Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
L
libvmod-ece
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
uplex-varnish
libvmod-ece
Commits
3f407ff8
Commit
3f407ff8
authored
Sep 16, 2019
by
Geoff Simmons
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add key_updated().
parent
bc1075a1
Changes
5
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
113 additions
and
5 deletions
+113
-5
keys.c
src/keys.c
+23
-3
keys.h
src/keys.h
+1
-0
keys.vtc
src/tests/keys.vtc
+69
-1
vmod_ece.c
src/vmod_ece.c
+11
-0
vmod_ece.vcc
src/vmod_ece.vcc
+9
-1
No files found.
src/keys.c
View file @
3f407ff8
...
...
@@ -568,8 +568,13 @@ KEY_Exists(uint8_t *id, uint8_t idlen)
return
(
ret
);
}
VCL_TIME
KEY_Added
(
VRT_CTX
,
uint8_t
*
id
,
uint8_t
idlen
)
enum
time
{
ADDED
=
0
,
UPDATED
,
};
static
VCL_TIME
key_time
(
VRT_CTX
,
uint8_t
*
id
,
uint8_t
idlen
,
enum
time
t
)
{
struct
key_tree
*
tree_h
;
struct
key
*
k
;
...
...
@@ -585,8 +590,23 @@ KEY_Added(VRT_CTX, uint8_t *id, uint8_t idlen)
VRT_fail
(
ctx
,
"key
\"
%.*s
\"
not found"
,
idlen
,
id
);
return
(
0
);
}
ret
=
k
->
added
;
if
(
t
==
ADDED
)
ret
=
k
->
added
;
else
ret
=
k
->
updated
;
KEY_Unlock
(
idlen
);
return
(
ret
);
}
VCL_TIME
KEY_Added
(
VRT_CTX
,
uint8_t
*
id
,
uint8_t
idlen
)
{
return
(
key_time
(
ctx
,
id
,
idlen
,
ADDED
));
}
VCL_TIME
KEY_Updated
(
VRT_CTX
,
uint8_t
*
id
,
uint8_t
idlen
)
{
return
(
key_time
(
ctx
,
id
,
idlen
,
UPDATED
));
}
src/keys.h
View file @
3f407ff8
...
...
@@ -44,3 +44,4 @@ void KEY_Wipe(void * const key);
int
KEY_Delete
(
VRT_CTX
,
uint8_t
*
id
,
uint8_t
idlen
);
VCL_BOOL
KEY_Exists
(
uint8_t
*
id
,
uint8_t
idlen
);
VCL_TIME
KEY_Added
(
VRT_CTX
,
uint8_t
*
id
,
uint8_t
idlen
);
VCL_TIME
KEY_Updated
(
VRT_CTX
,
uint8_t
*
id
,
uint8_t
idlen
);
src/tests/keys.vtc
View file @
3f407ff8
...
...
@@ -84,12 +84,19 @@ varnish v1 -vcl+backend {
sub vcl_backend_response {
set beresp.filters = "ece_decrypt";
set beresp.uncacheable = true;
}
sub vcl_deliver {
set resp.http.Exists-Before = req.http.Exists-Before;
set resp.http.Added = ece.key_added("");
set resp.http.Delta-Added = now - ece.key_added("");
if (ece.key_added("") != ece.key_updated("")) {
# The key was never updated, so these should be the
# same
return (fail);
}
set resp.http.Updated = ece.key_updated("");
}
}
...
...
@@ -113,6 +120,7 @@ client c1 {
expect resp.http.Added ~ "GMT$"
expect resp.http.Delta-Added >= 0
expect resp.http.Delta-Added < 1
expect resp.http.Updated == resp.http.Added
txreq -url /add
rxresp
...
...
@@ -147,6 +155,9 @@ varnish v1 -vcl+backend {
ece.update_key("foo", blob.decode(BASE64,
encoded="oAAt/UDfkbY8F26rypiFtQ=="));
}
if (req.url == "/updated") {
set req.http.U = ece.key_updated("foo");
}
}
sub vcl_backend_response {
...
...
@@ -154,6 +165,17 @@ varnish v1 -vcl+backend {
ece.update_key("", blob.decode(BASE64URLNOPAD,
encoded="yqdlZ-tYemfogSmv7Ws5PQ"));
set beresp.filters = "ece_decrypt";
set beresp.uncacheable = true;
}
sub vcl_deliver {
set resp.http.Updated = ece.key_updated("");
if (ece.key_updated("") <= ece.key_added("")) {
# Update should be timestamped after add.
return (fail);
}
set resp.http.Delta-Updated =
ece.key_updated("") - ece.key_added("");
}
}
...
...
@@ -161,6 +183,10 @@ logexpect l1 -v v1 -d 0 -g vxid -q "VCL_Error" {
expect 0 * Begin req
expect * = VCL_Error {^key "foo" does not exist$}
expect * = End
expect 0 * Begin req
expect * = VCL_Error {^key "foo" not found$}
expect * = End
} -start
client c1 {
...
...
@@ -169,6 +195,9 @@ client c1 {
expect resp.status == 200
expect resp.bodylen == 15
expect resp.body == "I am the walrus"
expect resp.http.Updated ~ "GMT$"
expect resp.http.Delta-Updated >= 0
expect resp.http.Delta-Updated < 1
txreq -url /update
rxresp
...
...
@@ -176,6 +205,13 @@ client c1 {
expect resp.reason == "VCL failed"
} -run
client c1 {
txreq -url /updated
rxresp
expect resp.status == 503
expect resp.reason == "VCL failed"
} -run
logexpect l1 -wait
varnish v1 -vcl {
...
...
@@ -278,7 +314,6 @@ varnish v1 -vcl {
encoded="75cIt3LwTqbq66pKSmp2fA=="));
}
elsif (req.url == "/added/nullid") {
unset req.http.No-Such-Header;
set req.http.T = ece.key_added(req.http.No-Such-Header);
}
elsif (req.url == "/added/toolong") {
...
...
@@ -287,6 +322,17 @@ varnish v1 -vcl {
1234567890123456789012345678901234567890123456789012345678901234567890
1234567890123456789012345678901234567890123456789012345678901234567890
1234567890123456789012345678901234567890123456789012345678901234567890
"});
}
elsif (req.url == "/updated/nullid") {
set req.http.U = ece.key_updated(req.http.No-Such-Header);
}
elsif (req.url == "/updated/toolong") {
set req.http.U = ece.key_updated({"
1234567890123456789012345678901234567890123456789012345678901234567890
1234567890123456789012345678901234567890123456789012345678901234567890
1234567890123456789012345678901234567890123456789012345678901234567890
1234567890123456789012345678901234567890123456789012345678901234567890
"});
}
}
...
...
@@ -368,6 +414,14 @@ logexpect l1 -v v1 -d 0 -g vxid -q "VCL_Error" {
expect 0 * Begin req
expect * = VCL_Error {(?s)^key id .+ too long \(length \d+ > 255\)$}
expect * = End
expect 0 * Begin req
expect * = VCL_Error {^key id is NULL$}
expect * = End
expect 0 * Begin req
expect * = VCL_Error {(?s)^key id .+ too long \(length \d+ > 255\)$}
expect * = End
} -start
client c1 {
...
...
@@ -503,4 +557,18 @@ client c1 {
expect resp.reason == "VCL failed"
} -run
client c1 {
txreq -url /updated/nullid
rxresp
expect resp.status == 503
expect resp.reason == "VCL failed"
} -run
client c1 {
txreq -url /updated/toolong
rxresp
expect resp.status == 503
expect resp.reason == "VCL failed"
} -run
logexpect l1 -wait
src/vmod_ece.c
View file @
3f407ff8
...
...
@@ -176,6 +176,17 @@ vmod_key_added(VRT_CTX, VCL_STRING id)
return
(
KEY_Added
(
ctx
,
(
uint8_t
*
)
id
,
(
uint8_t
)
len
));
}
VCL_TIME
vmod_key_updated
(
VRT_CTX
,
VCL_STRING
id
)
{
size_t
len
;
CHECK_OBJ_NOTNULL
(
ctx
,
VRT_CTX_MAGIC
);
CHECK_ID
(
ctx
,
id
,
len
,
0
);
return
(
KEY_Updated
(
ctx
,
(
uint8_t
*
)
id
,
(
uint8_t
)
len
));
}
VCL_STRING
vmod_libcrypto_version
(
VRT_CTX
)
{
...
...
src/vmod_ece.vcc
View file @
3f407ff8
...
...
@@ -92,7 +92,15 @@ XXX ...
$Function TIME key_added(STRING id)
Returns time at which the keying material identified by ``id`` was added.
Returns the time at which the keying material identified by ``id`` was
added.
XXX ...
$Function TIME key_updated(STRING id)
Returns the time at which the keying material identified by ``id`` was
last updated.
XXX ...
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment