From e26daf675bad8d762039166a3c20c75ec8454a4d Mon Sep 17 00:00:00 2001 From: Heiko Reese Date: Sun, 12 Sep 2021 02:06:10 +0200 Subject: [PATCH] Wrote decrypt tool for sodium_crypto_box_seal plus matching tests. Lots of code cleanups. --- src/common.c | 66 ++++- src/common.h | 6 +- ...libexim-encrypt-dlfunc-decrypt-sealedbox.c | 238 ++++++++++++------ ...libexim-encrypt-dlfunc-decrypt-secretbox.c | 28 +-- src/meson.build | 14 +- ...ibexim-encrypt-dlfunc-decrypt-sealedbox.sh | 46 ++++ ...ibexim-encrypt-dlfunc-decrypt-secretbox.sh | 47 ++-- 7 files changed, 319 insertions(+), 126 deletions(-) create mode 100755 src/test_libexim-encrypt-dlfunc-decrypt-sealedbox.sh diff --git a/src/common.c b/src/common.c index cd4569d..559b8cd 100644 --- a/src/common.c +++ b/src/common.c @@ -3,31 +3,83 @@ #include #include #include +#include #include #include "common.h" +//#define MIN_KEY_SIZE (crypto_box_SECRETKEYBYTES < crypto_box_PUBLICKEYBYTES ? crypto_box_SECRETKEYBYTES : crypto_box_PUBLICKEYBYTES) +//#define MAX_KEY_SIZE (crypto_box_SECRETKEYBYTES > crypto_box_PUBLICKEYBYTES ? crypto_box_SECRETKEYBYTES : crypto_box_PUBLICKEYBYTES) + char *read_first_line(const char *filename) { FILE *stream; char *cipherstring; size_t len = 0; ssize_t nread; + bool input_is_stdin = false; - // open file - stream = fopen(filename, "r"); - if (stream == NULL) { - perror("Error opening file"); - exit(EXIT_FAILURE); + // open file (use stdin for '-') + if (!strncmp(filename, "-", 1)) { + stream = stdin; + input_is_stdin = true; + } else { + stream = fopen(filename, "r"); + if (stream == NULL) { + fprintf(stderr, "[ERROR] Error opening file %s\n\n", filename); + exit(EXIT_FAILURE); + } } nread = getline(&cipherstring, &len, stream); - if (nread == -1) { + if (nread == -1 && !feof(stream)) { perror("getline: "); } - fclose(stream); + if (input_is_stdin == false) { + fclose(stream); + } + + // remove trailing newline + cipherstring[strcspn(cipherstring, "\r\n")] = 0; + return cipherstring; } +char *read_password_file(const char *filename, size_t keysize, size_t *length) { + FILE *stream; + char *contents; + ssize_t nread; + bool input_is_stdin = false; + + contents = malloc(keysize + 1); + sodium_memzero(contents, keysize + 1); + + // open file (use stdin for '-') + if (!strncmp(filename, "-", 1)) { + stream = stdin; + input_is_stdin = true; + } else { + stream = fopen(filename, "r"); + if (stream == NULL) { + fprintf(stderr, "[ERROR] Error opening file %s\n\n", filename); + exit(EXIT_FAILURE); + } + } + + nread = fread(contents, sizeof(char), keysize, stream); + + if (nread < 0) { + fprintf(stderr, "[ERROR] reading from %s failed\n\n", filename); + exit(EXIT_FAILURE); + } else { + *length = (size_t) nread; + } + + if (input_is_stdin == false) { + fclose(stream); + } + return contents; +} + int base64_decode_string(const char *input, unsigned char **outstring, size_t *outlen) { size_t input_len = strlen(input); size_t outmaxlen = input_len / 4 * 3; diff --git a/src/common.h b/src/common.h index 8987394..7e0b6ff 100644 --- a/src/common.h +++ b/src/common.h @@ -5,6 +5,10 @@ #ifndef EXIM_ENCRYPT_DLFUNC_COMMON_H #define EXIM_ENCRYPT_DLFUNC_COMMON_H -char * read_first_line(const char *); +char *read_first_line(const char *filename); + +char *read_password_file(const char *filename, size_t keysize, size_t *length); + +int base64_decode_string(const char *input, unsigned char **outstring, size_t *outlen); #endif //EXIM_ENCRYPT_DLFUNC_COMMON_H diff --git a/src/libexim-encrypt-dlfunc-decrypt-sealedbox.c b/src/libexim-encrypt-dlfunc-decrypt-sealedbox.c index 6dd0117..eb72ab8 100644 --- a/src/libexim-encrypt-dlfunc-decrypt-sealedbox.c +++ b/src/libexim-encrypt-dlfunc-decrypt-sealedbox.c @@ -1,46 +1,62 @@ +#define _GNU_SOURCE + #include -#include #include #include -#include #include +#include +#include "common.c" -/* -#define PASSWORD_MAXLEN 1024 -#define CIPHERSTRING_MAX (1024*64) +#define ENVVAR_SK_NAME "LIBEXIM_SECRETKEY" +#define ENVVAR_PK_NAME "LIBEXIM_PUBLICKEY" -void print_usage(char * progname) { - printf("Usage: %s [OPTIONS]\n\n", progname); +void print_usage(char *progname) { + printf("Usage: %s [OPTIONS] [CIPHERTEXT]\n\n", progname); printf("Secret and public key:\n"); - printf(" -s, --secret-key FILE read secret key from file FILE\n"); - printf(" -p, --public-key FILE read public key from file FILE\n"); + printf(" -s, --secret-key SECRETKEY Secret key (base64-encoded)\n"); + printf(" -p, --public-key PUBLICKEY Public key (base64-encoded)\n"); + printf(" -S, --secret-key-file FILE Read secret key (raw) from file FILE (use - for stdin)\n"); + printf(" -P, --public-key-file FILE Read public key (raw) from file FILE (use - for stdin)\n"); + printf("\n"); + printf("The environment variables %s and %s may contain base64-encoded secret/public keys. \n", ENVVAR_SK_NAME, + ENVVAR_PK_NAME); printf("\n"); printf("Select input:\n"); - printf(" -c, --input STRING decrypt contents of STRING\n"); - printf(" -f, --infile FILE decrypt contents of the first line of file FILE\n"); + printf(" -f, --infile FILE Decrypt contents of the first line of file FILE (use - for stdin)\n"); + printf("\n"); + printf("Output:\n"); + printf(" -n, --no-newline Do not append a newline to the output\n"); + printf("\n"); + printf("Keys in arguments and environment variables are expected to be base64 encoded (as produced by the library).\n"); + printf("Keys in files need to be raw bytes with no encoding, ciphertext should always be base64-encoded.\n"); printf("\n"); } typedef enum { - PASSWORD = 1, - SECRETKEY = 2 -} decryption_mode; - -typedef enum { - ARGUMENT = 1, - FROMFILE = 2 -} input_source; + NONE = 0, + SK = 1, + PK = 2, + SKENV = 4, + PKENV = 8, + SKFILE = 16, + PKFILE = 32, + INFILE = 64, + INSTRING = 128 +} seen_sb_args; int main(int argc, char *argv[]) { - int opt= 0; - char password[PASSWORD_MAXLEN]; - char secret_key[PATH_MAX]; - char cipherstring[CIPHERSTRING_MAX]; - char infile[PATH_MAX]; - bool pass_from_env = false; + char *prog_basename = basename(argv[0]); + int opt = 0; + unsigned char *secretkey, *publickey; + size_t secretkey_len = 0, publickey_len = 0; + char *b64cipherstring; + unsigned char *cipherstring; + size_t cipherstring_len; + bool add_newline = true; - decryption_mode mode = 0; - input_source input = 0; + seen_sb_args publickey_mode = NONE; + seen_sb_args secretkey_mode = NONE; + seen_sb_args input = NONE; if (sodium_init() < 0) { fputs("Unable to initialize libsodium", stderr); @@ -49,71 +65,133 @@ int main(int argc, char *argv[]) { // define arguments static struct option long_options[] = { - {"password", required_argument, NULL, 'p'}, - {"pass-from-env", no_argument, NULL, 'e'}, - {"secret-key", required_argument, NULL, 'k'}, - {"public-key", required_argument, NULL, 'k'}, - {"cipherstring", required_argument, NULL, 's'}, - {"infile", required_argument, NULL, 'f'} + {"secret-key", required_argument, NULL, 's'}, + {"public-key", required_argument, NULL, 'p'}, + {"secret-key-file", required_argument, NULL, 'S'}, + {"public-key-file", required_argument, NULL, 'P'}, + {"infile", required_argument, NULL, 'f'}, + {"no-newline", required_argument, NULL, 'n'}, + {0, 0, 0, 0} }; + // check environment for LIBEXIM_SECRETKEY variable + char *sk_env = getenv(ENVVAR_SK_NAME); + if (sk_env != NULL && strlen(sk_env) > 0) { + if (base64_decode_string(sk_env, &secretkey, &secretkey_len) != 0) { + fprintf(stderr, "[ERROR] Unable to base64-decode secret key.\n\n"); + exit(EXIT_FAILURE); + } + secretkey_mode |= SKENV; + } + + // check environment for LIBEXIM_PUBLICKEY variable + char *pk_env = getenv(ENVVAR_PK_NAME); + if (pk_env != NULL && strlen(pk_env) > 0) { + if (base64_decode_string(pk_env, &publickey, &publickey_len) != 0) { + fprintf(stderr, "[ERROR] Unable to base64-decode public key.\n\n"); + exit(EXIT_FAILURE); + } + publickey_mode |= PKENV; + } + // parse arguments int long_index = 0; - while ((opt = getopt_long(argc, argv,"p:ek:s:f:", - long_options, &long_index )) != -1) { + while ((opt = getopt_long(argc, argv, "s:p:S:P:f:n", + long_options, &long_index)) != -1) { switch (opt) { - case 'p': - strncpy(password, optarg, sizeof(password)-1); - mode |= PASSWORD; - break; - case 'e': - pass_from_env = true; - mode |= PASSENV; - break; - case 'k': - strncpy(secret_key, optarg, sizeof(secret_key)-1); - mode |= SECRETKEY; - break; case 's': - strncpy(cipherstring, optarg, sizeof(cipherstring)-1); - input |= ARGUMENT; + if (base64_decode_string(optarg, &secretkey, &secretkey_len) != 0) { + fprintf(stderr, "[ERROR] Unable to base64-decode secret key.\n\n"); + exit(EXIT_FAILURE); + } + secretkey_mode |= SK; + break; + case 'p': + if (base64_decode_string(optarg, &publickey, &publickey_len) != 0) { + fprintf(stderr, "[ERROR] Unable to base64-decode public key.\n\n"); + exit(EXIT_FAILURE); + } + publickey_mode |= PK; + break; + case 'S': + secretkey = (unsigned char *) read_password_file(optarg, crypto_box_SECRETKEYBYTES, &secretkey_len); + secretkey_mode |= SKFILE; + break; + case 'P': + publickey = (unsigned char *) read_password_file(optarg, crypto_box_PUBLICKEYBYTES, &publickey_len); + publickey_mode |= PKFILE; break; case 'f': - strncpy(infile, optarg, sizeof(infile)-1); - input |= FROMFILE; + b64cipherstring = read_first_line(optarg); + input |= INFILE; + break; + case 'n': + add_newline = false; break; - default: - print_usage(argv[0]); - exit(EXIT_FAILURE); } } - // retrieve password/key - switch (mode) { - case PASSWORD: - if (pass_from_env == true) { - - } else { - - } - break; - case SECRETKEY: - break; - default: - printf("ERROR: Please specify a password OR a key file.\n\n"); - print_usage(argv[0]); - exit(EXIT_FAILURE); + // read first non-option argument as ciphertext if present + if (optind < argc) { + size_t b64cipherstring_len = strlen(argv[optind]); + b64cipherstring = malloc(b64cipherstring_len); + sodium_memzero(b64cipherstring, b64cipherstring_len); + strncpy(b64cipherstring, argv[optind], b64cipherstring_len); + input |= INSTRING; } - switch (input) { - case ARGUMENT: - case FROMFILE: - break; - default: - printf("ERROR: Please specify a ciphertext.\n\n"); - print_usage(argv[0]); - exit(EXIT_FAILURE); + + // check if a secret key was provided + if (secretkey_mode == NONE) { + fprintf(stderr, "[ERROR] Please specify a secret key.\n\n"); + print_usage(prog_basename); + exit(EXIT_FAILURE); + } + // check if the secret key has the correct size + if (secretkey_len != crypto_box_SECRETKEYBYTES) { + fprintf(stderr, "[ERROR] Secret key has wrong size %zu; expected %d.\n\n", secretkey_len, + crypto_box_SECRETKEYBYTES); + exit(EXIT_FAILURE); + } + + // check if a public key was provided + if (publickey_mode == NONE) { + fprintf(stderr, "[ERROR] Please specify a public key.\n\n"); + print_usage(prog_basename); + exit(EXIT_FAILURE); + } + // check if the public key has the correct size + if (publickey_len != crypto_box_PUBLICKEYBYTES) { + fprintf(stderr, "[ERROR] Secret key has wrong size %zu; expected %d.\n\n", publickey_len, + crypto_box_PUBLICKEYBYTES); + exit(EXIT_FAILURE); + } + + // check if a ciphertext was provided + if (input == NONE) { + fprintf(stderr, "[ERROR] Please specify a ciphertext source.\n\n"); + print_usage(prog_basename); + exit(EXIT_FAILURE); + } + // base64-decode ciphertext + if (base64_decode_string(b64cipherstring, &cipherstring, &cipherstring_len) != 0) { + fprintf(stderr, "[ERROR] Unable to base64-decode ciphertext.\n\n"); + exit(EXIT_FAILURE); + } + // prepare buffer for cleartext + size_t cleartext_len = cipherstring_len - crypto_box_SEALBYTES; + unsigned char *cleartext = (unsigned char *) malloc(cleartext_len + 1); + sodium_memzero(cleartext, cleartext_len + 1); + + // decrypt message + if (crypto_box_seal_open(cleartext, cipherstring, cipherstring_len, publickey, secretkey) != 0) { + fprintf(stderr, "[ERROR] Unable to decrypt ciphertext.\n\n"); + exit(EXIT_FAILURE); + } + + // print cleartext to stdout + if (add_newline == true) { + fprintf(stdout, "%s\n", (const char *) cleartext); + } else { + fprintf(stdout, "%s", (const char *) cleartext); } } -*/ - -int main(void) { return 0; } \ No newline at end of file diff --git a/src/libexim-encrypt-dlfunc-decrypt-secretbox.c b/src/libexim-encrypt-dlfunc-decrypt-secretbox.c index 00da0ee..ebcc57c 100644 --- a/src/libexim-encrypt-dlfunc-decrypt-secretbox.c +++ b/src/libexim-encrypt-dlfunc-decrypt-secretbox.c @@ -9,20 +9,21 @@ #define ENVVAR_PASSWORD_NAME "LIBEXIM_PASSWORD" -void print_usage(char * progname) { - printf("Usage: %s [OPTIONS]\n\n", progname); +void print_usage(char *progname) { + printf("Usage: %s [OPTIONS] [CIPHERTEXT]\n\n", progname); printf("Password:\n"); - printf(" -p, --password PASSWORD decrypt using PASSWORD\n"); + printf(" -p, --password PASSWORD Decrypt using PASSWORD\n"); printf("\n"); printf(" If the environment variable LIBEXIM_PASSWORD is set the password is read from there.\n"); printf(" Setting a password with -p/--password overwrites this mechanism.\n"); printf("\n"); printf("Select input:\n"); - printf(" -c, --input STRING decrypt contents of STRING\n"); - printf(" -f, --infile FILE decrypt contents of the first line of file FILE\n"); + printf(" -f, --infile FILE Decrypt contents of the first line of file FILE (use - for stdin)\n"); printf("\n"); printf("Output:\n"); - printf(" -n, --no-newline Do not add a newline to the output\n"); + printf(" -n, --no-newline Do not append a newline to the output\n"); + printf("\n"); + printf("Password and ciphertext are expected to be base64-encoded (as produced by the library).\n"); printf("\n"); } @@ -52,22 +53,17 @@ int main(int argc, char *argv[]) { } // define arguments - const char *shortargs = "p:ef:n"; + const char *shortargs = "p:f:n"; static struct option long_options[] = { - {"password", required_argument, NULL, 'p'}, - {"pass-from-env", no_argument, NULL, 'e'}, - {"infile", required_argument, NULL, 'f'}, - {"no-newline", no_argument, NULL, 'n'}, - {0, 0, 0, 0} + {"password", required_argument, NULL, 'p'}, + {"infile", required_argument, NULL, 'f'}, + {"no-newline", no_argument, NULL, 'n'}, + {0, 0, 0, 0} }; // check environment for LIBEXIM_PASSWORD password_env = getenv(ENVVAR_PASSWORD_NAME); if (password_env != NULL && strlen(password_env) > 0) { -// password_len = strlen((const char *) password_env); -// password = malloc(password_len); -// sodium_memzero(password, password_len); -// strncpy(password, password_env, password_len); password = password_env; password_len = strlen(password); mode |= PASSENV; diff --git a/src/meson.build b/src/meson.build index 57b39ce..58fa10d 100644 --- a/src/meson.build +++ b/src/meson.build @@ -16,8 +16,14 @@ shared_library('exim-encrypt-dlfunc', 'libexim-encrypt-dlfunc.c', dependencies : [ sodium_deps ], install: true) -dlfunc_test = find_program('test_libexim-encrypt-dlfunc.sh') -test('libexim-encrypt-dlfunc', dlfunc_test, protocol: 'tap') +test('libexim-encrypt-dlfunc', + find_program('test_libexim-encrypt-dlfunc.sh'), + protocol: 'tap') -decrypt_secretbox_test = find_program('test_libexim-encrypt-dlfunc-decrypt-secretbox.sh') -test('decrypt-secretbox', decrypt_secretbox_test, protocol: 'tap') \ No newline at end of file +test('decrypt-secretbox', + find_program('test_libexim-encrypt-dlfunc-decrypt-secretbox.sh'), + protocol: 'tap') + +test('decrypt-sealedbox', + find_program('test_libexim-encrypt-dlfunc-decrypt-sealedbox.sh'), + protocol: 'tap') \ No newline at end of file diff --git a/src/test_libexim-encrypt-dlfunc-decrypt-sealedbox.sh b/src/test_libexim-encrypt-dlfunc-decrypt-sealedbox.sh new file mode 100755 index 0000000..b9aa055 --- /dev/null +++ b/src/test_libexim-encrypt-dlfunc-decrypt-sealedbox.sh @@ -0,0 +1,46 @@ +#!/bin/bash +# shellcheck disable=SC2034 +# this script implements the TAP protocol (https://testanything.org) +echo 1..3 + +TEST_PUBLICKEY='z7+GlUWgoiXJ4VK6cdLikCF7M6Mj9i4eXNE6Jh1m9yw=' +TEST_SECRETKEY='h5C/V2nzhILRmJ6UZrNK/6G8Xc4KWzLq/Qr8Xj42jus=' +TEST_CLEARTEXT='There is nothing in the middle of the road but a yellow stripe and dead armadillos. ~ Jim Hightower' +TEST_CIPHERTEXT='+UgXgarCuX3dUobgt8rRnjnxPNWHpsw98GjLZy8+2m5e/v9K/acMq+0UsFW7lwAZIRqj1F55n78y73Y6XCBEVSt8G6nntV8WuDYlr1BHcBIXNr5toUbE+CxtLoGqfD3c3nw1NkJDO1NYGzK/cG43TEEBLrQJCRLRBXOZmxG6ugFo4FtYl297/B1xNtkd9IR4TY5C' +CIPHERTEXT_FILE="$(mktemp)" +TEST_PUBLICKEY_FILE="$(mktemp)" +TEST_SECRETKEY_FILE="$(mktemp)" +echo -n "${TEST_CIPHERTEXT}" > "${CIPHERTEXT_FILE}" +echo -n "${TEST_PUBLICKEY}" | base64 -d > "${TEST_PUBLICKEY_FILE}" +echo -n "${TEST_SECRETKEY}" | base64 -d > "${TEST_SECRETKEY_FILE}" + +cleanup() { + rm -rf "${CIPHERTEXT_FILE}" "${TEST_PUBLICKEY_FILE}" "${TEST_SECRETKEY_FILE}" +} +trap cleanup EXIT INT TERM + +export LIBEXIM_PUBLICKEY="${TEST_PUBLICKEY}" +export LIBEXIM_SECRETKEY="${TEST_SECRETKEY}" + +DECRYPTED="$(src/libexim-encrypt-dlfunc-decrypt-sealedbox "${TEST_CIPHERTEXT}")" +if [ "${DECRYPTED}" == "${TEST_CLEARTEXT}" ] ; then + echo "ok 1 - decrypt commandline argument with keys from environment successful" +else + echo "not ok 1 - decrypt commandline argument with keys from environment unsuccessful" +fi + +export -n LIBEXIM_PUBLICKEY LIBEXIM_SECRETKEY + +DECRYPTED="$(src/libexim-encrypt-dlfunc-decrypt-sealedbox --secret-key "${TEST_SECRETKEY}" --public-key "${TEST_PUBLICKEY}" --infile "${CIPHERTEXT_FILE}")" +if [ "${DECRYPTED}" == "${TEST_CLEARTEXT}" ] ; then + echo "ok 2 - decrypt file contents with keys from commandline" +else + echo "not ok 2 - decrypt file contents with keys from commandline" +fi + +DECRYPTED="$(src/libexim-encrypt-dlfunc-decrypt-sealedbox --secret-key-file "${TEST_SECRETKEY_FILE}" --public-key-file "${TEST_PUBLICKEY_FILE}" --infile - < "${CIPHERTEXT_FILE}")" +if [ "${DECRYPTED}" == "${TEST_CLEARTEXT}" ] ; then + echo "ok 3 - decrypt stdin contents with keys from files" +else + echo "not ok 3 - decrypt stdin contents with keys from files" +fi diff --git a/src/test_libexim-encrypt-dlfunc-decrypt-secretbox.sh b/src/test_libexim-encrypt-dlfunc-decrypt-secretbox.sh index 6ec3c48..ac675ed 100755 --- a/src/test_libexim-encrypt-dlfunc-decrypt-secretbox.sh +++ b/src/test_libexim-encrypt-dlfunc-decrypt-secretbox.sh @@ -1,46 +1,57 @@ #!/bin/bash # shellcheck disable=SC2034 - -PATH=/sbin:/usr/sbin:$PATH - # this script implements the TAP protocol (https://testanything.org) -echo 1..4 +echo 1..5 -TEST_PASSWORD='ThisIsAPassword' -TEST_CLEARTEXT='This is my cleartext' -TEST_CIPHERTEXT01='RCHI+VukmWIsVE3eixbWIAtPPBW63nmV1ITpSBEDYXC9Y5QMBd1zmGLLhE+S9yg0sHfOF/1+wmfF7YXv' -TEST_CIPHERTEXT02='sEG09WnEKIN2nyJYGNNVo14o7wV6X9HQxW+zxAxMLX9jVdashdaoHqLXQGM8lzpJhG6629lccjzAfrq8' +TEST_PASSWORD='be6rahqu3bukee3Aengohgoopheeyis5' +TEST_CLEARTEXT='The great thing about attackers is that there are so many to choose from! - Daniel J. Bernstein' +TEST_CIPHERTEXT01='K+TOzrbkni7wydNvF1gMRwZWQPNnNIXRG9iQgkFhszBu8ImqIrAK4wWWP02UmclITi8DZbr3sg/EVWurDzAYK+pjkcDAa78glz4qXIqrPbYvEIEHPEExFzCtwi5hqOR+KF7tsqbPvdAOIqwf/2KBomX0GS1I/1CxQMrbJd1VgXc51M4hI0I8' +TEST_CIPHERTEXT02='lAod5UhfW6fQCxd4PSktnrzwyWzcw05Svio5XqPOr/p/Ts4Pr0eEjj2TgmT2K85T2xrxCiqmE/OUcODRldEWeSqBSxx0Z6PzXqOzz5ZL6Iq1tggjihMydGz9mNS4jRF9f52k5t2i7xFrMMCRrfq/rer/ngp1h3pposCds+OmX0u+1f4Urj0b' CIPHERTEXT_FILE01="$(mktemp)" CIPHERTEXT_FILE02="$(mktemp)" echo -n "${TEST_CIPHERTEXT01}" > "${CIPHERTEXT_FILE01}" echo -n "${TEST_CIPHERTEXT02}" > "${CIPHERTEXT_FILE02}" -DECRYPTED01="$(LIBEXIM_PASSWORD="${TEST_PASSWORD}" src/libexim-encrypt-dlfunc-decrypt-secretbox ${TEST_CIPHERTEXT01})" +cleanup() { + rm -rf "${CIPHERTEXT_FILE01}" "${CIPHERTEXT_FILE02}" +} +trap cleanup EXIT INT TERM + +export LIBEXIM_PASSWORD="${TEST_PASSWORD}" + +DECRYPTED01="$(src/libexim-encrypt-dlfunc-decrypt-secretbox ${TEST_CIPHERTEXT01})" if [ "${DECRYPTED01}" == "${TEST_CLEARTEXT}" ] ; then echo "ok 1 - decrypt commandline argument with password from environment successful" else echo "not ok 1 - decrypt commandline argument with password from environment unsuccessful" fi -DECRYPTED02="$(LIBEXIM_PASSWORD="${TEST_PASSWORD}" src/libexim-encrypt-dlfunc-decrypt-secretbox --infile ${CIPHERTEXT_FILE01})" +DECRYPTED02="$(src/libexim-encrypt-dlfunc-decrypt-secretbox --infile ${CIPHERTEXT_FILE01})" if [ "${DECRYPTED02}" == "${TEST_CLEARTEXT}" ] ; then echo "ok 2 - decrypt file contents with password from environment successful" else echo "not ok 2 - decrypt file contents with password from environment unsuccessful" fi -unset LIBEXIM_PASSWORD - -DECRYPTED03="$(src/libexim-encrypt-dlfunc-decrypt-secretbox -p ${TEST_PASSWORD} ${TEST_CIPHERTEXT02})" +DECRYPTED03="$(echo -n ${TEST_CIPHERTEXT01} | src/libexim-encrypt-dlfunc-decrypt-secretbox --infile -)" if [ "${DECRYPTED03}" == "${TEST_CLEARTEXT}" ] ; then - echo "ok 3 - decrypt commandline argument with password from commandline successful" + echo "ok 3 - decrypt stdin contents with password from environment successful" else - echo "not ok 3 - decrypt commandline argument with password from commandline unsuccessful" + echo "not ok 3 - decrypt stdin file contents with password from environment unsuccessful" fi -DECRYPTED04="$(src/libexim-encrypt-dlfunc-decrypt-secretbox -p ${TEST_PASSWORD} --infile ${CIPHERTEXT_FILE02})" +export -n LIBEXIM_PASSWORD + +DECRYPTED04="$(src/libexim-encrypt-dlfunc-decrypt-secretbox -p ${TEST_PASSWORD} ${TEST_CIPHERTEXT02})" if [ "${DECRYPTED04}" == "${TEST_CLEARTEXT}" ] ; then - echo "ok 4 - decrypt file contents with password from commandline successful" + echo "ok 4 - decrypt commandline argument with password from commandline successful" else - echo "not ok 4 - decrypt file contents with password from commandline unsuccessful" + echo "not ok 4 - decrypt commandline argument with password from commandline unsuccessful" +fi + +DECRYPTED05="$(src/libexim-encrypt-dlfunc-decrypt-secretbox -p ${TEST_PASSWORD} --infile ${CIPHERTEXT_FILE02})" +if [ "${DECRYPTED05}" == "${TEST_CLEARTEXT}" ] ; then + echo "ok 5 - decrypt file contents with password from commandline successful" +else + echo "not ok 5 - decrypt file contents with password from commandline unsuccessful" fi