
key_find
(
tree_h
,
id
,
idlen
);
if
(
k
==
NULL
)
{
KEY_Unlock
(
idlen
);
VRT_fail
(
ctx
,
"key
\"
%.*s
\"
does not exist"
,
idlen
,
id
);
return
(
-
1
);
}
CHECK_OBJ
(
k
,
KEY_MAGIC
);
AN
(
k
->
key
);
memcpy
(
k
->
key
,
key
,
AES128_KEYLEN
);
KEY_Unlock
(
idlen
);
AN
(
k
->
id
);
assert
(
k
->
idlen
==
idlen
);
AZ
(
memcmp
(
k
->
id
,
id
,
idlen
));
return
(
0
);
}
int
KEY_Delete
(
VRT_CTX
,
uint8_t
*
id
,
uint8_t
idlen
)
{
...
...
src/keys.h
View file @
2cc4dc7e
...
...
@@ -38,6 +38,7 @@ void KEY_Rdlock(uint8_t idlen);
void
KEY_Unlock
(
uint8_t
idlen
);
uint8_t
*
KEY_Get
(
uint8_t
*
id
,
uint8_t
idlen
);
int
KEY_Add
(
VRT_CTX
,
uint8_t
*
id
,
uint8_t
idlen
,
const
uint8_t
*
key
);
int
KEY_Update
(
VRT_CTX
,
uint8_t
*
id
,
uint8_t
idlen
,
const
uint8_t
*
key
);
int
KEY_Set
(
VRT_CTX
,
uint8_t
*
id
,
uint8_t
idlen
,
const
uint8_t
*
key
);
void
KEY_Wipe
(
void
*
const
key
);
int
KEY_Delete
(
VRT_CTX
,
uint8_t
*
id
,
uint8_t
idlen
);
...
...
src/tests/keys.vtc
View file @
2cc4dc7e
...
...
@@ -110,6 +110,55 @@ client c1 {
logexpect l1 -wait
server s1 -wait
server s1 -start
varnish v1 -vcl+backend {
import ${vmod_ece};
import blob;
sub vcl_init {
# This key will fail the decrypt.
ece.set_key("", blob.decode(BASE64,
encoded="X9yH1URj1a6C7qp1OqjMjQ=="));
}
sub vcl_recv {
if (req.url == "/update") {
ece.update_key("foo", blob.decode(BASE64,
encoded="oAAt/UDfkbY8F26rypiFtQ=="));
}
}
sub vcl_backend_response {
# This is the right key for the decryption.
ece.update_key("", blob.decode(BASE64URLNOPAD,
encoded="yqdlZ-tYemfogSmv7Ws5PQ"));
set beresp.filters = "ece_decrypt";
}
}
logexpect l1 -v v1 -d 0 -g vxid -q "VCL_Error" {
expect 0 * Begin req
expect * = VCL_Error {^key "foo" does not exist$}
expect * = End
} -start
client c1 {
txreq
rxresp
expect resp.status == 200
expect resp.bodylen == 15
expect resp.body == "I am the walrus"
txreq -url /update
rxresp
expect resp.status == 503
expect resp.reason == "VCL failed"
} -run
logexpect l1 -wait
varnish v1 -vcl {
import ${vmod_ece};
import blob;
...
...
@@ -183,6 +232,28 @@ varnish v1 -vcl {
1234567890123456789012345678901234567890123456789012345678901234567890
1234567890123456789012345678901234567890123456789012345678901234567890
1234567890123456789012345678901234567890123456789012345678901234567890
"},
blob.decode(BASE64,
encoded="75cIt3LwTqbq66pKSmp2fA=="));
}
elsif (req.url == "/update/nullblob") {
ece.update_key("key", blob.decode(HEX,
encoded="bad blob"));
}
elsif (req.url == "/update/nullid") {
ece.update_key(req.http.No-Such-Header, blob.decode(HEX,
encoded="f00"));
}
elsif (req.url == "/update/shortkey") {
ece.update_key("key", blob.decode(HEX,
encoded="f00"));
}
elsif (req.url == "/update/toolong") {
ece.update_key({"
1234567890123456789012345678901234567890123456789012345678901234567890
1234567890123456789012345678901234567890123456789012345678901234567890
1234567890123456789012345678901234567890123456789012345678901234567890
1234567890123456789012345678901234567890123456789012345678901234567890
"},
blob.decode(BASE64,
encoded="75cIt3LwTqbq66pKSmp2fA=="));
...
...
@@ -242,6 +313,22 @@ logexpect l1 -v v1 -d 0 -g vxid -q "VCL_Error" {
expect 0 * Begin req
expect * = VCL_Error {(?s)^key id .+ too long \(length \d+ > 255\)$}
expect * = End
expect 0 * Begin req
expect * = VCL_Error {^vmod blob error}
expect * = End
expect 0 * Begin req
expect * = VCL_Error {^key id is NULL$}
expect * = End
expect 0 * Begin req
expect * = VCL_Error {^illegal key length \d+ \(must be 16\)$}
expect * = End
expect 0 * Begin req
expect * = VCL_Error {(?s)^key id .+ too long \(length \d+ > 255\)$}
expect * = End
} -start
client c1 {
...
...
@@ -335,4 +422,32 @@ client c1 {
expect resp.reason == "VCL failed"
} -run
client c1 {
txreq -url /update/nullblob
rxresp
expect resp.status == 503
expect resp.reason == "VCL failed"
} -run
client c1 {
txreq -url /update/nullid
rxresp
expect resp.status == 503
expect resp.reason == "VCL failed"
} -run
client c1 {
txreq -url /update/shortkey
rxresp
expect resp.status == 503
expect resp.reason == "VCL failed"
} -run
client c1 {
txreq -url /update/toolong
rxresp
expect resp.status == 503
expect resp.reason == "VCL failed"
} -run
logexpect l1 -wait
src/vmod_ece.c
View file @
2cc4dc7e
...
...
@@ -115,6 +115,20 @@ vmod_add_key(VRT_CTX, VCL_STRING id, VCL_BLOB key)
(
void
)
KEY_Add
(
ctx
,
(
uint8_t
*
)
id
,
(
uint8_t
)
len
,
key
->
blob
);
}
VCL_VOID
vmod_update_key
(
VRT_CTX
,
VCL_STRING
id
,
VCL_BLOB
key
)
{
size_t
len
;
CHECK_OBJ_NOTNULL
(
ctx
,
VRT_CTX_MAGIC
);
CHECK_ID
(
ctx
,
id
,
len
,);
CHECK_KEY
(
ctx
,
key
);
/* KEY_Update calls VRT_fail() on error. */
(
void
)
KEY_Update
(
ctx
,
(
uint8_t
*
)
id
,
(
uint8_t
)
len
,
key
->
blob
);
}
VCL_VOID
vmod_set_key
(
VRT_CTX
,
VCL_STRING
id
,
VCL_BLOB
key
)
{
...
...
src/vmod_ece.vcc
View file @
2cc4dc7e
...
...
@@ -63,10 +63,18 @@ blob ``key``, provided that ``id`` does not already exist.
XXX ...
$Function VOID update_key(STRING id, BLOB key)
Change the keying material identified by ``id`` to the contents of the
blob ``key``, provided that ``id`` already exists.
XXX ...
$Function VOID set_key(STRING id, BLOB key)
Set the keying material identified by ``id`` to the contents of the
blob ``key``.
blob ``key``. This is the "add-or-update" operation; key ``id`` is
added if it does not already exist, and modified if it already exists.
XXX ...
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment