Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
L
libvmod-ece
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
uplex-varnish
libvmod-ece
Commits
bc1075a1
Commit
bc1075a1
authored
Sep 16, 2019
by
Geoff Simmons
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add key_added(), and add & update times to struct key.
parent
bf138ece
Changes
5
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
108 additions
and
1 deletion
+108
-1
keys.c
src/keys.c
+37
-1
keys.h
src/keys.h
+1
-0
keys.vtc
src/tests/keys.vtc
+53
-0
vmod_ece.c
src/vmod_ece.c
+11
-0
vmod_ece.vcc
src/vmod_ece.vcc
+6
-0
No files found.
src/keys.c
View file @
bc1075a1
...
...
@@ -37,6 +37,7 @@
#include <sys/mman.h>
#include "cache/cache.h"
#include "vtim.h"
#include "verrno.h"
/* XXX grr */
...
...
@@ -46,13 +47,14 @@
#include "keys.h"
#include "rfc8188.h"
/* XXX add VCL_TIME fields for time added and updated */
struct
key
{
unsigned
magic
;
#define KEY_MAGIC 0xb4f7d1eb
VRBT_ENTRY
(
key
)
entry
;
uint8_t
*
key
;
uint8_t
*
id
;
vtim_real
added
;
vtim_real
updated
;
uint8_t
idlen
;
};
...
...
@@ -330,6 +332,8 @@ key_find(struct key_tree *tree_h, uint8_t *id, uint8_t idlen)
if
(
key
!=
NULL
)
{
AN
(
key
->
key
);
AN
(
key
->
id
);
AN
(
key
->
added
);
AN
(
key
->
updated
);
assert
(
key
->
idlen
==
idlen
);
AZ
(
memcmp
(
key
->
id
,
id
,
idlen
));
}
...
...
@@ -350,6 +354,8 @@ KEY_Get(uint8_t *id, uint8_t idlen)
CHECK_OBJ
(
key
,
KEY_MAGIC
);
AN
(
key
->
key
);
AN
(
key
->
id
);
AN
(
key
->
added
);
AN
(
key
->
updated
);
assert
(
key
->
idlen
==
idlen
);
AZ
(
memcmp
(
key
->
id
,
id
,
idlen
));
return
(
key
->
key
);
...
...
@@ -399,6 +405,7 @@ key_insert(VRT_CTX, uint8_t *id, uint8_t idlen, const uint8_t *key,
memcpy
(
k
->
key
,
key
,
AES128_KEYLEN
);
memcpy
(
k
->
id
,
id
,
idlen
);
k
->
idlen
=
idlen
;
k
->
added
=
k
->
updated
=
ctx
->
now
;
AZ
(
VRBT_INSERT
(
key_tree
,
tree_h
,
k
));
return
(
k
);
}
...
...
@@ -431,6 +438,8 @@ KEY_Add(VRT_CTX, uint8_t *id, uint8_t idlen, const uint8_t *key)
CHECK_OBJ
(
k
,
KEY_MAGIC
);
AN
(
k
->
key
);
AN
(
k
->
id
);
AN
(
k
->
added
);
AN
(
k
->
updated
);
AZ
(
memcmp
(
k
->
key
,
key
,
AES128_KEYLEN
));
assert
(
k
->
idlen
==
idlen
);
AZ
(
memcmp
(
k
->
id
,
id
,
idlen
));
...
...
@@ -461,8 +470,10 @@ KEY_Set(VRT_CTX, uint8_t *id, uint8_t idlen, const uint8_t *key)
CHECK_OBJ
(
k
,
KEY_MAGIC
);
AN
(
k
->
key
);
memcpy
(
k
->
key
,
key
,
AES128_KEYLEN
);
k
->
updated
=
ctx
->
now
;
KEY_Unlock
(
idlen
);
AN
(
k
->
added
);
AN
(
k
->
id
);
assert
(
k
->
idlen
==
idlen
);
AZ
(
memcmp
(
k
->
id
,
id
,
idlen
));
...
...
@@ -491,8 +502,10 @@ KEY_Update(VRT_CTX, uint8_t *id, uint8_t idlen, const uint8_t *key)
CHECK_OBJ
(
k
,
KEY_MAGIC
);
AN
(
k
->
key
);
memcpy
(
k
->
key
,
key
,
AES128_KEYLEN
);
k
->
updated
=
ctx
->
now
;
KEY_Unlock
(
idlen
);
AN
(
k
->
added
);
AN
(
k
->
id
);
assert
(
k
->
idlen
==
idlen
);
AZ
(
memcmp
(
k
->
id
,
id
,
idlen
));
...
...
@@ -554,3 +567,26 @@ KEY_Exists(uint8_t *id, uint8_t idlen)
return
(
ret
);
}
VCL_TIME
KEY_Added
(
VRT_CTX
,
uint8_t
*
id
,
uint8_t
idlen
)
{
struct
key_tree
*
tree_h
;
struct
key
*
k
;
VCL_TIME
ret
;
CHECK_OBJ_NOTNULL
(
ctx
,
VRT_CTX_MAGIC
);
AN
(
id
);
KEY_Rdlock
(
idlen
);
tree_h
=
&
key_tbl
[
idlen
].
tree
;
if
((
k
=
key_find
(
tree_h
,
id
,
idlen
))
==
NULL
)
{
KEY_Unlock
(
idlen
);
VRT_fail
(
ctx
,
"key
\"
%.*s
\"
not found"
,
idlen
,
id
);
return
(
0
);
}
ret
=
k
->
added
;
KEY_Unlock
(
idlen
);
return
(
ret
);
}
src/keys.h
View file @
bc1075a1
...
...
@@ -43,3 +43,4 @@ int KEY_Set(VRT_CTX, uint8_t *id, uint8_t idlen, const uint8_t *key);
void
KEY_Wipe
(
void
*
const
key
);
int
KEY_Delete
(
VRT_CTX
,
uint8_t
*
id
,
uint8_t
idlen
);
VCL_BOOL
KEY_Exists
(
uint8_t
*
id
,
uint8_t
idlen
);
VCL_TIME
KEY_Added
(
VRT_CTX
,
uint8_t
*
id
,
uint8_t
idlen
);
src/tests/keys.vtc
View file @
bc1075a1
...
...
@@ -77,6 +77,9 @@ varnish v1 -vcl+backend {
ece.add_key("", blob.decode(BASE64,
encoded="7l7lrhy91XNHfVW1SwhSBA=="));
}
if (req.url == "/added") {
set req.http.No-Time = ece.key_added("no such key");
}
}
sub vcl_backend_response {
...
...
@@ -85,6 +88,8 @@ varnish v1 -vcl+backend {
sub vcl_deliver {
set resp.http.Exists-Before = req.http.Exists-Before;
set resp.http.Added = ece.key_added("");
set resp.http.Delta-Added = now - ece.key_added("");
}
}
...
...
@@ -92,6 +97,10 @@ logexpect l1 -v v1 -d 0 -g vxid -q "VCL_Error" {
expect 0 * Begin req
expect * = VCL_Error {^key "" already exists$}
expect * = End
expect 0 * Begin req
expect * = VCL_Error {^key "no such key" not found$}
expect * = End
} -start
client c1 {
...
...
@@ -101,6 +110,9 @@ client c1 {
expect resp.bodylen == 15
expect resp.body == "I am the walrus"
expect resp.http.Exists-Before == "true"
expect resp.http.Added ~ "GMT$"
expect resp.http.Delta-Added >= 0
expect resp.http.Delta-Added < 1
txreq -url /add
rxresp
...
...
@@ -108,6 +120,13 @@ client c1 {
expect resp.reason == "VCL failed"
} -run
client c1 {
txreq -url /added
rxresp
expect resp.status == 503
expect resp.reason == "VCL failed"
} -run
logexpect l1 -wait
server s1 -wait
...
...
@@ -258,6 +277,18 @@ varnish v1 -vcl {
blob.decode(BASE64,
encoded="75cIt3LwTqbq66pKSmp2fA=="));
}
elsif (req.url == "/added/nullid") {
unset req.http.No-Such-Header;
set req.http.T = ece.key_added(req.http.No-Such-Header);
}
elsif (req.url == "/added/toolong") {
set req.http.T = ece.key_added({"
1234567890123456789012345678901234567890123456789012345678901234567890
1234567890123456789012345678901234567890123456789012345678901234567890
1234567890123456789012345678901234567890123456789012345678901234567890
1234567890123456789012345678901234567890123456789012345678901234567890
"});
}
}
}
...
...
@@ -329,6 +360,14 @@ logexpect l1 -v v1 -d 0 -g vxid -q "VCL_Error" {
expect 0 * Begin req
expect * = VCL_Error {(?s)^key id .+ too long \(length \d+ > 255\)$}
expect * = End
expect 0 * Begin req
expect * = VCL_Error {^key id is NULL$}
expect * = End
expect 0 * Begin req
expect * = VCL_Error {(?s)^key id .+ too long \(length \d+ > 255\)$}
expect * = End
} -start
client c1 {
...
...
@@ -450,4 +489,18 @@ client c1 {
expect resp.reason == "VCL failed"
} -run
client c1 {
txreq -url /added/nullid
rxresp
expect resp.status == 503
expect resp.reason == "VCL failed"
} -run
client c1 {
txreq -url /added/toolong
rxresp
expect resp.status == 503
expect resp.reason == "VCL failed"
} -run
logexpect l1 -wait
src/vmod_ece.c
View file @
bc1075a1
...
...
@@ -165,6 +165,17 @@ vmod_key_exists(VRT_CTX, VCL_STRING id)
return
(
KEY_Exists
((
uint8_t
*
)
id
,
(
uint8_t
)
len
));
}
VCL_TIME
vmod_key_added
(
VRT_CTX
,
VCL_STRING
id
)
{
size_t
len
;
CHECK_OBJ_NOTNULL
(
ctx
,
VRT_CTX_MAGIC
);
CHECK_ID
(
ctx
,
id
,
len
,
0
);
return
(
KEY_Added
(
ctx
,
(
uint8_t
*
)
id
,
(
uint8_t
)
len
));
}
VCL_STRING
vmod_libcrypto_version
(
VRT_CTX
)
{
...
...
src/vmod_ece.vcc
View file @
bc1075a1
...
...
@@ -90,6 +90,12 @@ Returns true iff the keying material identified by ``id`` has been added.
XXX ...
$Function TIME key_added(STRING id)
Returns time at which the keying material identified by ``id`` was added.
XXX ...
$Function STRING libcrypto_version()
Return the libcrypto version string.
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment