Add key_added(), and add & update times to struct key.

bc1075a1 · Geoff Simmons · bf138ece · bc1075a1 · bc1075a1 · bc1075a1
Commit bc1075a1 authored Sep 16, 2019 by Geoff Simmons
Hide whitespace changes
Inline Side-by-side

Showing with 108 additions and 1 deletion

keys.c src/keys.c +37 -1

keys.h src/keys.h +1 -0

keys.vtc src/tests/keys.vtc +53 -0

vmod_ece.c src/vmod_ece.c +11 -0

vmod_ece.vcc src/vmod_ece.vcc +6 -0

No files found.
--- a/src/keys.c
+++ b/src/keys.c
@@ -37,6 +37,7 @@
 #include <sys/mman.h>

 #include "cache/cache.h"
+#include "vtim.h"
 #include "verrno.h"

 /* XXX grr */
@@ -46,13 +47,14 @@
 #include "keys.h"
 #include "rfc8188.h"

-/* XXX add VCL_TIME fields for time added and updated */
 struct key {
 	unsigned	magic;
 #define KEY_MAGIC 0xb4f7d1eb
 	VRBT_ENTRY(key)	entry;
 	uint8_t		*key;
 	uint8_t		*id;
+	vtim_real	added;
+	vtim_real	updated;
 	uint8_t		idlen;
 };

@@ -330,6 +332,8 @@ key_find(struct key_tree *tree_h, uint8_t *id, uint8_t idlen)
 	if (key != NULL) {
 		AN(key->key);
 		AN(key->id);
+		AN(key->added);
+		AN(key->updated);
 		assert(key->idlen == idlen);
 		AZ(memcmp(key->id, id, idlen));
 	}
@@ -350,6 +354,8 @@ KEY_Get(uint8_t *id, uint8_t idlen)
 	CHECK_OBJ(key, KEY_MAGIC);
 	AN(key->key);
 	AN(key->id);
+	AN(key->added);
+	AN(key->updated);
 	assert(key->idlen == idlen);
 	AZ(memcmp(key->id, id, idlen));
 	return (key->key);
@@ -399,6 +405,7 @@ key_insert(VRT_CTX, uint8_t *id, uint8_t idlen, const uint8_t *key,
 	memcpy(k->key, key, AES128_KEYLEN);
 	memcpy(k->id, id, idlen);
 	k->idlen = idlen;
+	k->added = k->updated = ctx->now;
 	AZ(VRBT_INSERT(key_tree, tree_h, k));
 	return (k);
 }
@@ -431,6 +438,8 @@ KEY_Add(VRT_CTX, uint8_t *id, uint8_t idlen, const uint8_t *key)
 	CHECK_OBJ(k, KEY_MAGIC);
 	AN(k->key);
 	AN(k->id);
+	AN(k->added);
+	AN(k->updated);
 	AZ(memcmp(k->key, key, AES128_KEYLEN));
 	assert(k->idlen == idlen);
 	AZ(memcmp(k->id, id, idlen));
@@ -461,8 +470,10 @@ KEY_Set(VRT_CTX, uint8_t *id, uint8_t idlen, const uint8_t *key)
 	CHECK_OBJ(k, KEY_MAGIC);
 	AN(k->key);
 	memcpy(k->key, key, AES128_KEYLEN);
+	k->updated = ctx->now;
 	KEY_Unlock(idlen);

+	AN(k->added);
 	AN(k->id);
 	assert(k->idlen == idlen);
 	AZ(memcmp(k->id, id, idlen));
@@ -491,8 +502,10 @@ KEY_Update(VRT_CTX, uint8_t *id, uint8_t idlen, const uint8_t *key)
 	CHECK_OBJ(k, KEY_MAGIC);
 	AN(k->key);
 	memcpy(k->key, key, AES128_KEYLEN);
+	k->updated = ctx->now;
 	KEY_Unlock(idlen);

+	AN(k->added);
 	AN(k->id);
 	assert(k->idlen == idlen);
 	AZ(memcmp(k->id, id, idlen));
@@ -554,3 +567,26 @@ KEY_Exists(uint8_t *id, uint8_t idlen)

 	return (ret);
 }
+
+VCL_TIME
+KEY_Added(VRT_CTX, uint8_t *id, uint8_t idlen)
+{
+	struct key_tree *tree_h;
+	struct key *k;
+	VCL_TIME ret;
+
+	CHECK_OBJ_NOTNULL(ctx, VRT_CTX_MAGIC);
+	AN(id);
+
+	KEY_Rdlock(idlen);
+	tree_h = &key_tbl[idlen].tree;
+	if ((k = key_find(tree_h, id, idlen)) == NULL) {
+		KEY_Unlock(idlen);
+		VRT_fail(ctx, "key \"%.*s\" not found", idlen, id);
+		return (0);
+	}
+	ret = k->added;
+	KEY_Unlock(idlen);
+
+	return (ret);
+}
--- a/src/keys.h
+++ b/src/keys.h
@@ -43,3 +43,4 @@ int KEY_Set(VRT_CTX, uint8_t *id, uint8_t idlen, const uint8_t *key);
 void KEY_Wipe(void * const key);
 int KEY_Delete(VRT_CTX, uint8_t *id, uint8_t idlen);
 VCL_BOOL KEY_Exists(uint8_t *id, uint8_t idlen);
+VCL_TIME KEY_Added(VRT_CTX, uint8_t *id, uint8_t idlen);
--- a/src/tests/keys.vtc
+++ b/src/tests/keys.vtc
@@ -77,6 +77,9 @@ varnish v1 -vcl+backend {
 			ece.add_key("", blob.decode(BASE64,
 					encoded="7l7lrhy91XNHfVW1SwhSBA=="));
 		}
+		if (req.url == "/added") {
+			set req.http.No-Time = ece.key_added("no such key");
+		}
 	}

 	sub vcl_backend_response {
@@ -85,6 +88,8 @@ varnish v1 -vcl+backend {

 	sub vcl_deliver {
 		set resp.http.Exists-Before = req.http.Exists-Before;
+		set resp.http.Added = ece.key_added("");
+		set resp.http.Delta-Added = now - ece.key_added("");
 	}
 }

@@ -92,6 +97,10 @@ logexpect l1 -v v1 -d 0 -g vxid -q "VCL_Error" {
 	expect 0 * Begin	req
 	expect * = VCL_Error	{^key "" already exists$}
 	expect * = End
+
+	expect 0 * Begin	req
+	expect * = VCL_Error	{^key "no such key" not found$}
+	expect * = End
 } -start

 client c1 {
@@ -101,6 +110,9 @@ client c1 {
 	expect resp.bodylen == 15
 	expect resp.body == "I am the walrus"
 	expect resp.http.Exists-Before == "true"
+	expect resp.http.Added ~ "GMT$"
+	expect resp.http.Delta-Added >= 0
+	expect resp.http.Delta-Added < 1

 	txreq -url /add
 	rxresp
@@ -108,6 +120,13 @@ client c1 {
 	expect resp.reason == "VCL failed"
 } -run

+client c1 {
+	txreq -url /added
+	rxresp
+	expect resp.status == 503
+	expect resp.reason == "VCL failed"
+} -run
+
 logexpect l1 -wait

 server s1 -wait
@@ -258,6 +277,18 @@ varnish v1 -vcl {
 				blob.decode(BASE64,
 				    encoded="75cIt3LwTqbq66pKSmp2fA=="));
 		}
+		elsif (req.url == "/added/nullid") {
+			unset req.http.No-Such-Header;
+			set req.http.T = ece.key_added(req.http.No-Such-Header);
+		}
+		elsif (req.url == "/added/toolong") {
+			set req.http.T = ece.key_added({"
+1234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890
+"});
+		}
 	}
 }

@@ -329,6 +360,14 @@ logexpect l1 -v v1 -d 0 -g vxid -q "VCL_Error" {
 	expect 0 * Begin	req
 	expect * = VCL_Error	{(?s)^key id .+ too long \(length \d+ > 255\)$}
 	expect * = End
+
+	expect 0 * Begin	req
+	expect * = VCL_Error	{^key id is NULL$}
+	expect * = End
+
+	expect 0 * Begin	req
+	expect * = VCL_Error	{(?s)^key id .+ too long \(length \d+ > 255\)$}
+	expect * = End
 } -start

 client c1 {
@@ -450,4 +489,18 @@ client c1 {
 	expect resp.reason == "VCL failed"
 } -run

+client c1 {
+	txreq -url /added/nullid
+	rxresp
+	expect resp.status == 503
+	expect resp.reason == "VCL failed"
+} -run
+
+client c1 {
+	txreq -url /added/toolong
+	rxresp
+	expect resp.status == 503
+	expect resp.reason == "VCL failed"
+} -run
+
 logexpect l1 -wait
--- a/src/vmod_ece.c
+++ b/src/vmod_ece.c
@@ -165,6 +165,17 @@ vmod_key_exists(VRT_CTX, VCL_STRING id)
 	return (KEY_Exists((uint8_t *)id, (uint8_t)len));
 }

+VCL_TIME
+vmod_key_added(VRT_CTX, VCL_STRING id)
+{
+	size_t len;
+
+	CHECK_OBJ_NOTNULL(ctx, VRT_CTX_MAGIC);
+	CHECK_ID(ctx, id, len, 0);
+
+	return (KEY_Added(ctx, (uint8_t *)id, (uint8_t)len));
+}
+
 VCL_STRING
 vmod_libcrypto_version(VRT_CTX)
 {

--- a/src/vmod_ece.vcc
+++ b/src/vmod_ece.vcc
@@ -90,6 +90,12 @@ Returns true iff the keying material identified by ``id`` has been added.

 XXX ...

+$Function TIME key_added(STRING id)
+
+Returns time at which the keying material identified by ``id`` was added.
+
+XXX ...
+
 $Function STRING libcrypto_version()

 Return the libcrypto version string.