Add tests for AES in CFB and OFB modes.

b4db0807 · Geoff Simmons · b5d1c3d4 · b4db0807
Commit b4db0807 authored Apr 10, 2017 by Geoff Simmons
Hide whitespace changes
Inline Side-by-side

Showing with 120 additions and 0 deletions

aes.vtc src/tests/aes.vtc +120 -0

No files found.
--- a/src/tests/aes.vtc
+++ b/src/tests/aes.vtc
@@ -124,6 +124,126 @@ client c1 {
 	expect resp.http.rijndael256-plaintext == resp.http.aes256-plaintext
 } -run

+# from seltest_fips_128_38a() in libgcrypt cipher/rijndael.c
+varnish v1 -vcl {
+	import blobcode;
+	import gcrypt from "${vmod_topbuild}/src/.libs/libvmod_gcrypt.so";
+	backend b { .host = "${bad_ip}"; }
+
+	sub vcl_init {
+		new k = blobcode.blob(HEX, "2b7e151628aed2a6abf7158809cf4f3c");
+		new iv = blobcode.blob(HEX, "000102030405060708090a0b0c0d0e0f");
+
+		new p1 = blobcode.blob(HEX, "6bc1bee22e409f96e93d7e117393172a");
+		new p2 = blobcode.blob(HEX, "ae2d8a571e03ac9c9eb76fac45af8e51");
+		new p3 = blobcode.blob(HEX, "30c81c46a35ce411e5fbc1191a0a52ef");
+		new p4 = blobcode.blob(HEX, "f69f2445df4f9b17ad2b417be66c3710");
+		new c1 = blobcode.blob(HEX, "3b3fd92eb72dad20333449f8e83cfb4a");
+
+		new aes_cfb = gcrypt.symmetric(AES, CFB, key=k.get());
+		new c_cfb2
+		    = blobcode.blob(HEX, "c8a64537a0b3a93fcde3cdad9f1ce58b");
+		new c_cfb3
+		    = blobcode.blob(HEX, "26751f67a3cbb140b1808cf187a4f4df");
+		new c_cfb4
+		    = blobcode.blob(HEX, "c04b05357c5d1c0eeac4c66f9ff7f2e6");
+
+		new aes_ofb = gcrypt.symmetric(AES, OFB, key=k.get());
+		new c_ofb2
+		    = blobcode.blob(HEX, "7789508d16918f03f53c52dac54ed825");
+		new c_ofb3
+		    = blobcode.blob(HEX, "9740051e9c5fecf64344f7a82260edcc");
+		new c_ofb4
+		    = blobcode.blob(HEX, "304c6528f659c77866a510d9c1d6ae5e");
+		new out1
+		    = blobcode.blob(HEX, "50fe67cc996d32b6da0937e99bafec60");
+		new out2
+		    = blobcode.blob(HEX, "d9a4dada0892239f6b8b3d7680e15674");
+		new out3
+		    = blobcode.blob(HEX, "a78819583f0308e7a6bf36b1386abf23");
+	}
+
+	sub vcl_recv {
+		return(synth(200));
+	}
+
+	sub vcl_synth {
+		set resp.http.cfb-ciphertext-1
+		    = blobcode.encode(HEXLC, aes_cfb.encrypt(p1.get(),
+		                                             iv=iv.get()));
+		set resp.http.cfb-plaintext-1
+		    = blobcode.encode(HEXLC, aes_cfb.decrypt(c1.get(),
+		                                             iv=iv.get()));
+		set resp.http.cfb-ciphertext-2
+		    = blobcode.encode(HEXLC, aes_cfb.encrypt(p2.get(),
+		                                             iv=c1.get()));
+		set resp.http.cfb-plaintext-2
+		    = blobcode.encode(HEXLC, aes_cfb.decrypt(c_cfb2.get(),
+		                                             iv=c1.get()));
+		set resp.http.cfb-ciphertext-3
+		    = blobcode.encode(HEXLC, aes_cfb.encrypt(p3.get(),
+		                                             iv=c_cfb2.get()));
+		set resp.http.cfb-plaintext-3
+		    = blobcode.encode(HEXLC, aes_cfb.decrypt(c_cfb3.get(),
+		                                             iv=c_cfb2.get()));
+		set resp.http.cfb-ciphertext-4
+		    = blobcode.encode(HEXLC, aes_cfb.encrypt(p4.get(),
+		                                             iv=c_cfb3.get()));
+		set resp.http.cfb-plaintext-4
+		    = blobcode.encode(HEXLC, aes_cfb.decrypt(c_cfb4.get(),
+		                                             iv=c_cfb3.get()));
+
+		set resp.http.ofb-ciphertext-1
+		    = blobcode.encode(HEXLC, aes_ofb.encrypt(p1.get(),
+		                                             iv=iv.get()));
+		set resp.http.ofb-plaintext-1
+		    = blobcode.encode(HEXLC, aes_ofb.decrypt(c1.get(),
+		                                             iv=iv.get()));
+		set resp.http.ofb-ciphertext-2
+		    = blobcode.encode(HEXLC, aes_ofb.encrypt(p2.get(),
+		                                             iv=out1.get()));
+		set resp.http.ofb-plaintext-2
+		    = blobcode.encode(HEXLC, aes_ofb.decrypt(c_ofb2.get(),
+		                                             iv=out1.get()));
+		set resp.http.ofb-ciphertext-3
+		    = blobcode.encode(HEXLC, aes_ofb.encrypt(p3.get(),
+		                                             iv=out2.get()));
+		set resp.http.ofb-plaintext-3
+		    = blobcode.encode(HEXLC, aes_ofb.decrypt(c_ofb3.get(),
+		                                             iv=out2.get()));
+		set resp.http.ofb-ciphertext-4
+		    = blobcode.encode(HEXLC, aes_ofb.encrypt(p4.get(),
+		                                             iv=out3.get()));
+		set resp.http.ofb-plaintext-4
+		    = blobcode.encode(HEXLC, aes_ofb.decrypt(c_ofb4.get(),
+		                                             iv=out3.get()));
+		return(deliver);
+	}
+}
+
+client c1 {
+	txreq
+	rxresp
+	expect resp.status == 200
+	expect resp.http.cfb-ciphertext-1 == "3b3fd92eb72dad20333449f8e83cfb4a"
+	expect resp.http.cfb-plaintext-1 == "6bc1bee22e409f96e93d7e117393172a"
+	expect resp.http.cfb-ciphertext-2 == "c8a64537a0b3a93fcde3cdad9f1ce58b"
+	expect resp.http.cfb-plaintext-2 == "ae2d8a571e03ac9c9eb76fac45af8e51"
+	expect resp.http.cfb-ciphertext-3 == "26751f67a3cbb140b1808cf187a4f4df"
+	expect resp.http.cfb-plaintext-3 == "30c81c46a35ce411e5fbc1191a0a52ef"
+	expect resp.http.cfb-ciphertext-4 == "c04b05357c5d1c0eeac4c66f9ff7f2e6"
+	expect resp.http.cfb-plaintext-4 == "f69f2445df4f9b17ad2b417be66c3710"
+
+	expect resp.http.ofb-ciphertext-1 == resp.http.cfb-ciphertext-1
+	expect resp.http.ofb-plaintext-1 == resp.http.cfb-plaintext-1
+	expect resp.http.ofb-ciphertext-2 == "7789508d16918f03f53c52dac54ed825"
+	expect resp.http.ofb-plaintext-2 == resp.http.cfb-plaintext-2
+	expect resp.http.ofb-ciphertext-3 == "9740051e9c5fecf64344f7a82260edcc"
+	expect resp.http.ofb-plaintext-3 == resp.http.cfb-plaintext-3
+	expect resp.http.ofb-ciphertext-4 == "304c6528f659c77866a510d9c1d6ae5e"
+	expect resp.http.ofb-plaintext-4 == resp.http.cfb-plaintext-4
+} -run
+
 # from check_aes128_cbc_cts_cipher() in libgcrypt tests/basic.c
 varnish v1 -vcl {
 	import blobcode;