blob: 6ff74e6e45a1cd327edd88d480320de1a7fd7573 [file] [log] [blame]
Tim Duesterhusf38175c2020-06-09 11:48:42 +02001varnishtest "secure_memcmp converter Test"
2
3#REQUIRE_VERSION=2.2
4#REQUIRE_OPTION=OPENSSL
5
6feature ignore_unknown_macro
7
8server s1 {
9 rxreq
Christopher Faulet0dc70ab2022-03-01 11:03:00 +010010 txresp -hdr "Connection: close"
Tim Duesterhusf38175c2020-06-09 11:48:42 +020011} -repeat 4 -start
12
13server s2 {
14 rxreq
Christopher Faulet0dc70ab2022-03-01 11:03:00 +010015 txresp -hdr "Connection: close"
Tim Duesterhusf38175c2020-06-09 11:48:42 +020016} -repeat 7 -start
17
18haproxy h1 -conf {
Willy Tarreaue1465c12021-05-09 14:41:41 +020019 global
20 # WT: limit false-positives causing "HTTP header incomplete" due to
21 # idle server connections being randomly used and randomly expiring
22 # under us.
23 tune.idle-pool.shared off
24
Tim Duesterhusf38175c2020-06-09 11:48:42 +020025 defaults
26 mode http
Willy Tarreauf6739232021-11-18 17:46:22 +010027 timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
28 timeout client "${HAPROXY_TEST_TIMEOUT-5s}"
29 timeout server "${HAPROXY_TEST_TIMEOUT-5s}"
Tim Duesterhusf38175c2020-06-09 11:48:42 +020030
31 frontend fe
32 # This frontend matches two base64 encoded values and does not need to
33 # handle null bytes.
34
35 bind "fd@${fe}"
36
37 #### requests
38 http-request set-var(txn.hash) req.hdr(hash)
39 http-request set-var(txn.raw) req.hdr(raw)
40
41 acl is_match var(txn.raw),sha1,base64,secure_memcmp(txn.hash)
42
43 http-response set-header Match true if is_match
44 http-response set-header Match false if !is_match
45
46 default_backend be
47
48 frontend fe2
49 # This frontend matches two binary values, needing to handle null
50 # bytes.
51 bind "fd@${fe2}"
52
53 #### requests
54 http-request set-var(txn.hash) req.hdr(hash),b64dec
55 http-request set-var(txn.raw) req.hdr(raw)
56
57 acl is_match var(txn.raw),sha1,secure_memcmp(txn.hash)
58
59 http-response set-header Match true if is_match
60 http-response set-header Match false if !is_match
61
62 default_backend be2
63
64 backend be
65 server s1 ${s1_addr}:${s1_port}
66
67 backend be2
68 server s2 ${s2_addr}:${s2_port}
69} -start
70
71client c1 -connect ${h1_fe_sock} {
72 txreq -url "/" \
73 -hdr "Raw: 1" \
74 -hdr "Hash: NWoZK3kTsExUV00Ywo1G5jlUKKs="
75 rxresp
76 expect resp.status == 200
77 expect resp.http.match == "true"
78 txreq -url "/" \
79 -hdr "Raw: 2" \
80 -hdr "Hash: 2kuSN7rMzfGcB2DKt67EqDWQELA="
81 rxresp
82 expect resp.status == 200
83 expect resp.http.match == "true"
84 txreq -url "/" \
85 -hdr "Raw: 2" \
86 -hdr "Hash: 2kuSN7rMzfGcB2DKt67EqDWQELX="
87 rxresp
88 expect resp.status == 200
89 expect resp.http.match == "false"
90 txreq -url "/" \
91 -hdr "Raw: 3" \
92 -hdr "Hash: 2kuSN7rMzfGcB2DKt67EqDWQELA="
93 rxresp
94 expect resp.status == 200
95 expect resp.http.match == "false"
96} -run
97
98client c2 -connect ${h1_fe2_sock} {
99 txreq -url "/" \
100 -hdr "Raw: 1" \
101 -hdr "Hash: NWoZK3kTsExUV00Ywo1G5jlUKKs="
102 rxresp
103 expect resp.status == 200
104 expect resp.http.match == "true"
105 txreq -url "/" \
106 -hdr "Raw: 2" \
107 -hdr "Hash: 2kuSN7rMzfGcB2DKt67EqDWQELA="
108 rxresp
109 expect resp.status == 200
110 expect resp.http.match == "true"
111 txreq -url "/" \
112 -hdr "Raw: 2" \
113 -hdr "Hash: 2kuSN7rMzfGcB2DKt67EqDWQELX="
114 rxresp
115 expect resp.status == 200
116 expect resp.http.match == "false"
117 txreq -url "/" \
118 -hdr "Raw: 3" \
119 -hdr "Hash: 2kuSN7rMzfGcB2DKt67EqDWQELA="
120 rxresp
121 expect resp.status == 200
122 expect resp.http.match == "false"
123
124 # Test for values with leading nullbytes.
125 txreq -url "/" \
126 -hdr "Raw: 6132845" \
127 -hdr "Hash: AAAAVaeL9nNcSok1j6sd40EEw8s="
128 rxresp
129 expect resp.status == 200
130 expect resp.http.match == "true"
131 txreq -url "/" \
132 -hdr "Raw: 49177200" \
133 -hdr "Hash: AAAA9GLglTNv2JoMv2n/w9Xadhc="
134 rxresp
135 expect resp.status == 200
136 expect resp.http.match == "true"
137 txreq -url "/" \
138 -hdr "Raw: 6132845" \
139 -hdr "Hash: AAAA9GLglTNv2JoMv2n/w9Xadhc="
140 rxresp
141 expect resp.status == 200
142 expect resp.http.match == "false"
143} -run