Commit bc1075a1 authored by Geoff Simmons's avatar Geoff Simmons

Add key_added(), and add & update times to struct key.

parent bf138ece
......@@ -37,6 +37,7 @@
#include <sys/mman.h>
#include "cache/cache.h"
#include "vtim.h"
#include "verrno.h"
/* XXX grr */
......@@ -46,13 +47,14 @@
#include "keys.h"
#include "rfc8188.h"
/* XXX add VCL_TIME fields for time added and updated */
struct key {
unsigned magic;
#define KEY_MAGIC 0xb4f7d1eb
VRBT_ENTRY(key) entry;
uint8_t *key;
uint8_t *id;
vtim_real added;
vtim_real updated;
uint8_t idlen;
};
......@@ -330,6 +332,8 @@ key_find(struct key_tree *tree_h, uint8_t *id, uint8_t idlen)
if (key != NULL) {
AN(key->key);
AN(key->id);
AN(key->added);
AN(key->updated);
assert(key->idlen == idlen);
AZ(memcmp(key->id, id, idlen));
}
......@@ -350,6 +354,8 @@ KEY_Get(uint8_t *id, uint8_t idlen)
CHECK_OBJ(key, KEY_MAGIC);
AN(key->key);
AN(key->id);
AN(key->added);
AN(key->updated);
assert(key->idlen == idlen);
AZ(memcmp(key->id, id, idlen));
return (key->key);
......@@ -399,6 +405,7 @@ key_insert(VRT_CTX, uint8_t *id, uint8_t idlen, const uint8_t *key,
memcpy(k->key, key, AES128_KEYLEN);
memcpy(k->id, id, idlen);
k->idlen = idlen;
k->added = k->updated = ctx->now;
AZ(VRBT_INSERT(key_tree, tree_h, k));
return (k);
}
......@@ -431,6 +438,8 @@ KEY_Add(VRT_CTX, uint8_t *id, uint8_t idlen, const uint8_t *key)
CHECK_OBJ(k, KEY_MAGIC);
AN(k->key);
AN(k->id);
AN(k->added);
AN(k->updated);
AZ(memcmp(k->key, key, AES128_KEYLEN));
assert(k->idlen == idlen);
AZ(memcmp(k->id, id, idlen));
......@@ -461,8 +470,10 @@ KEY_Set(VRT_CTX, uint8_t *id, uint8_t idlen, const uint8_t *key)
CHECK_OBJ(k, KEY_MAGIC);
AN(k->key);
memcpy(k->key, key, AES128_KEYLEN);
k->updated = ctx->now;
KEY_Unlock(idlen);
AN(k->added);
AN(k->id);
assert(k->idlen == idlen);
AZ(memcmp(k->id, id, idlen));
......@@ -491,8 +502,10 @@ KEY_Update(VRT_CTX, uint8_t *id, uint8_t idlen, const uint8_t *key)
CHECK_OBJ(k, KEY_MAGIC);
AN(k->key);
memcpy(k->key, key, AES128_KEYLEN);
k->updated = ctx->now;
KEY_Unlock(idlen);
AN(k->added);
AN(k->id);
assert(k->idlen == idlen);
AZ(memcmp(k->id, id, idlen));
......@@ -554,3 +567,26 @@ KEY_Exists(uint8_t *id, uint8_t idlen)
return (ret);
}
VCL_TIME
KEY_Added(VRT_CTX, uint8_t *id, uint8_t idlen)
{
struct key_tree *tree_h;
struct key *k;
VCL_TIME ret;
CHECK_OBJ_NOTNULL(ctx, VRT_CTX_MAGIC);
AN(id);
KEY_Rdlock(idlen);
tree_h = &key_tbl[idlen].tree;
if ((k = key_find(tree_h, id, idlen)) == NULL) {
KEY_Unlock(idlen);
VRT_fail(ctx, "key \"%.*s\" not found", idlen, id);
return (0);
}
ret = k->added;
KEY_Unlock(idlen);
return (ret);
}
......@@ -43,3 +43,4 @@ int KEY_Set(VRT_CTX, uint8_t *id, uint8_t idlen, const uint8_t *key);
void KEY_Wipe(void * const key);
int KEY_Delete(VRT_CTX, uint8_t *id, uint8_t idlen);
VCL_BOOL KEY_Exists(uint8_t *id, uint8_t idlen);
VCL_TIME KEY_Added(VRT_CTX, uint8_t *id, uint8_t idlen);
......@@ -77,6 +77,9 @@ varnish v1 -vcl+backend {
ece.add_key("", blob.decode(BASE64,
encoded="7l7lrhy91XNHfVW1SwhSBA=="));
}
if (req.url == "/added") {
set req.http.No-Time = ece.key_added("no such key");
}
}
sub vcl_backend_response {
......@@ -85,6 +88,8 @@ varnish v1 -vcl+backend {
sub vcl_deliver {
set resp.http.Exists-Before = req.http.Exists-Before;
set resp.http.Added = ece.key_added("");
set resp.http.Delta-Added = now - ece.key_added("");
}
}
......@@ -92,6 +97,10 @@ logexpect l1 -v v1 -d 0 -g vxid -q "VCL_Error" {
expect 0 * Begin req
expect * = VCL_Error {^key "" already exists$}
expect * = End
expect 0 * Begin req
expect * = VCL_Error {^key "no such key" not found$}
expect * = End
} -start
client c1 {
......@@ -101,6 +110,9 @@ client c1 {
expect resp.bodylen == 15
expect resp.body == "I am the walrus"
expect resp.http.Exists-Before == "true"
expect resp.http.Added ~ "GMT$"
expect resp.http.Delta-Added >= 0
expect resp.http.Delta-Added < 1
txreq -url /add
rxresp
......@@ -108,6 +120,13 @@ client c1 {
expect resp.reason == "VCL failed"
} -run
client c1 {
txreq -url /added
rxresp
expect resp.status == 503
expect resp.reason == "VCL failed"
} -run
logexpect l1 -wait
server s1 -wait
......@@ -258,6 +277,18 @@ varnish v1 -vcl {
blob.decode(BASE64,
encoded="75cIt3LwTqbq66pKSmp2fA=="));
}
elsif (req.url == "/added/nullid") {
unset req.http.No-Such-Header;
set req.http.T = ece.key_added(req.http.No-Such-Header);
}
elsif (req.url == "/added/toolong") {
set req.http.T = ece.key_added({"
1234567890123456789012345678901234567890123456789012345678901234567890
1234567890123456789012345678901234567890123456789012345678901234567890
1234567890123456789012345678901234567890123456789012345678901234567890
1234567890123456789012345678901234567890123456789012345678901234567890
"});
}
}
}
......@@ -329,6 +360,14 @@ logexpect l1 -v v1 -d 0 -g vxid -q "VCL_Error" {
expect 0 * Begin req
expect * = VCL_Error {(?s)^key id .+ too long \(length \d+ > 255\)$}
expect * = End
expect 0 * Begin req
expect * = VCL_Error {^key id is NULL$}
expect * = End
expect 0 * Begin req
expect * = VCL_Error {(?s)^key id .+ too long \(length \d+ > 255\)$}
expect * = End
} -start
client c1 {
......@@ -450,4 +489,18 @@ client c1 {
expect resp.reason == "VCL failed"
} -run
client c1 {
txreq -url /added/nullid
rxresp
expect resp.status == 503
expect resp.reason == "VCL failed"
} -run
client c1 {
txreq -url /added/toolong
rxresp
expect resp.status == 503
expect resp.reason == "VCL failed"
} -run
logexpect l1 -wait
......@@ -165,6 +165,17 @@ vmod_key_exists(VRT_CTX, VCL_STRING id)
return (KEY_Exists((uint8_t *)id, (uint8_t)len));
}
VCL_TIME
vmod_key_added(VRT_CTX, VCL_STRING id)
{
size_t len;
CHECK_OBJ_NOTNULL(ctx, VRT_CTX_MAGIC);
CHECK_ID(ctx, id, len, 0);
return (KEY_Added(ctx, (uint8_t *)id, (uint8_t)len));
}
VCL_STRING
vmod_libcrypto_version(VRT_CTX)
{
......
......@@ -90,6 +90,12 @@ Returns true iff the keying material identified by ``id`` has been added.
XXX ...
$Function TIME key_added(STRING id)
Returns time at which the keying material identified by ``id`` was added.
XXX ...
$Function STRING libcrypto_version()
Return the libcrypto version string.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment