Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / e70c7977f2db37d6228834c98306712fb30f3fd4 / . / reg-tests / converter / secure_memcmp.vtc
blob: f9341f94268b6565a369ff01aaeb461a203a2931 [file] [log] [blame]
Tim Duesterhusf38175c2020-06-09 11:48:42 +0200[diff] [blame]1varnishtest "secure_memcmp converter Test"
2
3#REQUIRE_VERSION=2.2
4#REQUIRE_OPTION=OPENSSL
5
6feature ignore_unknown_macro
7
8server s1 {
9 rxreq
10 txresp
11} -repeat 4 -start
12
13server s2 {
14 rxreq
15 txresp
16} -repeat 7 -start
17
18haproxy h1 -conf {
19 defaults
20 mode http
21 timeout connect 1s
22 timeout client 1s
23 timeout server 1s
24
25 frontend fe
26 # This frontend matches two base64 encoded values and does not need to
27 # handle null bytes.
28
29 bind "fd@${fe}"
30
31 #### requests
32 http-request set-var(txn.hash) req.hdr(hash)
33 http-request set-var(txn.raw) req.hdr(raw)
34
35 acl is_match var(txn.raw),sha1,base64,secure_memcmp(txn.hash)
36
37 http-response set-header Match true if is_match
38 http-response set-header Match false if !is_match
39
40 default_backend be
41
42 frontend fe2
43 # This frontend matches two binary values, needing to handle null
44 # bytes.
45 bind "fd@${fe2}"
46
47 #### requests
48 http-request set-var(txn.hash) req.hdr(hash),b64dec
49 http-request set-var(txn.raw) req.hdr(raw)
50
51 acl is_match var(txn.raw),sha1,secure_memcmp(txn.hash)
52
53 http-response set-header Match true if is_match
54 http-response set-header Match false if !is_match
55
56 default_backend be2
57
58 backend be
59 server s1 ${s1_addr}:${s1_port}
60
61 backend be2
62 server s2 ${s2_addr}:${s2_port}
63} -start
64
65client c1 -connect ${h1_fe_sock} {
66 txreq -url "/" \
67 -hdr "Raw: 1" \
68 -hdr "Hash: NWoZK3kTsExUV00Ywo1G5jlUKKs="
69 rxresp
70 expect resp.status == 200
71 expect resp.http.match == "true"
72 txreq -url "/" \
73 -hdr "Raw: 2" \
74 -hdr "Hash: 2kuSN7rMzfGcB2DKt67EqDWQELA="
75 rxresp
76 expect resp.status == 200
77 expect resp.http.match == "true"
78 txreq -url "/" \
79 -hdr "Raw: 2" \
80 -hdr "Hash: 2kuSN7rMzfGcB2DKt67EqDWQELX="
81 rxresp
82 expect resp.status == 200
83 expect resp.http.match == "false"
84 txreq -url "/" \
85 -hdr "Raw: 3" \
86 -hdr "Hash: 2kuSN7rMzfGcB2DKt67EqDWQELA="
87 rxresp
88 expect resp.status == 200
89 expect resp.http.match == "false"
90} -run
91
92client c2 -connect ${h1_fe2_sock} {
93 txreq -url "/" \
94 -hdr "Raw: 1" \
95 -hdr "Hash: NWoZK3kTsExUV00Ywo1G5jlUKKs="
96 rxresp
97 expect resp.status == 200
98 expect resp.http.match == "true"
99 txreq -url "/" \
100 -hdr "Raw: 2" \
101 -hdr "Hash: 2kuSN7rMzfGcB2DKt67EqDWQELA="
102 rxresp
103 expect resp.status == 200
104 expect resp.http.match == "true"
105 txreq -url "/" \
106 -hdr "Raw: 2" \
107 -hdr "Hash: 2kuSN7rMzfGcB2DKt67EqDWQELX="
108 rxresp
109 expect resp.status == 200
110 expect resp.http.match == "false"
111 txreq -url "/" \
112 -hdr "Raw: 3" \
113 -hdr "Hash: 2kuSN7rMzfGcB2DKt67EqDWQELA="
114 rxresp
115 expect resp.status == 200
116 expect resp.http.match == "false"
117
118 # Test for values with leading nullbytes.
119 txreq -url "/" \
120 -hdr "Raw: 6132845" \
121 -hdr "Hash: AAAAVaeL9nNcSok1j6sd40EEw8s="
122 rxresp
123 expect resp.status == 200
124 expect resp.http.match == "true"
125 txreq -url "/" \
126 -hdr "Raw: 49177200" \
127 -hdr "Hash: AAAA9GLglTNv2JoMv2n/w9Xadhc="
128 rxresp
129 expect resp.status == 200
130 expect resp.http.match == "true"
131 txreq -url "/" \
132 -hdr "Raw: 6132845" \
133 -hdr "Hash: AAAA9GLglTNv2JoMv2n/w9Xadhc="
134 rxresp
135 expect resp.status == 200
136 expect resp.http.match == "false"
137} -run