hreese/exim-encrypt-dlfunc
1
0
Fork 0
mirror of https://gitlab.kit.edu/kit/scc/sys/mail/exim-encrypt-dlfunc.git synced 2025-12-06 09:43:55 +01:00
Code Issues Releases Wiki Activity

Wrote decrypt tool for sodium_crypto_box_seal plus matching tests.

Browse Source 
Lots of code cleanups.
This commit is contained in:
Heiko Reese
2021-09-12 02:06:10 +02:00
parent e1968e8f8c
commit e26daf675b
7 changed files with 319 additions and 126 deletions
Download Patch File Download Diff File Expand all files Collapse all files

66
src/common.c
View File

@ -3,31 +3,83 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <stdbool.h>
#include <sodium.h>
#include "common.h"
//#define MIN_KEY_SIZE (crypto_box_SECRETKEYBYTES < crypto_box_PUBLICKEYBYTES ? crypto_box_SECRETKEYBYTES : crypto_box_PUBLICKEYBYTES)
//#define MAX_KEY_SIZE (crypto_box_SECRETKEYBYTES > crypto_box_PUBLICKEYBYTES ? crypto_box_SECRETKEYBYTES : crypto_box_PUBLICKEYBYTES)
char *read_first_line(const char *filename) {
FILE *stream;
char *cipherstring;
size_t len = 0;
ssize_t nread;
bool input_is_stdin = false;
// open file
stream = fopen(filename, "r");
if (stream == NULL) {
perror("Error opening file");
exit(EXIT_FAILURE);
// open file (use stdin for '-')
if (!strncmp(filename, "-", 1)) {
stream = stdin;
input_is_stdin = true;
} else {
stream = fopen(filename, "r");
if (stream == NULL) {
fprintf(stderr, "[ERROR] Error opening file %s\n\n", filename);
exit(EXIT_FAILURE);
}
}
nread = getline(&cipherstring, &len, stream);
if (nread == -1) {
if (nread == -1 && !feof(stream)) {
perror("getline: ");
}
fclose(stream);
if (input_is_stdin == false) {
fclose(stream);
}
// remove trailing newline
cipherstring[strcspn(cipherstring, "\r\n")] = 0;
return cipherstring;
}
char *read_password_file(const char *filename, size_t keysize, size_t *length) {
FILE *stream;
char *contents;
ssize_t nread;
bool input_is_stdin = false;
contents = malloc(keysize + 1);
sodium_memzero(contents, keysize + 1);
// open file (use stdin for '-')
if (!strncmp(filename, "-", 1)) {
stream = stdin;
input_is_stdin = true;
} else {
stream = fopen(filename, "r");
if (stream == NULL) {
fprintf(stderr, "[ERROR] Error opening file %s\n\n", filename);
exit(EXIT_FAILURE);
}
}
nread = fread(contents, sizeof(char), keysize, stream);
if (nread < 0) {
fprintf(stderr, "[ERROR] reading from %s failed\n\n", filename);
exit(EXIT_FAILURE);
} else {
*length = (size_t) nread;
}
if (input_is_stdin == false) {
fclose(stream);
}
return contents;
}
int base64_decode_string(const char *input, unsigned char **outstring, size_t *outlen) {
size_t input_len = strlen(input);
size_t outmaxlen = input_len / 4 * 3;

6
src/common.h
View File

@ -5,6 +5,10 @@
#ifndef EXIM_ENCRYPT_DLFUNC_COMMON_H
#define EXIM_ENCRYPT_DLFUNC_COMMON_H
char * read_first_line(const char *);
char *read_first_line(const char *filename);
char *read_password_file(const char *filename, size_t keysize, size_t *length);
int base64_decode_string(const char *input, unsigned char **outstring, size_t *outlen);
#endif //EXIM_ENCRYPT_DLFUNC_COMMON_H

238
src/libexim-encrypt-dlfunc-decrypt-sealedbox.c
View File

@ -1,46 +1,62 @@
#define _GNU_SOURCE
#include <stdio.h>
#include <stdbool.h>
#include <string.h>
#include <getopt.h>
#include <linux/limits.h>
#include <sodium.h>
#include <stdbool.h>
#include "common.c"
/*
#define PASSWORD_MAXLEN 1024
#define CIPHERSTRING_MAX (1024*64)
#define ENVVAR_SK_NAME "LIBEXIM_SECRETKEY"
#define ENVVAR_PK_NAME "LIBEXIM_PUBLICKEY"
void print_usage(char * progname) {
printf("Usage: %s [OPTIONS]\n\n", progname);
void print_usage(char *progname) {
printf("Usage: %s [OPTIONS] [CIPHERTEXT]\n\n", progname);
printf("Secret and public key:\n");
printf(" -s, --secret-key FILE read secret key from file FILE\n");
printf(" -p, --public-key FILE read public key from file FILE\n");
printf(" -s, --secret-key SECRETKEY Secret key (base64-encoded)\n");
printf(" -p, --public-key PUBLICKEY Public key (base64-encoded)\n");
printf(" -S, --secret-key-file FILE Read secret key (raw) from file FILE (use - for stdin)\n");
printf(" -P, --public-key-file FILE Read public key (raw) from file FILE (use - for stdin)\n");
printf("\n");
printf("The environment variables %s and %s may contain base64-encoded secret/public keys. \n", ENVVAR_SK_NAME,
ENVVAR_PK_NAME);
printf("\n");
printf("Select input:\n");
printf(" -c, --input STRING decrypt contents of STRING\n");
printf(" -f, --infile FILE decrypt contents of the first line of file FILE\n");
printf(" -f, --infile FILE Decrypt contents of the first line of file FILE (use - for stdin)\n");
printf("\n");
printf("Output:\n");
printf(" -n, --no-newline Do not append a newline to the output\n");
printf("\n");
printf("Keys in arguments and environment variables are expected to be base64 encoded (as produced by the library).\n");
printf("Keys in files need to be raw bytes with no encoding, ciphertext should always be base64-encoded.\n");
printf("\n");
}
typedef enum {
PASSWORD = 1,
SECRETKEY = 2
} decryption_mode;
typedef enum {
ARGUMENT = 1,
FROMFILE = 2
} input_source;
NONE = 0,
SK = 1,
PK = 2,
SKENV = 4,
PKENV = 8,
SKFILE = 16,
PKFILE = 32,
INFILE = 64,
INSTRING = 128
} seen_sb_args;
int main(int argc, char *argv[]) {
int opt= 0;
char password[PASSWORD_MAXLEN];
char secret_key[PATH_MAX];
char cipherstring[CIPHERSTRING_MAX];
char infile[PATH_MAX];
bool pass_from_env = false;
char *prog_basename = basename(argv[0]);
int opt = 0;
unsigned char *secretkey, *publickey;
size_t secretkey_len = 0, publickey_len = 0;
char *b64cipherstring;
unsigned char *cipherstring;
size_t cipherstring_len;
bool add_newline = true;
decryption_mode mode = 0;
input_source input = 0;
seen_sb_args publickey_mode = NONE;
seen_sb_args secretkey_mode = NONE;
seen_sb_args input = NONE;
if (sodium_init() < 0) {
fputs("Unable to initialize libsodium", stderr);
@ -49,71 +65,133 @@ int main(int argc, char *argv[]) {
// define arguments
static struct option long_options[] = {
{"password", required_argument, NULL, 'p'},
{"pass-from-env", no_argument, NULL, 'e'},
{"secret-key", required_argument, NULL, 'k'},
{"public-key", required_argument, NULL, 'k'},
{"cipherstring", required_argument, NULL, 's'},
{"infile", required_argument, NULL, 'f'}
{"secret-key", required_argument, NULL, 's'},
{"public-key", required_argument, NULL, 'p'},
{"secret-key-file", required_argument, NULL, 'S'},
{"public-key-file", required_argument, NULL, 'P'},
{"infile", required_argument, NULL, 'f'},
{"no-newline", required_argument, NULL, 'n'},
{0, 0, 0, 0}
};
// check environment for LIBEXIM_SECRETKEY variable
char *sk_env = getenv(ENVVAR_SK_NAME);
if (sk_env != NULL && strlen(sk_env) > 0) {
if (base64_decode_string(sk_env, &secretkey, &secretkey_len) != 0) {
fprintf(stderr, "[ERROR] Unable to base64-decode secret key.\n\n");
exit(EXIT_FAILURE);
}
secretkey_mode |= SKENV;
}
// check environment for LIBEXIM_PUBLICKEY variable
char *pk_env = getenv(ENVVAR_PK_NAME);
if (pk_env != NULL && strlen(pk_env) > 0) {
if (base64_decode_string(pk_env, &publickey, &publickey_len) != 0) {
fprintf(stderr, "[ERROR] Unable to base64-decode public key.\n\n");
exit(EXIT_FAILURE);
}
publickey_mode |= PKENV;
}
// parse arguments
int long_index = 0;
while ((opt = getopt_long(argc, argv,"p:ek:s:f:",
long_options, &long_index )) != -1) {
while ((opt = getopt_long(argc, argv, "s:p:S:P:f:n",
long_options, &long_index)) != -1) {
switch (opt) {
case 'p':
strncpy(password, optarg, sizeof(password)-1);
mode |= PASSWORD;
break;
case 'e':
pass_from_env = true;
mode |= PASSENV;
break;
case 'k':
strncpy(secret_key, optarg, sizeof(secret_key)-1);
mode |= SECRETKEY;
break;
case 's':
strncpy(cipherstring, optarg, sizeof(cipherstring)-1);
input |= ARGUMENT;
if (base64_decode_string(optarg, &secretkey, &secretkey_len) != 0) {
fprintf(stderr, "[ERROR] Unable to base64-decode secret key.\n\n");
exit(EXIT_FAILURE);
}
secretkey_mode |= SK;
break;
case 'p':
if (base64_decode_string(optarg, &publickey, &publickey_len) != 0) {
fprintf(stderr, "[ERROR] Unable to base64-decode public key.\n\n");
exit(EXIT_FAILURE);
}
publickey_mode |= PK;
break;
case 'S':
secretkey = (unsigned char *) read_password_file(optarg, crypto_box_SECRETKEYBYTES, &secretkey_len);
secretkey_mode |= SKFILE;
break;
case 'P':
publickey = (unsigned char *) read_password_file(optarg, crypto_box_PUBLICKEYBYTES, &publickey_len);
publickey_mode |= PKFILE;
break;
case 'f':
strncpy(infile, optarg, sizeof(infile)-1);
input |= FROMFILE;
b64cipherstring = read_first_line(optarg);
input |= INFILE;
break;
case 'n':
add_newline = false;
break;
default:
print_usage(argv[0]);
exit(EXIT_FAILURE);
}
}
// retrieve password/key
switch (mode) {
case PASSWORD:
if (pass_from_env == true) {
} else {
}
break;
case SECRETKEY:
break;
default:
printf("ERROR: Please specify a password OR a key file.\n\n");
print_usage(argv[0]);
exit(EXIT_FAILURE);
// read first non-option argument as ciphertext if present
if (optind < argc) {
size_t b64cipherstring_len = strlen(argv[optind]);
b64cipherstring = malloc(b64cipherstring_len);
sodium_memzero(b64cipherstring, b64cipherstring_len);
strncpy(b64cipherstring, argv[optind], b64cipherstring_len);
input |= INSTRING;
}
switch (input) {
case ARGUMENT:
case FROMFILE:
break;
default:
printf("ERROR: Please specify a ciphertext.\n\n");
print_usage(argv[0]);
exit(EXIT_FAILURE);
// check if a secret key was provided
if (secretkey_mode == NONE) {
fprintf(stderr, "[ERROR] Please specify a secret key.\n\n");
print_usage(prog_basename);
exit(EXIT_FAILURE);
}
// check if the secret key has the correct size
if (secretkey_len != crypto_box_SECRETKEYBYTES) {
fprintf(stderr, "[ERROR] Secret key has wrong size %zu; expected %d.\n\n", secretkey_len,
crypto_box_SECRETKEYBYTES);
exit(EXIT_FAILURE);
}
// check if a public key was provided
if (publickey_mode == NONE) {
fprintf(stderr, "[ERROR] Please specify a public key.\n\n");
print_usage(prog_basename);
exit(EXIT_FAILURE);
}
// check if the public key has the correct size
if (publickey_len != crypto_box_PUBLICKEYBYTES) {
fprintf(stderr, "[ERROR] Secret key has wrong size %zu; expected %d.\n\n", publickey_len,
crypto_box_PUBLICKEYBYTES);
exit(EXIT_FAILURE);
}
// check if a ciphertext was provided
if (input == NONE) {
fprintf(stderr, "[ERROR] Please specify a ciphertext source.\n\n");
print_usage(prog_basename);
exit(EXIT_FAILURE);
}
// base64-decode ciphertext
if (base64_decode_string(b64cipherstring, &cipherstring, &cipherstring_len) != 0) {
fprintf(stderr, "[ERROR] Unable to base64-decode ciphertext.\n\n");
exit(EXIT_FAILURE);
}
// prepare buffer for cleartext
size_t cleartext_len = cipherstring_len - crypto_box_SEALBYTES;
unsigned char *cleartext = (unsigned char *) malloc(cleartext_len + 1);
sodium_memzero(cleartext, cleartext_len + 1);
// decrypt message
if (crypto_box_seal_open(cleartext, cipherstring, cipherstring_len, publickey, secretkey) != 0) {
fprintf(stderr, "[ERROR] Unable to decrypt ciphertext.\n\n");
exit(EXIT_FAILURE);
}
// print cleartext to stdout
if (add_newline == true) {
fprintf(stdout, "%s\n", (const char *) cleartext);
} else {
fprintf(stdout, "%s", (const char *) cleartext);
}
}
*/
int main(void) { return 0; }

28
src/libexim-encrypt-dlfunc-decrypt-secretbox.c
View File

@ -9,20 +9,21 @@
#define ENVVAR_PASSWORD_NAME "LIBEXIM_PASSWORD"
void print_usage(char * progname) {
printf("Usage: %s [OPTIONS]\n\n", progname);
void print_usage(char *progname) {
printf("Usage: %s [OPTIONS] [CIPHERTEXT]\n\n", progname);
printf("Password:\n");
printf(" -p, --password PASSWORD decrypt using PASSWORD\n");
printf(" -p, --password PASSWORD Decrypt using PASSWORD\n");
printf("\n");
printf(" If the environment variable LIBEXIM_PASSWORD is set the password is read from there.\n");
printf(" Setting a password with -p/--password overwrites this mechanism.\n");
printf("\n");
printf("Select input:\n");
printf(" -c, --input STRING decrypt contents of STRING\n");
printf(" -f, --infile FILE decrypt contents of the first line of file FILE\n");
printf(" -f, --infile FILE Decrypt contents of the first line of file FILE (use - for stdin)\n");
printf("\n");
printf("Output:\n");
printf(" -n, --no-newline Do not add a newline to the output\n");
printf(" -n, --no-newline Do not append a newline to the output\n");
printf("\n");
printf("Password and ciphertext are expected to be base64-encoded (as produced by the library).\n");
printf("\n");
}
@ -52,22 +53,17 @@ int main(int argc, char *argv[]) {
}
// define arguments
const char *shortargs = "p:ef:n";
const char *shortargs = "p:f:n";
static struct option long_options[] = {
{"password", required_argument, NULL, 'p'},
{"pass-from-env", no_argument, NULL, 'e'},
{"infile", required_argument, NULL, 'f'},
{"no-newline", no_argument, NULL, 'n'},
{0, 0, 0, 0}
{"password", required_argument, NULL, 'p'},
{"infile", required_argument, NULL, 'f'},
{"no-newline", no_argument, NULL, 'n'},
{0, 0, 0, 0}
};
// check environment for LIBEXIM_PASSWORD
password_env = getenv(ENVVAR_PASSWORD_NAME);
if (password_env != NULL && strlen(password_env) > 0) {
// password_len = strlen((const char *) password_env);
// password = malloc(password_len);
// sodium_memzero(password, password_len);
// strncpy(password, password_env, password_len);
password = password_env;
password_len = strlen(password);
mode |= PASSENV;

14
src/meson.build
View File

@ -16,8 +16,14 @@ shared_library('exim-encrypt-dlfunc', 'libexim-encrypt-dlfunc.c',
dependencies : [ sodium_deps ],
install: true)
dlfunc_test = find_program('test_libexim-encrypt-dlfunc.sh')
test('libexim-encrypt-dlfunc', dlfunc_test, protocol: 'tap')
test('libexim-encrypt-dlfunc',
find_program('test_libexim-encrypt-dlfunc.sh'),
protocol: 'tap')
decrypt_secretbox_test = find_program('test_libexim-encrypt-dlfunc-decrypt-secretbox.sh')
test('decrypt-secretbox', decrypt_secretbox_test, protocol: 'tap')
test('decrypt-secretbox',
find_program('test_libexim-encrypt-dlfunc-decrypt-secretbox.sh'),
protocol: 'tap')
test('decrypt-sealedbox',
find_program('test_libexim-encrypt-dlfunc-decrypt-sealedbox.sh'),
protocol: 'tap')

46
src/test_libexim-encrypt-dlfunc-decrypt-sealedbox.sh Executable file
View File

@ -0,0 +1,46 @@
#!/bin/bash
# shellcheck disable=SC2034
# this script implements the TAP protocol (https://testanything.org)
echo 1..3
TEST_PUBLICKEY='z7+GlUWgoiXJ4VK6cdLikCF7M6Mj9i4eXNE6Jh1m9yw='
TEST_SECRETKEY='h5C/V2nzhILRmJ6UZrNK/6G8Xc4KWzLq/Qr8Xj42jus='
TEST_CLEARTEXT='There is nothing in the middle of the road but a yellow stripe and dead armadillos. ~ Jim Hightower'
TEST_CIPHERTEXT='+UgXgarCuX3dUobgt8rRnjnxPNWHpsw98GjLZy8+2m5e/v9K/acMq+0UsFW7lwAZIRqj1F55n78y73Y6XCBEVSt8G6nntV8WuDYlr1BHcBIXNr5toUbE+CxtLoGqfD3c3nw1NkJDO1NYGzK/cG43TEEBLrQJCRLRBXOZmxG6ugFo4FtYl297/B1xNtkd9IR4TY5C'
CIPHERTEXT_FILE="$(mktemp)"
TEST_PUBLICKEY_FILE="$(mktemp)"
TEST_SECRETKEY_FILE="$(mktemp)"
echo -n "${TEST_CIPHERTEXT}" > "${CIPHERTEXT_FILE}"
echo -n "${TEST_PUBLICKEY}" | base64 -d > "${TEST_PUBLICKEY_FILE}"
echo -n "${TEST_SECRETKEY}" | base64 -d > "${TEST_SECRETKEY_FILE}"
cleanup() {
rm -rf "${CIPHERTEXT_FILE}" "${TEST_PUBLICKEY_FILE}" "${TEST_SECRETKEY_FILE}"
}
trap cleanup EXIT INT TERM
export LIBEXIM_PUBLICKEY="${TEST_PUBLICKEY}"
export LIBEXIM_SECRETKEY="${TEST_SECRETKEY}"
DECRYPTED="$(src/libexim-encrypt-dlfunc-decrypt-sealedbox "${TEST_CIPHERTEXT}")"
if [ "${DECRYPTED}" == "${TEST_CLEARTEXT}" ] ; then
echo "ok 1 - decrypt commandline argument with keys from environment successful"
else
echo "not ok 1 - decrypt commandline argument with keys from environment unsuccessful"
fi
export -n LIBEXIM_PUBLICKEY LIBEXIM_SECRETKEY
DECRYPTED="$(src/libexim-encrypt-dlfunc-decrypt-sealedbox --secret-key "${TEST_SECRETKEY}" --public-key "${TEST_PUBLICKEY}" --infile "${CIPHERTEXT_FILE}")"
if [ "${DECRYPTED}" == "${TEST_CLEARTEXT}" ] ; then
echo "ok 2 - decrypt file contents with keys from commandline"
else
echo "not ok 2 - decrypt file contents with keys from commandline"
fi
DECRYPTED="$(src/libexim-encrypt-dlfunc-decrypt-sealedbox --secret-key-file "${TEST_SECRETKEY_FILE}" --public-key-file "${TEST_PUBLICKEY_FILE}" --infile - < "${CIPHERTEXT_FILE}")"
if [ "${DECRYPTED}" == "${TEST_CLEARTEXT}" ] ; then
echo "ok 3 - decrypt stdin contents with keys from files"
else
echo "not ok 3 - decrypt stdin contents with keys from files"
fi

47
src/test_libexim-encrypt-dlfunc-decrypt-secretbox.sh
View File

@ -1,46 +1,57 @@
#!/bin/bash
# shellcheck disable=SC2034
PATH=/sbin:/usr/sbin:$PATH
# this script implements the TAP protocol (https://testanything.org)
echo 1..4
echo 1..5
TEST_PASSWORD='ThisIsAPassword'
TEST_CLEARTEXT='This is my cleartext'
TEST_CIPHERTEXT01='RCHI+VukmWIsVE3eixbWIAtPPBW63nmV1ITpSBEDYXC9Y5QMBd1zmGLLhE+S9yg0sHfOF/1+wmfF7YXv'
TEST_CIPHERTEXT02='sEG09WnEKIN2nyJYGNNVo14o7wV6X9HQxW+zxAxMLX9jVdashdaoHqLXQGM8lzpJhG6629lccjzAfrq8'
TEST_PASSWORD='be6rahqu3bukee3Aengohgoopheeyis5'
TEST_CLEARTEXT='The great thing about attackers is that there are so many to choose from! - Daniel J. Bernstein'
TEST_CIPHERTEXT01='K+TOzrbkni7wydNvF1gMRwZWQPNnNIXRG9iQgkFhszBu8ImqIrAK4wWWP02UmclITi8DZbr3sg/EVWurDzAYK+pjkcDAa78glz4qXIqrPbYvEIEHPEExFzCtwi5hqOR+KF7tsqbPvdAOIqwf/2KBomX0GS1I/1CxQMrbJd1VgXc51M4hI0I8'
TEST_CIPHERTEXT02='lAod5UhfW6fQCxd4PSktnrzwyWzcw05Svio5XqPOr/p/Ts4Pr0eEjj2TgmT2K85T2xrxCiqmE/OUcODRldEWeSqBSxx0Z6PzXqOzz5ZL6Iq1tggjihMydGz9mNS4jRF9f52k5t2i7xFrMMCRrfq/rer/ngp1h3pposCds+OmX0u+1f4Urj0b'
CIPHERTEXT_FILE01="$(mktemp)"
CIPHERTEXT_FILE02="$(mktemp)"
echo -n "${TEST_CIPHERTEXT01}" > "${CIPHERTEXT_FILE01}"
echo -n "${TEST_CIPHERTEXT02}" > "${CIPHERTEXT_FILE02}"
DECRYPTED01="$(LIBEXIM_PASSWORD="${TEST_PASSWORD}" src/libexim-encrypt-dlfunc-decrypt-secretbox ${TEST_CIPHERTEXT01})"
cleanup() {
rm -rf "${CIPHERTEXT_FILE01}" "${CIPHERTEXT_FILE02}"
}
trap cleanup EXIT INT TERM
export LIBEXIM_PASSWORD="${TEST_PASSWORD}"
DECRYPTED01="$(src/libexim-encrypt-dlfunc-decrypt-secretbox ${TEST_CIPHERTEXT01})"
if [ "${DECRYPTED01}" == "${TEST_CLEARTEXT}" ] ; then
echo "ok 1 - decrypt commandline argument with password from environment successful"
else
echo "not ok 1 - decrypt commandline argument with password from environment unsuccessful"
fi
DECRYPTED02="$(LIBEXIM_PASSWORD="${TEST_PASSWORD}" src/libexim-encrypt-dlfunc-decrypt-secretbox --infile ${CIPHERTEXT_FILE01})"
DECRYPTED02="$(src/libexim-encrypt-dlfunc-decrypt-secretbox --infile ${CIPHERTEXT_FILE01})"
if [ "${DECRYPTED02}" == "${TEST_CLEARTEXT}" ] ; then
echo "ok 2 - decrypt file contents with password from environment successful"
else
echo "not ok 2 - decrypt file contents with password from environment unsuccessful"
fi
unset LIBEXIM_PASSWORD
DECRYPTED03="$(src/libexim-encrypt-dlfunc-decrypt-secretbox -p ${TEST_PASSWORD} ${TEST_CIPHERTEXT02})"
DECRYPTED03="$(echo -n ${TEST_CIPHERTEXT01} | src/libexim-encrypt-dlfunc-decrypt-secretbox --infile -)"
if [ "${DECRYPTED03}" == "${TEST_CLEARTEXT}" ] ; then
echo "ok 3 - decrypt commandline argument with password from commandline successful"
echo "ok 3 - decrypt stdin contents with password from environment successful"
else
echo "not ok 3 - decrypt commandline argument with password from commandline unsuccessful"
echo "not ok 3 - decrypt stdin file contents with password from environment unsuccessful"
fi
DECRYPTED04="$(src/libexim-encrypt-dlfunc-decrypt-secretbox -p ${TEST_PASSWORD} --infile ${CIPHERTEXT_FILE02})"
export -n LIBEXIM_PASSWORD
DECRYPTED04="$(src/libexim-encrypt-dlfunc-decrypt-secretbox -p ${TEST_PASSWORD} ${TEST_CIPHERTEXT02})"
if [ "${DECRYPTED04}" == "${TEST_CLEARTEXT}" ] ; then
echo "ok 4 - decrypt file contents with password from commandline successful"
echo "ok 4 - decrypt commandline argument with password from commandline successful"
else
echo "not ok 4 - decrypt file contents with password from commandline unsuccessful"
echo "not ok 4 - decrypt commandline argument with password from commandline unsuccessful"
fi
DECRYPTED05="$(src/libexim-encrypt-dlfunc-decrypt-secretbox -p ${TEST_PASSWORD} --infile ${CIPHERTEXT_FILE02})"
if [ "${DECRYPTED05}" == "${TEST_CLEARTEXT}" ] ; then
echo "ok 5 - decrypt file contents with password from commandline successful"
else
echo "not ok 5 - decrypt file contents with password from commandline unsuccessful"
fi