diff --git a/reg-tests/converter/aes_cbc.vtc b/reg-tests/converter/aes_cbc.vtc new file mode 100644 index 000000000..46e075167 --- /dev/null +++ b/reg-tests/converter/aes_cbc.vtc @@ -0,0 +1,85 @@ +varnishtest "aes_cbc converter Test" +feature cmd "$HAPROXY_PROGRAM -cc 'feature(OPENSSL)'" +feature cmd "$HAPROXY_PROGRAM -cc 'version_atleast(3.4-dev2)'" + +feature ignore_unknown_macro + +server s1 { + rxreq + txresp -hdr "Connection: close" +} -repeat 2 -start + + +haproxy h1 -conf { + global + .if feature(THREAD) + thread-groups 1 + .endif + + # WT: limit false-positives causing "HTTP header incomplete" due to + # idle server connections being randomly used and randomly expiring + # under us. + tune.idle-pool.shared off + + defaults + mode http + timeout connect "${HAPROXY_TEST_TIMEOUT-5s}" + timeout client "${HAPROXY_TEST_TIMEOUT-5s}" + timeout server "${HAPROXY_TEST_TIMEOUT-5s}" + + frontend fe + bind "fd@${fe}" + + http-request set-var(txn.plain) str("Hello from HAProxy AES-CBC") + http-request set-var(txn.short_nonce) str("MTIzNDU2Nzg5MDEy") + http-request set-var(txn.nonce) str("MTIzNDU2Nzg5MDEyMzQ1Ng==") + http-request set-var(txn.key) str("Zm9vb2Zvb29mb29vb29vbw==") + + # AES-CBC enc with vars + dec with strings + http-request set-var(txn.encrypted1) var(txn.plain),aes_cbc_enc(128,txn.nonce,txn.key),base64 + http-after-response set-header X-Encrypted1 %[var(txn.encrypted1)] + http-request set-var(txn.decrypted1) var(txn.encrypted1),b64dec,aes_cbc_dec(128,"MTIzNDU2Nzg5MDEyMzQ1Ng==","Zm9vb2Zvb29mb29vb29vbw==") + http-after-response set-header X-Decrypted1 %[var(txn.decrypted1)] + + # AES-CBC enc with strings + dec with vars + http-request set-var(txn.encrypted2) var(txn.plain),aes_cbc_enc(128,"MTIzNDU2Nzg5MDEyMzQ1Ng==","Zm9vb2Zvb29mb29vb29vbw=="),base64 + http-after-response set-header X-Encrypted2 %[var(txn.encrypted2)] + http-request set-var(txn.decrypted2) var(txn.encrypted2),b64dec,aes_cbc_dec(128,txn.nonce,txn.key) + http-after-response set-header X-Decrypted2 %[var(txn.decrypted2)] + + # AES-CBC + AAD enc with vars + dec with strings + http-request set-var(txn.aad) str("dGVzdAo=") + http-request set-var(txn.encrypted3) var(txn.plain),aes_cbc_enc(128,txn.nonce,txn.key,txn.aad),base64 + http-after-response set-header X-Encrypted3 %[var(txn.encrypted3)] + http-request set-var(txn.decrypted3) var(txn.encrypted3),b64dec,aes_cbc_dec(128,"MTIzNDU2Nzg5MDEyMzQ1Ng==","Zm9vb2Zvb29mb29vb29vbw==","dGVzdAo=") + http-after-response set-header X-Decrypted3 %[var(txn.decrypted3)] + + # AES-CBC + AAD enc with strings + enc with strings + http-request set-var(txn.encrypted4) var(txn.plain),aes_cbc_enc(128,"MTIzNDU2Nzg5MDEyMzQ1Ng==","Zm9vb2Zvb29mb29vb29vbw==","dGVzdAo="),base64 + http-after-response set-header X-Encrypted4 %[var(txn.encrypted4)] + http-request set-var(txn.decrypted4) var(txn.encrypted4),b64dec,aes_cbc_dec(128,txn.nonce,txn.key,txn.aad) + http-after-response set-header X-Decrypted4 %[var(txn.decrypted4)] + + # AES-CBC enc with short nonce (var) + dec with short nonce (string) + http-request set-var(txn.encrypted5) var(txn.plain),aes_cbc_enc(128,txn.short_nonce,txn.key),base64 + http-after-response set-header X-Encrypted5 %[var(txn.encrypted5)] + http-request set-var(txn.decrypted5) var(txn.encrypted5),b64dec,aes_cbc_dec(128,"MTIzNDU2Nzg5MDEy","Zm9vb2Zvb29mb29vb29vbw==") + http-after-response set-header X-Decrypted5 %[var(txn.decrypted5)] + + default_backend be + + backend be + server s1 ${s1_addr}:${s1_port} + +} -start + +client c1 -connect ${h1_fe_sock} { + txreq + rxresp + expect resp.http.x-decrypted1 == "Hello from HAProxy AES-CBC" + expect resp.http.x-decrypted2 == "Hello from HAProxy AES-CBC" + expect resp.http.x-decrypted3 == "Hello from HAProxy AES-CBC" + expect resp.http.x-decrypted4 == "Hello from HAProxy AES-CBC" + expect resp.http.x-decrypted5 == "Hello from HAProxy AES-CBC" + +} -run