Wrote decrypt tool for sodium_crypto_box_seal plus matching tests.

Lots of code cleanups.
2025-12-06 10:13:56 +01:00 · 2021-09-12 02:06:10 +02:00
parent e1968e8f8c
commit e26daf675b
7 changed files with 319 additions and 126 deletions
--- a/src/libexim-encrypt-dlfunc-decrypt-secretbox.c
+++ b/src/libexim-encrypt-dlfunc-decrypt-secretbox.c
@ -9,20 +9,21 @@

 #define ENVVAR_PASSWORD_NAME "LIBEXIM_PASSWORD"

-void print_usage(char * progname) {
-    printf("Usage: %s [OPTIONS]\n\n", progname);
+void print_usage(char *progname) {
+    printf("Usage: %s [OPTIONS] [CIPHERTEXT]\n\n", progname);
    printf("Password:\n");
-    printf("  -p, --password PASSWORD    decrypt using PASSWORD\n");
+    printf("  -p, --password PASSWORD   Decrypt using PASSWORD\n");
    printf("\n");
    printf("  If the environment variable LIBEXIM_PASSWORD is set the password is read from there.\n");
    printf("  Setting a password with -p/--password overwrites this mechanism.\n");
    printf("\n");
    printf("Select input:\n");
-    printf("  -c, --input STRING         decrypt contents of STRING\n");
-    printf("  -f, --infile FILE          decrypt contents of the first line of file FILE\n");
+    printf("  -f, --infile FILE         Decrypt contents of the first line of file FILE (use - for stdin)\n");
    printf("\n");
    printf("Output:\n");
-    printf("  -n, --no-newline           Do not add a newline to the output\n");
+    printf("  -n, --no-newline          Do not append a newline to the output\n");
+    printf("\n");
+    printf("Password and ciphertext are expected to be base64-encoded (as produced by the library).\n");
    printf("\n");
 }

@ -52,22 +53,17 @@ int main(int argc, char *argv[]) {
    }

    // define arguments
-    const char *shortargs = "p:ef:n";
+    const char *shortargs = "p:f:n";
    static struct option long_options[] = {
-            {"password",      required_argument, NULL, 'p'},
-            {"pass-from-env", no_argument,       NULL, 'e'},
-            {"infile",        required_argument, NULL, 'f'},
-            {"no-newline",    no_argument,       NULL, 'n'},
-            {0,               0,                 0,    0}
+            {"password",   required_argument, NULL, 'p'},
+            {"infile",     required_argument, NULL, 'f'},
+            {"no-newline", no_argument,       NULL, 'n'},
+            {0,            0,                 0,    0}
    };

    // check environment for LIBEXIM_PASSWORD
    password_env = getenv(ENVVAR_PASSWORD_NAME);
    if (password_env != NULL && strlen(password_env) > 0) {
-//        password_len = strlen((const char *) password_env);
-//        password = malloc(password_len);
-//        sodium_memzero(password, password_len);
-//        strncpy(password, password_env, password_len);
        password = password_env;
        password_len = strlen(password);
        mode |= PASSENV;