Commit ba225228 authored by Geoff Simmons's avatar Geoff Simmons

add the hmacf() function

parent eee84b60
......@@ -35,6 +35,8 @@ import blobdigest [from "path"] ;
new OBJECT = blobdigest.hmac(ENUM hash, BLOB key)
BLOB <obj>.hmac(BLOB msg)
BLOB blobdigest.hmacf(ENUM hash, BLOB key, BLOB msg)
DESCRIPTION
===========
......@@ -206,6 +208,7 @@ CONTENTS
* digest(ENUM {CRC32,MD5,SHA1,SHA224,SHA256,SHA384,SHA512,SHA3_224,SHA3_256,SHA3_384,SHA3_512}, BLOB)
* BLOB hash(ENUM {CRC32,MD5,SHA1,SHA224,SHA256,SHA384,SHA512,SHA3_224,SHA3_256,SHA3_384,SHA3_512}, BLOB)
* hmac(ENUM {MD5,SHA1,SHA224,SHA256,SHA384,SHA512,SHA3_224,SHA3_256,SHA3_384,SHA3_512}, BLOB)
* BLOB hmacf(ENUM {MD5,SHA1,SHA224,SHA256,SHA384,SHA512,SHA3_224,SHA3_256,SHA3_384,SHA3_512}, BLOB, BLOB)
* STRING version()
.. _obj_digest:
......@@ -462,6 +465,41 @@ Example::
return(synth(401));
}
.. _func_hmacf:
hmacf
-----
::
BLOB hmacf(ENUM {MD5,SHA1,SHA224,SHA256,SHA384,SHA512,SHA3_224,SHA3_256,SHA3_384,SHA3_512} hash, BLOB key, BLOB msg)
Returns the HMAC for ``msg`` as specified by ``hash`` and the ``key``.
As with the ``digest`` object and ``hash`` function, the use of the
``hmac`` object is likely to be more efficient than the ``hmacf``
function, because the internal cryptographic state of the HMAC for a
given key is pre-computed in the object constructor. So if the key is
fixed and known at initialization time, then you should use the
``hmac`` object. The ``hmacf`` function should only be used if the key
is not known at runtime, or, for example, should be changed without
requiring a VCL reload.
Example::
import blobdigest;
import blobcode;
# Decode the base64-encoded string as a HMAC key, compute the
# SHA512 HMAC of the Msg header, and save the hex-encoded
# result in a header.
set req.http.HMAC
= blobcode.encode(HEXUC,
blobdigest.hmacf(SHA512,
blobcode.decode(BASE64, "Zm9v"),
blobcode.decode(IDENTITY,
req.http.Msg)));
.. _func_version:
version
......
......@@ -2,7 +2,7 @@
varnishtest "MD5 hash"
# VMODs blobcode and blob must be installed
# VMOD blobcode must be installed
varnish v1 -vcl {
import blobdigest from "${vmod_topbuild}/src/.libs/libvmod_blobdigest.so";
......@@ -428,108 +428,55 @@ client c1 {
expect resp.http.rfc2202t7 == "6f630fad67cda0ee1fb1f562db3aa53e"
} -run
# Test use of digest object methods in vcl_init and _fini
# hmacf function
varnish v1 -vcl {
import blobdigest from "${vmod_topbuild}/src/.libs/libvmod_blobdigest.so";
import blobcode;
import blob;
backend b { .host = "${bad_ip}"; }
sub vcl_init {
new msg = blobcode.blob(IDENTITY, "message");
new space = blobcode.blob(IDENTITY, " ");
new digest = blobcode.blob(IDENTITY, "digest");
new msgdigest
= blobcode.blob(HEX, "F96B697D7CB7938D525A2F31AAF161D0");
new a = blobcode.blob(IDENTITY, "a");
new bc = blobcode.blob(IDENTITY, "bc");
new abc
= blobcode.blob(HEX, "900150983CD24FB0D6963F7D28E17F72");
new d1 = blobdigest.digest(MD5, msg.get());
if (!d1.update(space.get())) {
return(fail);
}
if (!d1.update(digest.get())) {
return(fail);
}
if (!blob.equal(d1.final(), msgdigest.get())) {
return(fail);
}
new d2 = blobdigest.digest(MD5, a.get());
new k1 = blobcode.blob(HEX, "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b");
new k2 = blobcode.blob(IDENTITY, "Jefe");
new k3 = blobcode.blob(HEX, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
new k4 = blobcode.blob(HEX,
"0102030405060708090a0b0c0d0e0f10111213141516171819");
new k5 = blobcode.blob(HEX, "0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c");
new k6 = blobcode.blob(HEX,
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
}
sub vcl_recv {
return(synth(200));
}
sub vcl_fini {
# Don't know how to test the result, at least it
# shouldn't blow up
if (!d2.update(bc.get())) {}
if (!blob.equal(d2.final(), abc.get())) {}
}
}
client c1 {
txreq
rxresp
expect resp.status == 200
} -run
# Test repeated calls of the digest.final() method
server s1 -wait {
rxreq
txresp -hdr "Cache-Control: max-age=0"
} -start
varnish v1 -vcl+backend {
import blobdigest from "${vmod_topbuild}/src/.libs/libvmod_blobdigest.so";
import blobcode;
import blob;
sub vcl_init {
new a = blobcode.blob(IDENTITY, "a");
new bc = blobcode.blob(IDENTITY, "bc");
new abc
= blobcode.blob(HEX, "900150983CD24FB0D6963F7D28E17F72");
sub vcl_synth {
set resp.http.rfc2202t1 = blobcode.encode(HEXLC,
blobdigest.hmacf(MD5, k1.get(),
blobcode.decode(encoded="Hi There")));
new d1 = blobdigest.digest(MD5, a.get());
if (!d1.update(bc.get())) {
return(fail);
}
if (!blob.equal(d1.final(), abc.get())) {
return(fail);
}
if (!blob.equal(d1.final(), abc.get())) {
return(fail);
}
set resp.http.rfc2202t2 = blobcode.encode(HEXLC,
blobdigest.hmacf(MD5, k2.get(), blobcode.decode(encoded=
"what do ya want for nothing?")));
new d2 = blobdigest.digest(MD5);
}
set resp.http.rfc2202t3 = blobcode.encode(HEXLC,
blobdigest.hmacf(MD5, k3.get(), blobcode.decode(HEX,
"dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd")));
sub vcl_backend_response {
set beresp.http.d1_b1 = blobcode.encode(HEXUC, d1.final());
set beresp.http.d1_b2 = blobcode.encode(HEXUC, d1.final());
set resp.http.rfc2202t4 = blobcode.encode(HEXLC,
blobdigest.hmacf(MD5, k4.get(), blobcode.decode(HEX,
"cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd")));
if (!d2.update(blobcode.decode(IDENTITY, "message digest"))) {
return(abandon);
}
set beresp.http.d2_b1 = blobcode.encode(HEXUC, d2.final());
set beresp.http.d2_b2 = blobcode.encode(HEXUC, d2.final());
}
set resp.http.rfc2202t5 = blobcode.encode(HEXLC,
blobdigest.hmacf(MD5, k5.get(),
blobcode.decode(encoded="Test With Truncation")));
sub vcl_deliver {
set resp.http.d1_c1 = blobcode.encode(HEXUC, d1.final());
set resp.http.d1_c2 = blobcode.encode(HEXUC, d1.final());
set resp.http.rfc2202t6 = blobcode.encode(HEXLC,
blobdigest.hmacf(MD5, k6.get(), blobcode.decode(encoded=
"Test Using Larger Than Block-Size Key - Hash Key First")));
if (!d2.update(blobcode.decode(IDENTITY, "a"))) {
return(synth(500));
}
set resp.http.d2_c1 = blobcode.encode(HEXUC, d2.final());
set resp.http.d2_c2 = blobcode.encode(HEXUC, d2.final());
set resp.http.rfc2202t7 = blobcode.encode(HEXLC,
blobdigest.hmacf(MD5, k6.get(), blobcode.decode(encoded=
"Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data")));
}
}
......@@ -538,117 +485,11 @@ client c1 {
rxresp
expect resp.status == 200
expect resp.http.d1_b1 == "900150983CD24FB0D6963F7D28E17F72"
expect resp.http.d1_b2 == "900150983CD24FB0D6963F7D28E17F72"
expect resp.http.d1_c1 == "900150983CD24FB0D6963F7D28E17F72"
expect resp.http.d1_c2 == "900150983CD24FB0D6963F7D28E17F72"
expect resp.http.d2_b1 == "F96B697D7CB7938D525A2F31AAF161D0"
expect resp.http.d2_b2 == "F96B697D7CB7938D525A2F31AAF161D0"
expect resp.http.d2_c1 == "0CC175B9C0F1B6A831C399E269772661"
expect resp.http.d2_c2 == "0CC175B9C0F1B6A831C399E269772661"
} -run
# digest.update() may not be called after digest.final()
varnish v1 -errvcl {vmod blobdigest error: already finalized in d1.update()} {
import blobdigest from "${vmod_topbuild}/src/.libs/libvmod_blobdigest.so";
import blobcode;
import blob;
backend b { .host = "${bad_ip}"; }
sub vcl_init {
new empty = blobcode.blob(IDENTITY, "");
new hash = blobcode.blob(HEX,
"D41D8CD98F00B204E9800998ECF8427E");
new d1 = blobdigest.digest(MD5);
if (!d1.update(empty.get())) {
return(fail);
}
if (!blob.equal(d1.final(), hash.get())) {
return(fail);
}
if (!d1.update(empty.get())) {
return(fail);
}
}
}
varnish v1 -vcl {
import blobdigest from "${vmod_topbuild}/src/.libs/libvmod_blobdigest.so";
import blobcode;
backend b { .host = "${bad_ip}"; }
sub vcl_init {
new empty = blobcode.blob(IDENTITY, "");
new d1 = blobdigest.digest(MD5);
}
sub vcl_recv {
return(synth(200));
}
sub vcl_synth {
if (!d1.update(empty.get())) {
set resp.status = 500;
return(deliver);
}
set resp.http.empty = blobcode.encode(HEXUC, d1.final());
if (!d1.update(empty.get())) {
set resp.status = 500;
return(deliver);
}
}
}
client c1 {
txreq
rxresp
expect resp.status == 500
expect resp.http.empty == "D41D8CD98F00B204E9800998ECF8427E"
} -run
logexpect l1 -v v1 -d 1 -g vxid -q "VCL_Error" {
expect 0 * Begin req
expect * = VCL_Error "^vmod blobdigest error: already finalized in d1.update..$"
expect * = End
expect resp.http.rfc2202t1 == "9294727a3638bb1c13f48ef8158bfc9d"
expect resp.http.rfc2202t2 == "750c783e6ab0b503eaa86e310a5db738"
expect resp.http.rfc2202t3 == "56be34521d144c88dbb8c733f0e8b3f6"
expect resp.http.rfc2202t4 == "697eaf0aca3a3aea3a75164746ffaa79"
expect resp.http.rfc2202t5 == "56461ef2342edc00f9bab995690efd4c"
expect resp.http.rfc2202t6 == "6b1ab7fe4bd7bf8f0b62e6ce61b9d0cd"
expect resp.http.rfc2202t7 == "6f630fad67cda0ee1fb1f562db3aa53e"
} -run
# hash() is legal in vcl_init and vcl_fini (as of Varnish 5.0)
varnish v2 -arg "-p debug=+vclrel" -vcl {
import blobdigest from "${vmod_topbuild}/src/.libs/libvmod_blobdigest.so";
import blobcode;
import blob;
import std;
backend b { .host = "${bad_ip}"; }
sub vcl_init {
new empty = blobcode.blob(IDENTITY, "");
new md5 = blobcode.blob(HEX,
"D41D8CD98F00B204E9800998ECF8427E");
if (!blob.equal(blobdigest.hash(MD5, empty.get()), md5.get())) {
return(fail);
}
}
sub vcl_fini {
if (blob.equal(blobdigest.hash(MD5, empty.get()), md5.get())) {
std.log("blobs are equal");
}
else {
std.log("blobs not equal");
}
}
} -start
varnish v2 -vcl {
backend b { .host = "${bad_ip}"; }
}
logexpect l2 -v v2 -d 0 -g raw -q "VCL_Log" {
expect 0 * VCL_Log "^blobs are equal$"
} -start
varnish v2 -cliok "vcl.use vcl2"
varnish v2 -cliok "vcl.discard vcl1"
logexpect l2 -wait
......@@ -272,6 +272,7 @@ client c1 {
expect resp.http.allbytesf == "4916d6bdb7f78e6803698cab32d1586ea457dfc8"
} -run
# hmac object
varnish v1 -vcl {
import blobdigest from "${vmod_topbuild}/src/.libs/libvmod_blobdigest.so";
import blobcode;
......@@ -363,3 +364,73 @@ client c1 {
expect resp.http.rfc2202t6 == "aa4ae5e15272d00e95705637ce8a3b55ed402112"
expect resp.http.rfc2202t7 == "e8e99d0f45237d786d6bbaa7965c7808bbff1a91"
} -run
# hmacf function
varnish v1 -vcl {
import blobdigest from "${vmod_topbuild}/src/.libs/libvmod_blobdigest.so";
import blobcode;
backend b { .host = "${bad_ip}"; }
sub vcl_init {
new k1 = blobcode.blob(HEX,
"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b");
new k2 = blobcode.blob(IDENTITY, "Jefe");
new k3 = blobcode.blob(HEX,
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
new k4 = blobcode.blob(HEX,
"0102030405060708090a0b0c0d0e0f10111213141516171819");
new k5 = blobcode.blob(HEX,
"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c");
new k6 = blobcode.blob(HEX,
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
}
sub vcl_recv {
return(synth(200));
}
sub vcl_synth {
set resp.http.rfc2202t1 = blobcode.encode(HEXLC,
blobdigest.hmacf(SHA1, k1.get(),
blobcode.decode(IDENTITY, "Hi There")));
set resp.http.rfc2202t2 = blobcode.encode(HEXLC,
blobdigest.hmacf(SHA1, k2.get(),blobcode.decode(IDENTITY,
"what do ya want for nothing?")));
set resp.http.rfc2202t3 = blobcode.encode(HEXLC,
blobdigest.hmacf(SHA1, k3.get(), blobcode.decode(HEX,
"dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd")));
set resp.http.rfc2202t4 = blobcode.encode(HEXLC,
blobdigest.hmacf(SHA1, k4.get(), blobcode.decode(HEX,
"cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd")));
set resp.http.rfc2202t5 = blobcode.encode(HEXLC,
blobdigest.hmacf(SHA1, k5.get(), blobcode.decode(IDENTITY,
"Test With Truncation")));
set resp.http.rfc2202t6 = blobcode.encode(HEXLC,
blobdigest.hmacf(SHA1, k6.get(), blobcode.decode(IDENTITY,
"Test Using Larger Than Block-Size Key - Hash Key First")));
set resp.http.rfc2202t7 = blobcode.encode(HEXLC,
blobdigest.hmacf(SHA1, k6.get(), blobcode.decode(IDENTITY,
"Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data")));
}
}
client c1 {
txreq
rxresp
expect resp.status == 200
# RFC2202 test cases
expect resp.http.rfc2202t1 == "b617318655057264e28bc0b6fb378c8ef146be00"
expect resp.http.rfc2202t2 == "effcdf6ae5eb2fa2d27416d5f184df9c259a7c79"
expect resp.http.rfc2202t3 == "125d7342b9ac11cd91a39af48aa17b4f63f175d3"
expect resp.http.rfc2202t4 == "4c9007f4026250c6bc8414f9bf50c86c2d7235da"
expect resp.http.rfc2202t5 == "4c1a03424b55e07fe7f27be1d58bb9324a9a5a04"
expect resp.http.rfc2202t6 == "aa4ae5e15272d00e95705637ce8a3b55ed402112"
expect resp.http.rfc2202t7 == "e8e99d0f45237d786d6bbaa7965c7808bbff1a91"
} -run
......@@ -250,6 +250,7 @@ client c1 {
expect resp.http.allbytesf == "88702e63237824c4eb0d0fcfe41469a462493e8beb2a75bbe5981734"
} -run
# hmac object
varnish v1 -vcl {
import blobdigest from "${vmod_topbuild}/src/.libs/libvmod_blobdigest.so";
import blobcode;
......@@ -341,3 +342,73 @@ client c1 {
expect resp.http.rfc4231t6 == "95e9a0db962095adaebe9b2d6f0dbce2d499f112f2d2b7273fa6870e"
expect resp.http.rfc4231t7 == "3a854166ac5d9f023f54d517d0b39dbd946770db9c2b95c9f6f565d1"
} -run
# hmacf function
varnish v1 -vcl {
import blobdigest from "${vmod_topbuild}/src/.libs/libvmod_blobdigest.so";
import blobcode;
backend b { .host = "${bad_ip}"; }
sub vcl_init {
# RFC4231 test cases
new k1 = blobcode.blob(HEX,
"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b");
new k2 = blobcode.blob(IDENTITY, "Jefe");
new k3 = blobcode.blob(HEX,
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
new k4 = blobcode.blob(HEX,
"0102030405060708090a0b0c0d0e0f10111213141516171819");
new k5 = blobcode.blob(HEX,
"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c");
new k6 = blobcode.blob(HEX,
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
}
sub vcl_recv {
return(synth(200));
}
sub vcl_synth {
set resp.http.rfc4231t1 = blobcode.encode(HEXLC,
blobdigest.hmacf(SHA224, k1.get(),
blobcode.decode(IDENTITY, "Hi There")));
set resp.http.rfc4231t2 = blobcode.encode(HEXLC,
blobdigest.hmacf(SHA224, k2.get(), blobcode.decode(IDENTITY,
"what do ya want for nothing?")));
set resp.http.rfc4231t3 = blobcode.encode(HEXLC,
blobdigest.hmacf(SHA224, k3.get(), blobcode.decode(HEX,
"dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd")));
set resp.http.rfc4231t4 = blobcode.encode(HEXLC,
blobdigest.hmacf(SHA224, k4.get(), blobcode.decode(HEX,
"cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd")));
set resp.http.rfc4231t5 = blobcode.encode(HEXLC,
blobdigest.hmacf(SHA224, k5.get(), blobcode.decode(IDENTITY,
"Test With Truncation")));
set resp.http.rfc4231t6 = blobcode.encode(HEXLC,
blobdigest.hmacf(SHA224, k6.get(), blobcode.decode(IDENTITY,
"Test Using Larger Than Block-Size Key - Hash Key First")));
set resp.http.rfc4231t7 = blobcode.encode(HEXLC,
blobdigest.hmacf(SHA224, k6.get(), blobcode.decode(IDENTITY,
"This is a test using a larger than block-size key and a larger than block-size data. The key needs to be hashed before being used by the HMAC algorithm.")));
}
}
client c1 {
txreq
rxresp
expect resp.status == 200
expect resp.http.rfc4231t1 == "896fb1128abbdf196832107cd49df33f47b4b1169912ba4f53684b22"
expect resp.http.rfc4231t2 == "a30e01098bc6dbbf45690f3a7e9e6d0f8bbea2a39e6148008fd05e44"
expect resp.http.rfc4231t3 == "7fb3cb3588c6c1f6ffa9694d7d6ad2649365b0c1f65d69d1ec8333ea"
expect resp.http.rfc4231t4 == "6c11506874013cac6a2abc1bb382627cec6a90d86efc012de7afec5a"
expect resp.http.rfc4231t5 ~ "^0e2aea68a90c8d37c988bcdb9fca6fa8"
expect resp.http.rfc4231t6 == "95e9a0db962095adaebe9b2d6f0dbce2d499f112f2d2b7273fa6870e"
expect resp.http.rfc4231t7 == "3a854166ac5d9f023f54d517d0b39dbd946770db9c2b95c9f6f565d1"
} -run
......@@ -235,6 +235,7 @@ client c1 {
expect resp.http.allbytesf == "40aff2e9d2d8922e47afd4648e6967497158785fbd1da870e7110266bf944880"
} -run
# hmac object
varnish v1 -vcl {
import blobdigest from "${vmod_topbuild}/src/.libs/libvmod_blobdigest.so";
import blobcode;
......@@ -308,7 +309,76 @@ varnish v1 -vcl {
= blobcode.encode(HEXLC,
rfc4231t6.hmac(blobcode.decode(IDENTITY,
"This is a test using a larger than block-size key and a larger than block-size data. The key needs to be hashed before being used by the HMAC algorithm.")));
}
}
client c1 {
txreq
rxresp
expect resp.status == 200
# RFC4231 test cases
expect resp.http.rfc4231t1 == "b0344c61d8db38535ca8afceaf0bf12b881dc200c9833da726e9376c2e32cff7"
expect resp.http.rfc4231t2 == "5bdcc146bf60754e6a042426089575c75a003f089d2739839dec58b964ec3843"
expect resp.http.rfc4231t3 == "773ea91e36800e46854db8ebd09181a72959098b3ef8c122d9635514ced565fe"
expect resp.http.rfc4231t4 == "82558a389a443c0ea4cc819899f2083a85f0faa3e578f8077a2e3ff46729665b"
expect resp.http.rfc4231t5 ~ "^a3b6167473100ee06e0c796c2955552b"
expect resp.http.rfc4231t6 == "60e431591ee0b67f0d8a26aacbf5b77f8e0bc6213728c5140546040f0ee37f54"
expect resp.http.rfc4231t7 == "9b09ffa71b942fcb27635fbcd5b0e944bfdc63644f0713938a7f51535c3a35e2"
} -run
# hmacf function
varnish v1 -vcl {
import blobdigest from "${vmod_topbuild}/src/.libs/libvmod_blobdigest.so";
import blobcode;
backend b { .host = "${bad_ip}"; }
sub vcl_init {
new k1 = blobcode.blob(HEX,
"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b");
new k2 = blobcode.blob(IDENTITY, "Jefe");
new k3 = blobcode.blob(HEX,
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
new k4 = blobcode.blob(HEX,
"0102030405060708090a0b0c0d0e0f10111213141516171819");
new k5 = blobcode.blob(HEX,
"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c");
new k6 = blobcode.blob(HEX,
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
}
sub vcl_recv {
return(synth(200));
}
sub vcl_synth {
set resp.http.rfc4231t1 = blobcode.encode(HEXLC,
blobdigest.hmacf(SHA256, k1.get(),
blobcode.decode(IDENTITY, "Hi There")));
set resp.http.rfc4231t2 = blobcode.encode(HEXLC,
blobdigest.hmacf(SHA256, k2.get(), blobcode.decode(IDENTITY,
"what do ya want for nothing?")));
set resp.http.rfc4231t3 = blobcode.encode(HEXLC,
blobdigest.hmacf(SHA256, k3.get(), blobcode.decode(HEX,
"dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd")));
set resp.http.rfc4231t4 = blobcode.encode(HEXLC,
blobdigest.hmacf(SHA256, k4.get(), blobcode.decode(HEX,
"cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd")));
set resp.http.rfc4231t5 = blobcode.encode(HEXLC,
blobdigest.hmacf(SHA256, k5.get(), blobcode.decode(IDENTITY,
"Test With Truncation")));
set resp.http.rfc4231t6 = blobcode.encode(HEXLC,
blobdigest.hmacf(SHA256, k6.get(), blobcode.decode(IDENTITY,
"Test Using Larger Than Block-Size Key - Hash Key First")));
set resp.http.rfc4231t7 = blobcode.encode(HEXLC,
blobdigest.hmacf(SHA256, k6.get(), blobcode.decode(IDENTITY,
"This is a test using a larger than block-size key and a larger than block-size data. The key needs to be hashed before being used by the HMAC algorithm.")));
}
}
......
......@@ -235,6 +235,7 @@ client c1 {
expect resp.http.allbytesf == "bd34c1faa03a01db5e0c3a3d5e0440d6e5e361060f3dc9d149a26812"
} -run
# hmac object
varnish v1 -vcl {
import blobdigest from "${vmod_topbuild}/src/.libs/libvmod_blobdigest.so";
import blobcode;
......@@ -336,3 +337,84 @@ client c1 {
expect resp.http.ehrhardt6a == "b96d730c148c2daad8649d83defaa3719738d34775397b7571c38515"
expect resp.http.ehrhardt7a == "c79c9b093424e588a9878bbcb089e018270096e9b4b1a9e8220c866a"
} -run
# hmacf function
varnish v1 -vcl {
import blobdigest from "${vmod_topbuild}/src/.libs/libvmod_blobdigest.so";
import blobcode;
backend b { .host = "${bad_ip}"; }
sub vcl_init {
new k1 = blobcode.blob(HEX,
"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b");
new k2 = blobcode.blob(IDENTITY, "Jefe");
new k3 = blobcode.blob(HEX,
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
new k4 = blobcode.blob(HEX,
"0102030405060708090a0b0c0d0e0f10111213141516171819");
new k5 = blobcode.blob(HEX,
"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c");
new k6 = blobcode.blob(HEX,
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
new k7 = blobcode.blob(HEX,
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
}
sub vcl_recv {
return(synth(200));
}
sub vcl_synth {
set resp.http.ehrhardt1 = blobcode.encode(HEXLC,
blobdigest.hmacf(SHA3_224, k1.get(),
blobcode.decode(IDENTITY, "Hi There")));
set resp.http.ehrhardt2 = blobcode.encode(HEXLC,
blobdigest.hmacf(SHA3_224, k2.get(), blobcode.decode(IDENTITY,
"what do ya want for nothing?")));
set resp.http.ehrhardt3 = blobcode.encode(HEXLC,
blobdigest.hmacf(SHA3_224, k3.get(), blobcode.decode(HEX,
"dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd")));
set resp.http.ehrhardt4 = blobcode.encode(HEXLC,
blobdigest.hmacf(SHA3_224, k4.get(), blobcode.decode(HEX,
"cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd")));
set resp.http.ehrhardt5 = blobcode.encode(HEXLC,
blobdigest.hmacf(SHA3_224, k5.get(), blobcode.decode(IDENTITY,
"Test With Truncation")));
set resp.http.ehrhardt6 = blobcode.encode(HEXLC,
blobdigest.hmacf(SHA3_224, k6.get(), blobcode.decode(IDENTITY,
"Test Using Larger Than Block-Size Key - Hash Key First")));
set resp.http.ehrhardt7 = blobcode.encode(HEXLC,
blobdigest.hmacf(SHA3_224, k6.get(), blobcode.decode(IDENTITY,
"This is a test using a larger than block-size key and a larger than block-size data. The key needs to be hashed before being used by the HMAC algorithm.")));
set resp.http.ehrhardt6a = blobcode.encode(HEXLC,
blobdigest.hmacf(SHA3_224, k7.get(), blobcode.decode(IDENTITY,
"Test Using Larger Than Block-Size Key - Hash Key First")));
set resp.http.ehrhardt7a = blobcode.encode(HEXLC,
blobdigest.hmacf(SHA3_224, k7.get(), blobcode.decode(IDENTITY,
"This is a test using a larger than block-size key and a larger than block-size data. The key needs to be hashed before being used by the HMAC algorithm.")));
}
}
client c1 {
txreq
rxresp
expect resp.status == 200
expect resp.http.ehrhardt1 == "3b16546bbc7be2706a031dcafd56373d9884367641d8c59af3c860f7"
expect resp.http.ehrhardt2 == "7fdb8dd88bd2f60d1b798634ad386811c2cfc85bfaf5d52bbace5e66"
expect resp.http.ehrhardt3 == "676cfc7d16153638780390692be142d2df7ce924b909c0c08dbfdc1a"
expect resp.http.ehrhardt4 == "a9d7685a19c4e0dbd9df2556cc8a7d2a7733b67625ce594c78270eeb"
expect resp.http.ehrhardt5 ~ "^49fdd3abd005ebb8ae63fea946d1883c"
expect resp.http.ehrhardt6 == "b4a1f04c00287a9b7f6075b313d279b833bc8f75124352d05fb9995f"
expect resp.http.ehrhardt7 == "05d8cd6d00faea8d1eb68ade28730bbd3cbab6929f0a086b29cd62a0"
expect resp.http.ehrhardt6a == "b96d730c148c2daad8649d83defaa3719738d34775397b7571c38515"
expect resp.http.ehrhardt7a == "c79c9b093424e588a9878bbcb089e018270096e9b4b1a9e8220c866a"
} -run
......@@ -235,6 +235,7 @@ client c1 {
expect resp.http.allbytesf == "9b04c091da96b997afb8f2585d608aebe9c4a904f7d52c8f28c7e4d2dd9fba5f"
} -run
# hmac object
varnish v1 -vcl {
import blobdigest from "${vmod_topbuild}/src/.libs/libvmod_blobdigest.so";
import blobcode;
......@@ -337,3 +338,84 @@ client c1 {
expect resp.http.ehrhardt6a == "a6072f86de52b38bb349fe84cd6d97fb6a37c4c0f62aae93981193a7229d3467"
expect resp.http.ehrhardt7a == "e6a36d9b915f86a093cac7d110e9e04cf1d6100d30475509c2475f571b758b5a"
} -run
# hmacf function
varnish v1 -vcl {
import blobdigest from "${vmod_topbuild}/src/.libs/libvmod_blobdigest.so";
import blobcode;
backend b { .host = "${bad_ip}"; }
sub vcl_init {
new k1 = blobcode.blob(HEX,
"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b");
new k2 = blobcode.blob(IDENTITY, "Jefe");
new k3 = blobcode.blob(HEX,
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
new k4 = blobcode.blob(HEX,
"0102030405060708090a0b0c0d0e0f10111213141516171819");
new k5 = blobcode.blob(HEX,
"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c");
new k6 = blobcode.blob(HEX,
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
new k7 = blobcode.blob(HEX,
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
}
sub vcl_recv {
return(synth(200));
}
sub vcl_synth {
set resp.http.ehrhardt1 = blobcode.encode(HEXLC,
blobdigest.hmacf(SHA3_256, k1.get(),
blobcode.decode(IDENTITY, "Hi There")));
set resp.http.ehrhardt2 = blobcode.encode(HEXLC,
blobdigest.hmacf(SHA3_256, k2.get(), blobcode.decode(IDENTITY,
"what do ya want for nothing?")));
set resp.http.ehrhardt3 = blobcode.encode(HEXLC,
blobdigest.hmacf(SHA3_256, k3.get(), blobcode.decode(HEX,
"dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd")));
set resp.http.ehrhardt4 = blobcode.encode(HEXLC,
blobdigest.hmacf(SHA3_256, k4.get(), blobcode.decode(HEX,
"cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd")));
set resp.http.ehrhardt5 = blobcode.encode(HEXLC,
blobdigest.hmacf(SHA3_256, k5.get(), blobcode.decode(IDENTITY,
"Test With Truncation")));
set resp.http.ehrhardt6 = blobcode.encode(HEXLC,
blobdigest.hmacf(SHA3_256, k6.get(), blobcode.decode(IDENTITY,
"Test Using Larger Than Block-Size Key - Hash Key First")));
set resp.http.ehrhardt7 = blobcode.encode(HEXLC,
blobdigest.hmacf(SHA3_256, k6.get(), blobcode.decode(IDENTITY,
"This is a test using a larger than block-size key and a larger than block-size data. The key needs to be hashed before being used by the HMAC algorithm.")));
set resp.http.ehrhardt6a = blobcode.encode(HEXLC,
blobdigest.hmacf(SHA3_256, k7.get(), blobcode.decode(IDENTITY,
"Test Using Larger Than Block-Size Key - Hash Key First")));
set resp.http.ehrhardt7a = blobcode.encode(HEXLC,
blobdigest.hmacf(SHA3_256, k7.get(), blobcode.decode(IDENTITY,
"This is a test using a larger than block-size key and a larger than block-size data. The key needs to be hashed before being used by the HMAC algorithm.")));
}
}
client c1 {
txreq
rxresp
expect resp.status == 200
expect resp.http.ehrhardt1 == "ba85192310dffa96e2a3a40e69774351140bb7185e1202cdcc917589f95e16bb"
expect resp.http.ehrhardt2 == "c7d4072e788877ae3596bbb0da73b887c9171f93095b294ae857fbe2645e1ba5"
expect resp.http.ehrhardt3 == "84ec79124a27107865cedd8bd82da9965e5ed8c37b0ac98005a7f39ed58a4207"
expect resp.http.ehrhardt4 == "57366a45e2305321a4bc5aa5fe2ef8a921f6af8273d7fe7be6cfedb3f0aea6d7"
expect resp.http.ehrhardt5 ~ "^6e02c64537fb118057abb7fb66a23b3c"
expect resp.http.ehrhardt6 == "ed73a374b96c005235f948032f09674a58c0ce555cfc1f223b02356560312c3b"
expect resp.http.ehrhardt7 == "65c5b06d4c3de32a7aef8763261e49adb6e2293ec8e7c61e8de61701fc63e123"
expect resp.http.ehrhardt6a == "a6072f86de52b38bb349fe84cd6d97fb6a37c4c0f62aae93981193a7229d3467"
expect resp.http.ehrhardt7a == "e6a36d9b915f86a093cac7d110e9e04cf1d6100d30475509c2475f571b758b5a"
} -run
......@@ -235,6 +235,7 @@ client c1 {
expect resp.http.allbytesf == "e834031d7bab82ac00905187335595e020c5bd3220924f4f551d7485931d2cb9efe90b6574fc46b63265314781de017a"
} -run
# hmac object
varnish v1 -vcl {
import blobdigest from "${vmod_topbuild}/src/.libs/libvmod_blobdigest.so";