rezan · February 11, 2019 16:24
diff --git a/crypto_cookies.vtc b/crypto_cookies.vtc
 varnishtest "AES cookies"

 server s1 {
 	rxreq
 	txresp
 } -start

 varnish v1 -vcl+backend {
 	import cookieplus;
 	import crypto;

 	sub vcl_deliver {
 		# AES private key and IV (hex encoded)
 		set resp.http.key = "2c70e12b7a0646f92279f427c7b38e7334d8e5389cff167a1dc30e73f826b683";
 		set resp.http.iv = "6ac9da0cd0767f7ecf36baa1df7ec695";

 		# Init the AES cipher in crypto
 		crypto.aes_key(crypto.hex_decode(resp.http.key), crypto.hex_decode(resp.http.iv));

 		# Decrypt the encrypted c1 cookie
 		set resp.http.c1 = crypto.aes_decrypt(crypto.hex_decode(cookieplus.get("c1")));

 		# Encrypt a new cookie value c2
 		cookieplus.setcookie_add("c2", crypto.hex_encode(crypto.aes_encrypt("c2 value")));
 		cookieplus.setcookie_write();
 	}
 } -start

 client c1 {
 	txreq -hdr "Cookie: c1=ab153ebaa8c3ce3551d68f8ccca5bec2"
 	rxresp
 	expect resp.http.c1 == "c1 value"
 	expect resp.http.Set-Cookie == "c2=c77afcfdd67d1876866bfec3da466459"
 } -run
	varnishtest "AES cookies"

	server s1 {
	rxreq
	txresp
	} -start

	varnish v1 -vcl+backend {
	import cookieplus;
	import crypto;

	sub vcl_deliver {
	# AES private key and IV (hex encoded)
	set resp.http.key = "2c70e12b7a0646f92279f427c7b38e7334d8e5389cff167a1dc30e73f826b683";
	set resp.http.iv = "6ac9da0cd0767f7ecf36baa1df7ec695";

	# Init the AES cipher in crypto
	crypto.aes_key(crypto.hex_decode(resp.http.key), crypto.hex_decode(resp.http.iv));

	# Decrypt the encrypted c1 cookie
	set resp.http.c1 = crypto.aes_decrypt(crypto.hex_decode(cookieplus.get("c1")));

	# Encrypt a new cookie value c2
	cookieplus.setcookie_add("c2", crypto.hex_encode(crypto.aes_encrypt("c2 value")));
	cookieplus.setcookie_write();
	}
	} -start

	client c1 {
	txreq -hdr "Cookie: c1=ab153ebaa8c3ce3551d68f8ccca5bec2"
	rxresp
	expect resp.http.c1 == "c1 value"
	expect resp.http.Set-Cookie == "c2=c77afcfdd67d1876866bfec3da466459"
	} -run