Add more tests for AES.

288d5171 · Geoff Simmons · 7eb5b4d0 · 288d5171
Commit 288d5171 authored Apr 09, 2017 by Geoff Simmons
Hide whitespace changes
Inline Side-by-side

Showing with 93 additions and 6 deletions

aes.vtc src/tests/aes.vtc +93 -6

No files found.
--- a/src/tests/aes.vtc
+++ b/src/tests/aes.vtc
@@ -13,6 +13,12 @@ varnish v1 -vcl {
 		new aes = gcrypt.symmetric(AES, ECB, NONE, key=k1.get());
 		new p1 = blobcode.blob(HEX, "014BAF2278A69D331D5180103643E99A");
 		new c1 = blobcode.blob(HEX, "6743C3D1519AB4F2CD9A78AB09A511BD");
+		# The next 3 cipher ENUMs are just aliases for AES.
+		new aes128 = gcrypt.symmetric(AES128, ECB, NONE, key=k1.get());
+		new rijndael
+		    = gcrypt.symmetric(RIJNDAEL, ECB, NONE, key=k1.get());
+		new rijndael128
+		    = gcrypt.symmetric(RIJNDAEL128, ECB, NONE, key=k1.get());
 	}

 	sub vcl_recv {
@@ -20,10 +26,22 @@ varnish v1 -vcl {
 	}

 	sub vcl_synth {
-		set resp.http.c1
+		set resp.http.aes-ciphertext
 		    = blobcode.encode(HEXUC, aes.encrypt(p1.get()));
-		set resp.http.p1
+		set resp.http.aes-plaintext
 		    = blobcode.encode(HEXUC, aes.decrypt(c1.get()));
+		set resp.http.aes128-ciphertext
+		    = blobcode.encode(HEXUC, aes128.encrypt(p1.get()));
+		set resp.http.aes128-plaintext
+		    = blobcode.encode(HEXUC, aes128.decrypt(c1.get()));
+		set resp.http.rijndael-ciphertext
+		    = blobcode.encode(HEXUC, rijndael.encrypt(p1.get()));
+		set resp.http.rijndael-plaintext
+		    = blobcode.encode(HEXUC, rijndael.decrypt(c1.get()));
+		set resp.http.rijndael128-ciphertext
+		    = blobcode.encode(HEXUC, rijndael128.encrypt(p1.get()));
+		set resp.http.rijndael128-plaintext
+		    = blobcode.encode(HEXUC, rijndael128.decrypt(c1.get()));
 		return(deliver);
 	}
 } -start
@@ -32,8 +50,78 @@ client c1 {
 	txreq
 	rxresp
 	expect resp.status == 200
-	expect resp.http.c1 == "6743C3D1519AB4F2CD9A78AB09A511BD"
-	expect resp.http.p1 == "014BAF2278A69D331D5180103643E99A"
+	expect resp.http.aes-ciphertext == "6743C3D1519AB4F2CD9A78AB09A511BD"
+	expect resp.http.aes-plaintext == "014BAF2278A69D331D5180103643E99A"
+	expect resp.http.aes128-ciphertext == resp.http.aes-ciphertext
+	expect resp.http.aes128-plaintext == resp.http.aes-plaintext
+	expect resp.http.rijndael-ciphertext == resp.http.aes-ciphertext
+	expect resp.http.rijndael-plaintext == resp.http.aes-plaintext
+	expect resp.http.rijndael128-ciphertext == resp.http.aes-ciphertext
+	expect resp.http.rijndael128-plaintext == resp.http.aes-plaintext
+} -run
+
+varnish v1 -vcl {
+	import blobcode;
+	import gcrypt from "${vmod_topbuild}/src/.libs/libvmod_gcrypt.so";
+	backend b { .host = "${bad_ip}"; }
+
+	sub vcl_init {
+		new k1 = blobcode.blob(HEX,
+		    "04050607090A0B0C0E0F10111314151618191A1B1D1E1F20");
+		new aes192 = gcrypt.symmetric(AES192, ECB, NONE, key=k1.get());
+		new p1 = blobcode.blob(HEX, "76777475F1F2F3F4F8F9E6E777707172");
+		new c1 = blobcode.blob(HEX, "5D1EF20DCED6BCBC12131AC7C54788AA");
+
+		new k2 = blobcode.blob(HEX,
+	    "08090A0B0D0E0F10121314151718191A1C1D1E1F21222324262728292B2C2D2E");
+		new aes256 = gcrypt.symmetric(AES256, ECB, NONE, key=k2.get());
+		new p2 = blobcode.blob(HEX, "069A007FC76A459F98BAF917FEDF9521");
+		new c2 = blobcode.blob(HEX, "080E9517EB1677719ACF728086040AE3");
+
+		# RIJNDAEL192 and -256 are aliases for AES192 and -256.
+		new rijndael192
+		    = gcrypt.symmetric(RIJNDAEL192, ECB, NONE, key=k1.get());
+		new rijndael256
+		    = gcrypt.symmetric(RIJNDAEL256, ECB, NONE, key=k2.get());
+	}
+
+	sub vcl_recv {
+		return(synth(200));
+	}
+
+	sub vcl_synth {
+		set resp.http.aes192-ciphertext
+		    = blobcode.encode(HEXUC, aes192.encrypt(p1.get()));
+		set resp.http.aes192-plaintext
+		    = blobcode.encode(HEXUC, aes192.decrypt(c1.get()));
+		set resp.http.rijndael192-ciphertext
+		    = blobcode.encode(HEXUC, rijndael192.encrypt(p1.get()));
+		set resp.http.rijndael192-plaintext
+		    = blobcode.encode(HEXUC, rijndael192.decrypt(c1.get()));
+		set resp.http.aes256-ciphertext
+		    = blobcode.encode(HEXUC, aes256.encrypt(p2.get()));
+		set resp.http.aes256-plaintext
+		    = blobcode.encode(HEXUC, aes256.decrypt(c2.get()));
+		set resp.http.rijndael256-ciphertext
+		    = blobcode.encode(HEXUC, rijndael256.encrypt(p2.get()));
+		set resp.http.rijndael256-plaintext
+		    = blobcode.encode(HEXUC, rijndael256.decrypt(c2.get()));
+		return(deliver);
+	}
+}
+
+client c1 {
+	txreq
+	rxresp
+	expect resp.status == 200
+	expect resp.http.aes192-ciphertext == "5D1EF20DCED6BCBC12131AC7C54788AA"
+	expect resp.http.aes192-plaintext == "76777475F1F2F3F4F8F9E6E777707172"
+	expect resp.http.rijndael192-ciphertext == resp.http.aes192-ciphertext
+	expect resp.http.rijndael192-plaintext == resp.http.aes192-plaintext
+	expect resp.http.aes256-ciphertext == "080E9517EB1677719ACF728086040AE3"
+	expect resp.http.aes256-plaintext == "069A007FC76A459F98BAF917FEDF9521"
+	expect resp.http.rijndael256-ciphertext == resp.http.aes256-ciphertext
+	expect resp.http.rijndael256-plaintext == resp.http.aes256-plaintext
 } -run

 # from check_aes128_cbc_cts_cipher() in libgcrypt tests/basic.c
@@ -45,8 +133,7 @@ varnish v1 -vcl {
 	sub vcl_init {
 		new k = blobcode.blob(encoded="chicken teriyaki");
 		new iv = blobcode.blob(encoded="");
-		new aes = gcrypt.symmetric(AES, CBC, key=k.get(),
-		                           cbc_cts=true);
+		new aes = gcrypt.symmetric(AES, CBC, key=k.get(), cbc_cts=true);
 	}

 	sub vcl_recv {