hreese/exim-encrypt-dlfunc
1
0
Fork 0
mirror of https://gitlab.kit.edu/kit/scc/sys/mail/exim-encrypt-dlfunc.git synced 2025-12-06 08:33:56 +01:00
Code Issues Releases Wiki Activity

Wrote decrypt tool for sodium_crypto_box_seal plus matching tests.

Browse Source 
Lots of code cleanups.
This commit is contained in:
Heiko Reese
2021-09-12 02:06:10 +02:00
parent e1968e8f8c
commit e26daf675b
7 changed files with 319 additions and 126 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
src/common.c
View File

@ -3,31 +3,83 @@
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
#include <stdbool.h>
#include <sodium.h> #include <sodium.h>
#include "common.h" #include "common.h"
//#define MIN_KEY_SIZE (crypto_box_SECRETKEYBYTES < crypto_box_PUBLICKEYBYTES ? crypto_box_SECRETKEYBYTES : crypto_box_PUBLICKEYBYTES)
//#define MAX_KEY_SIZE (crypto_box_SECRETKEYBYTES > crypto_box_PUBLICKEYBYTES ? crypto_box_SECRETKEYBYTES : crypto_box_PUBLICKEYBYTES)
char *read_first_line(const char *filename) { char *read_first_line(const char *filename) {
FILE *stream; FILE *stream;
char *cipherstring; char *cipherstring;
size_t len = 0; size_t len = 0;
ssize_t nread; ssize_t nread;
bool input_is_stdin = false;
// open file // open file (use stdin for '-')
if (!strncmp(filename, "-", 1)) {
stream = stdin;
input_is_stdin = true;
} else {
stream = fopen(filename, "r"); stream = fopen(filename, "r");
if (stream == NULL) { if (stream == NULL) {
perror("Error opening file"); fprintf(stderr, "[ERROR] Error opening file %s\n\n", filename);
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
}
nread = getline(&cipherstring, &len, stream); nread = getline(&cipherstring, &len, stream);
if (nread == -1) { if (nread == -1 && !feof(stream)) {
perror("getline: "); perror("getline: ");
} }
if (input_is_stdin == false) {
fclose(stream); fclose(stream);
}
// remove trailing newline
cipherstring[strcspn(cipherstring, "\r\n")] = 0;
return cipherstring; return cipherstring;
} }
char *read_password_file(const char *filename, size_t keysize, size_t *length) {
FILE *stream;
char *contents;
ssize_t nread;
bool input_is_stdin = false;
contents = malloc(keysize + 1);
sodium_memzero(contents, keysize + 1);
// open file (use stdin for '-')
if (!strncmp(filename, "-", 1)) {
stream = stdin;
input_is_stdin = true;
} else {
stream = fopen(filename, "r");
if (stream == NULL) {
fprintf(stderr, "[ERROR] Error opening file %s\n\n", filename);
exit(EXIT_FAILURE);
}
}
nread = fread(contents, sizeof(char), keysize, stream);
if (nread < 0) {
fprintf(stderr, "[ERROR] reading from %s failed\n\n", filename);
exit(EXIT_FAILURE);
} else {
*length = (size_t) nread;
}
if (input_is_stdin == false) {
fclose(stream);
}
return contents;
}
int base64_decode_string(const char *input, unsigned char **outstring, size_t *outlen) { int base64_decode_string(const char *input, unsigned char **outstring, size_t *outlen) {
size_t input_len = strlen(input); size_t input_len = strlen(input);
size_t outmaxlen = input_len / 4 * 3; size_t outmaxlen = input_len / 4 * 3;

6
src/common.h
View File

@ -5,6 +5,10 @@
#ifndef EXIM_ENCRYPT_DLFUNC_COMMON_H #ifndef EXIM_ENCRYPT_DLFUNC_COMMON_H
#define EXIM_ENCRYPT_DLFUNC_COMMON_H #define EXIM_ENCRYPT_DLFUNC_COMMON_H
char * read_first_line(const char *); char *read_first_line(const char *filename);
char *read_password_file(const char *filename, size_t keysize, size_t *length);
int base64_decode_string(const char *input, unsigned char **outstring, size_t *outlen);
#endif //EXIM_ENCRYPT_DLFUNC_COMMON_H #endif //EXIM_ENCRYPT_DLFUNC_COMMON_H

228
src/libexim-encrypt-dlfunc-decrypt-sealedbox.c
View File

@ -1,46 +1,62 @@
#define _GNU_SOURCE
#include <stdio.h> #include <stdio.h>
#include <stdbool.h>
#include <string.h> #include <string.h>
#include <getopt.h> #include <getopt.h>
#include <linux/limits.h>
#include <sodium.h> #include <sodium.h>
#include <stdbool.h>
#include "common.c"
/* #define ENVVAR_SK_NAME "LIBEXIM_SECRETKEY"
#define PASSWORD_MAXLEN 1024 #define ENVVAR_PK_NAME "LIBEXIM_PUBLICKEY"
#define CIPHERSTRING_MAX (1024*64)
void print_usage(char *progname) { void print_usage(char *progname) {
printf("Usage: %s [OPTIONS]\n\n", progname); printf("Usage: %s [OPTIONS] [CIPHERTEXT]\n\n", progname);
printf("Secret and public key:\n"); printf("Secret and public key:\n");
printf(" -s, --secret-key FILE read secret key from file FILE\n"); printf(" -s, --secret-key SECRETKEY Secret key (base64-encoded)\n");
printf(" -p, --public-key FILE read public key from file FILE\n"); printf(" -p, --public-key PUBLICKEY Public key (base64-encoded)\n");
printf(" -S, --secret-key-file FILE Read secret key (raw) from file FILE (use - for stdin)\n");
printf(" -P, --public-key-file FILE Read public key (raw) from file FILE (use - for stdin)\n");
printf("\n");
printf("The environment variables %s and %s may contain base64-encoded secret/public keys. \n", ENVVAR_SK_NAME,
ENVVAR_PK_NAME);
printf("\n"); printf("\n");
printf("Select input:\n"); printf("Select input:\n");
printf(" -c, --input STRING decrypt contents of STRING\n"); printf(" -f, --infile FILE Decrypt contents of the first line of file FILE (use - for stdin)\n");
printf(" -f, --infile FILE decrypt contents of the first line of file FILE\n"); printf("\n");
printf("Output:\n");
printf(" -n, --no-newline Do not append a newline to the output\n");
printf("\n");
printf("Keys in arguments and environment variables are expected to be base64 encoded (as produced by the library).\n");
printf("Keys in files need to be raw bytes with no encoding, ciphertext should always be base64-encoded.\n");
printf("\n"); printf("\n");
} }
typedef enum { typedef enum {
PASSWORD = 1, NONE = 0,
SECRETKEY = 2 SK = 1,
} decryption_mode; PK = 2,
SKENV = 4,
typedef enum { PKENV = 8,
ARGUMENT = 1, SKFILE = 16,
FROMFILE = 2 PKFILE = 32,
} input_source; INFILE = 64,
INSTRING = 128
} seen_sb_args;
int main(int argc, char *argv[]) { int main(int argc, char *argv[]) {
char *prog_basename = basename(argv[0]);
int opt = 0; int opt = 0;
char password[PASSWORD_MAXLEN]; unsigned char *secretkey, *publickey;
char secret_key[PATH_MAX]; size_t secretkey_len = 0, publickey_len = 0;
char cipherstring[CIPHERSTRING_MAX]; char *b64cipherstring;
char infile[PATH_MAX]; unsigned char *cipherstring;
bool pass_from_env = false; size_t cipherstring_len;
bool add_newline = true;
decryption_mode mode = 0; seen_sb_args publickey_mode = NONE;
input_source input = 0; seen_sb_args secretkey_mode = NONE;
seen_sb_args input = NONE;
if (sodium_init() < 0) { if (sodium_init() < 0) {
fputs("Unable to initialize libsodium", stderr); fputs("Unable to initialize libsodium", stderr);
@ -49,71 +65,133 @@ int main(int argc, char *argv[]) {
// define arguments // define arguments
static struct option long_options[] = { static struct option long_options[] = {
{"password", required_argument, NULL, 'p'}, {"secret-key", required_argument, NULL, 's'},
{"pass-from-env", no_argument, NULL, 'e'}, {"public-key", required_argument, NULL, 'p'},
{"secret-key", required_argument, NULL, 'k'}, {"secret-key-file", required_argument, NULL, 'S'},
{"public-key", required_argument, NULL, 'k'}, {"public-key-file", required_argument, NULL, 'P'},
{"cipherstring", required_argument, NULL, 's'}, {"infile", required_argument, NULL, 'f'},
{"infile", required_argument, NULL, 'f'} {"no-newline", required_argument, NULL, 'n'},
{0, 0, 0, 0}
}; };
// check environment for LIBEXIM_SECRETKEY variable
char *sk_env = getenv(ENVVAR_SK_NAME);
if (sk_env != NULL && strlen(sk_env) > 0) {
if (base64_decode_string(sk_env, &secretkey, &secretkey_len) != 0) {
fprintf(stderr, "[ERROR] Unable to base64-decode secret key.\n\n");
exit(EXIT_FAILURE);
}
secretkey_mode |= SKENV;
}
// check environment for LIBEXIM_PUBLICKEY variable
char *pk_env = getenv(ENVVAR_PK_NAME);
if (pk_env != NULL && strlen(pk_env) > 0) {
if (base64_decode_string(pk_env, &publickey, &publickey_len) != 0) {
fprintf(stderr, "[ERROR] Unable to base64-decode public key.\n\n");
exit(EXIT_FAILURE);
}
publickey_mode |= PKENV;
}
// parse arguments // parse arguments
int long_index = 0; int long_index = 0;
while ((opt = getopt_long(argc, argv,"p:ek:s:f:", while ((opt = getopt_long(argc, argv, "s:p:S:P:f:n",
long_options, &long_index)) != -1) { long_options, &long_index)) != -1) {
switch (opt) { switch (opt) {
case 'p':
strncpy(password, optarg, sizeof(password)-1);
mode |= PASSWORD;
break;
case 'e':
pass_from_env = true;
mode |= PASSENV;
break;
case 'k':
strncpy(secret_key, optarg, sizeof(secret_key)-1);
mode |= SECRETKEY;
break;
case 's': case 's':
strncpy(cipherstring, optarg, sizeof(cipherstring)-1); if (base64_decode_string(optarg, &secretkey, &secretkey_len) != 0) {
input |= ARGUMENT; fprintf(stderr, "[ERROR] Unable to base64-decode secret key.\n\n");
exit(EXIT_FAILURE);
}
secretkey_mode |= SK;
break;
case 'p':
if (base64_decode_string(optarg, &publickey, &publickey_len) != 0) {
fprintf(stderr, "[ERROR] Unable to base64-decode public key.\n\n");
exit(EXIT_FAILURE);
}
publickey_mode |= PK;
break;
case 'S':
secretkey = (unsigned char *) read_password_file(optarg, crypto_box_SECRETKEYBYTES, &secretkey_len);
secretkey_mode |= SKFILE;
break;
case 'P':
publickey = (unsigned char *) read_password_file(optarg, crypto_box_PUBLICKEYBYTES, &publickey_len);
publickey_mode |= PKFILE;
break; break;
case 'f': case 'f':
strncpy(infile, optarg, sizeof(infile)-1); b64cipherstring = read_first_line(optarg);
input |= FROMFILE; input |= INFILE;
break; break;
default: case 'n':
print_usage(argv[0]); add_newline = false;
break;
}
}
// read first non-option argument as ciphertext if present
if (optind < argc) {
size_t b64cipherstring_len = strlen(argv[optind]);
b64cipherstring = malloc(b64cipherstring_len);
sodium_memzero(b64cipherstring, b64cipherstring_len);
strncpy(b64cipherstring, argv[optind], b64cipherstring_len);
input |= INSTRING;
}
// check if a secret key was provided
if (secretkey_mode == NONE) {
fprintf(stderr, "[ERROR] Please specify a secret key.\n\n");
print_usage(prog_basename);
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
// check if the secret key has the correct size
if (secretkey_len != crypto_box_SECRETKEYBYTES) {
fprintf(stderr, "[ERROR] Secret key has wrong size %zu; expected %d.\n\n", secretkey_len,
crypto_box_SECRETKEYBYTES);
exit(EXIT_FAILURE);
} }
// retrieve password/key // check if a public key was provided
switch (mode) { if (publickey_mode == NONE) {
case PASSWORD: fprintf(stderr, "[ERROR] Please specify a public key.\n\n");
if (pass_from_env == true) { print_usage(prog_basename);
exit(EXIT_FAILURE);
}
// check if the public key has the correct size
if (publickey_len != crypto_box_PUBLICKEYBYTES) {
fprintf(stderr, "[ERROR] Secret key has wrong size %zu; expected %d.\n\n", publickey_len,
crypto_box_PUBLICKEYBYTES);
exit(EXIT_FAILURE);
}
// check if a ciphertext was provided
if (input == NONE) {
fprintf(stderr, "[ERROR] Please specify a ciphertext source.\n\n");
print_usage(prog_basename);
exit(EXIT_FAILURE);
}
// base64-decode ciphertext
if (base64_decode_string(b64cipherstring, &cipherstring, &cipherstring_len) != 0) {
fprintf(stderr, "[ERROR] Unable to base64-decode ciphertext.\n\n");
exit(EXIT_FAILURE);
}
// prepare buffer for cleartext
size_t cleartext_len = cipherstring_len - crypto_box_SEALBYTES;
unsigned char *cleartext = (unsigned char *) malloc(cleartext_len + 1);
sodium_memzero(cleartext, cleartext_len + 1);
// decrypt message
if (crypto_box_seal_open(cleartext, cipherstring, cipherstring_len, publickey, secretkey) != 0) {
fprintf(stderr, "[ERROR] Unable to decrypt ciphertext.\n\n");
exit(EXIT_FAILURE);
}
// print cleartext to stdout
if (add_newline == true) {
fprintf(stdout, "%s\n", (const char *) cleartext);
} else { } else {
fprintf(stdout, "%s", (const char *) cleartext);
}
break;
case SECRETKEY:
break;
default:
printf("ERROR: Please specify a password OR a key file.\n\n");
print_usage(argv[0]);
exit(EXIT_FAILURE);
}
switch (input) {
case ARGUMENT:
case FROMFILE:
break;
default:
printf("ERROR: Please specify a ciphertext.\n\n");
print_usage(argv[0]);
exit(EXIT_FAILURE);
} }
} }
*/
int main(void) { return 0; }

18
src/libexim-encrypt-dlfunc-decrypt-secretbox.c
View File

@ -10,19 +10,20 @@
#define ENVVAR_PASSWORD_NAME "LIBEXIM_PASSWORD" #define ENVVAR_PASSWORD_NAME "LIBEXIM_PASSWORD"
void print_usage(char *progname) { void print_usage(char *progname) {
printf("Usage: %s [OPTIONS]\n\n", progname); printf("Usage: %s [OPTIONS] [CIPHERTEXT]\n\n", progname);
printf("Password:\n"); printf("Password:\n");
printf(" -p, --password PASSWORD decrypt using PASSWORD\n"); printf(" -p, --password PASSWORD Decrypt using PASSWORD\n");
printf("\n"); printf("\n");
printf(" If the environment variable LIBEXIM_PASSWORD is set the password is read from there.\n"); printf(" If the environment variable LIBEXIM_PASSWORD is set the password is read from there.\n");
printf(" Setting a password with -p/--password overwrites this mechanism.\n"); printf(" Setting a password with -p/--password overwrites this mechanism.\n");
printf("\n"); printf("\n");
printf("Select input:\n"); printf("Select input:\n");
printf(" -c, --input STRING decrypt contents of STRING\n"); printf(" -f, --infile FILE Decrypt contents of the first line of file FILE (use - for stdin)\n");
printf(" -f, --infile FILE decrypt contents of the first line of file FILE\n");
printf("\n"); printf("\n");
printf("Output:\n"); printf("Output:\n");
printf(" -n, --no-newline Do not add a newline to the output\n"); printf(" -n, --no-newline Do not append a newline to the output\n");
printf("\n");
printf("Password and ciphertext are expected to be base64-encoded (as produced by the library).\n");
printf("\n"); printf("\n");
} }
@ -52,10 +53,9 @@ int main(int argc, char *argv[]) {
} }
// define arguments // define arguments
const char *shortargs = "p:ef:n"; const char *shortargs = "p:f:n";
static struct option long_options[] = { static struct option long_options[] = {
{"password", required_argument, NULL, 'p'}, {"password", required_argument, NULL, 'p'},
{"pass-from-env", no_argument, NULL, 'e'},
{"infile", required_argument, NULL, 'f'}, {"infile", required_argument, NULL, 'f'},
{"no-newline", no_argument, NULL, 'n'}, {"no-newline", no_argument, NULL, 'n'},
{0, 0, 0, 0} {0, 0, 0, 0}
@ -64,10 +64,6 @@ int main(int argc, char *argv[]) {
// check environment for LIBEXIM_PASSWORD // check environment for LIBEXIM_PASSWORD
password_env = getenv(ENVVAR_PASSWORD_NAME); password_env = getenv(ENVVAR_PASSWORD_NAME);
if (password_env != NULL && strlen(password_env) > 0) { if (password_env != NULL && strlen(password_env) > 0) {
// password_len = strlen((const char *) password_env);
// password = malloc(password_len);
// sodium_memzero(password, password_len);
// strncpy(password, password_env, password_len);
password = password_env; password = password_env;
password_len = strlen(password); password_len = strlen(password);
mode |= PASSENV; mode |= PASSENV;

14
src/meson.build
View File

@ -16,8 +16,14 @@ shared_library('exim-encrypt-dlfunc', 'libexim-encrypt-dlfunc.c',
dependencies : [ sodium_deps ], dependencies : [ sodium_deps ],
install: true) install: true)
dlfunc_test = find_program('test_libexim-encrypt-dlfunc.sh') test('libexim-encrypt-dlfunc',
test('libexim-encrypt-dlfunc', dlfunc_test, protocol: 'tap') find_program('test_libexim-encrypt-dlfunc.sh'),
protocol: 'tap')
decrypt_secretbox_test = find_program('test_libexim-encrypt-dlfunc-decrypt-secretbox.sh') test('decrypt-secretbox',
test('decrypt-secretbox', decrypt_secretbox_test, protocol: 'tap') find_program('test_libexim-encrypt-dlfunc-decrypt-secretbox.sh'),
protocol: 'tap')
test('decrypt-sealedbox',
find_program('test_libexim-encrypt-dlfunc-decrypt-sealedbox.sh'),
protocol: 'tap')

46
src/test_libexim-encrypt-dlfunc-decrypt-sealedbox.sh Executable file
View File

@ -0,0 +1,46 @@
#!/bin/bash
# shellcheck disable=SC2034
# this script implements the TAP protocol (https://testanything.org)
echo 1..3
TEST_PUBLICKEY='z7+GlUWgoiXJ4VK6cdLikCF7M6Mj9i4eXNE6Jh1m9yw='
TEST_SECRETKEY='h5C/V2nzhILRmJ6UZrNK/6G8Xc4KWzLq/Qr8Xj42jus='
TEST_CLEARTEXT='There is nothing in the middle of the road but a yellow stripe and dead armadillos. ~ Jim Hightower'
TEST_CIPHERTEXT='+UgXgarCuX3dUobgt8rRnjnxPNWHpsw98GjLZy8+2m5e/v9K/acMq+0UsFW7lwAZIRqj1F55n78y73Y6XCBEVSt8G6nntV8WuDYlr1BHcBIXNr5toUbE+CxtLoGqfD3c3nw1NkJDO1NYGzK/cG43TEEBLrQJCRLRBXOZmxG6ugFo4FtYl297/B1xNtkd9IR4TY5C'
CIPHERTEXT_FILE="$(mktemp)"
TEST_PUBLICKEY_FILE="$(mktemp)"
TEST_SECRETKEY_FILE="$(mktemp)"
echo -n "${TEST_CIPHERTEXT}" > "${CIPHERTEXT_FILE}"
echo -n "${TEST_PUBLICKEY}" | base64 -d > "${TEST_PUBLICKEY_FILE}"
echo -n "${TEST_SECRETKEY}" | base64 -d > "${TEST_SECRETKEY_FILE}"
cleanup() {
rm -rf "${CIPHERTEXT_FILE}" "${TEST_PUBLICKEY_FILE}" "${TEST_SECRETKEY_FILE}"
}
trap cleanup EXIT INT TERM
export LIBEXIM_PUBLICKEY="${TEST_PUBLICKEY}"
export LIBEXIM_SECRETKEY="${TEST_SECRETKEY}"
DECRYPTED="$(src/libexim-encrypt-dlfunc-decrypt-sealedbox "${TEST_CIPHERTEXT}")"
if [ "${DECRYPTED}" == "${TEST_CLEARTEXT}" ] ; then
echo "ok 1 - decrypt commandline argument with keys from environment successful"
else
echo "not ok 1 - decrypt commandline argument with keys from environment unsuccessful"
fi
export -n LIBEXIM_PUBLICKEY LIBEXIM_SECRETKEY
DECRYPTED="$(src/libexim-encrypt-dlfunc-decrypt-sealedbox --secret-key "${TEST_SECRETKEY}" --public-key "${TEST_PUBLICKEY}" --infile "${CIPHERTEXT_FILE}")"
if [ "${DECRYPTED}" == "${TEST_CLEARTEXT}" ] ; then
echo "ok 2 - decrypt file contents with keys from commandline"
else
echo "not ok 2 - decrypt file contents with keys from commandline"
fi
DECRYPTED="$(src/libexim-encrypt-dlfunc-decrypt-sealedbox --secret-key-file "${TEST_SECRETKEY_FILE}" --public-key-file "${TEST_PUBLICKEY_FILE}" --infile - < "${CIPHERTEXT_FILE}")"
if [ "${DECRYPTED}" == "${TEST_CLEARTEXT}" ] ; then
echo "ok 3 - decrypt stdin contents with keys from files"
else
echo "not ok 3 - decrypt stdin contents with keys from files"
fi

47
src/test_libexim-encrypt-dlfunc-decrypt-secretbox.sh
View File

@ -1,46 +1,57 @@
#!/bin/bash #!/bin/bash
# shellcheck disable=SC2034 # shellcheck disable=SC2034
PATH=/sbin:/usr/sbin:$PATH
# this script implements the TAP protocol (https://testanything.org) # this script implements the TAP protocol (https://testanything.org)
echo 1..4 echo 1..5
TEST_PASSWORD='ThisIsAPassword' TEST_PASSWORD='be6rahqu3bukee3Aengohgoopheeyis5'
TEST_CLEARTEXT='This is my cleartext' TEST_CLEARTEXT='The great thing about attackers is that there are so many to choose from! - Daniel J. Bernstein'
TEST_CIPHERTEXT01='RCHI+VukmWIsVE3eixbWIAtPPBW63nmV1ITpSBEDYXC9Y5QMBd1zmGLLhE+S9yg0sHfOF/1+wmfF7YXv' TEST_CIPHERTEXT01='K+TOzrbkni7wydNvF1gMRwZWQPNnNIXRG9iQgkFhszBu8ImqIrAK4wWWP02UmclITi8DZbr3sg/EVWurDzAYK+pjkcDAa78glz4qXIqrPbYvEIEHPEExFzCtwi5hqOR+KF7tsqbPvdAOIqwf/2KBomX0GS1I/1CxQMrbJd1VgXc51M4hI0I8'
TEST_CIPHERTEXT02='sEG09WnEKIN2nyJYGNNVo14o7wV6X9HQxW+zxAxMLX9jVdashdaoHqLXQGM8lzpJhG6629lccjzAfrq8' TEST_CIPHERTEXT02='lAod5UhfW6fQCxd4PSktnrzwyWzcw05Svio5XqPOr/p/Ts4Pr0eEjj2TgmT2K85T2xrxCiqmE/OUcODRldEWeSqBSxx0Z6PzXqOzz5ZL6Iq1tggjihMydGz9mNS4jRF9f52k5t2i7xFrMMCRrfq/rer/ngp1h3pposCds+OmX0u+1f4Urj0b'
CIPHERTEXT_FILE01="$(mktemp)" CIPHERTEXT_FILE01="$(mktemp)"
CIPHERTEXT_FILE02="$(mktemp)" CIPHERTEXT_FILE02="$(mktemp)"
echo -n "${TEST_CIPHERTEXT01}" > "${CIPHERTEXT_FILE01}" echo -n "${TEST_CIPHERTEXT01}" > "${CIPHERTEXT_FILE01}"
echo -n "${TEST_CIPHERTEXT02}" > "${CIPHERTEXT_FILE02}" echo -n "${TEST_CIPHERTEXT02}" > "${CIPHERTEXT_FILE02}"
DECRYPTED01="$(LIBEXIM_PASSWORD="${TEST_PASSWORD}" src/libexim-encrypt-dlfunc-decrypt-secretbox ${TEST_CIPHERTEXT01})" cleanup() {
rm -rf "${CIPHERTEXT_FILE01}" "${CIPHERTEXT_FILE02}"
}
trap cleanup EXIT INT TERM
export LIBEXIM_PASSWORD="${TEST_PASSWORD}"
DECRYPTED01="$(src/libexim-encrypt-dlfunc-decrypt-secretbox ${TEST_CIPHERTEXT01})"
if [ "${DECRYPTED01}" == "${TEST_CLEARTEXT}" ] ; then if [ "${DECRYPTED01}" == "${TEST_CLEARTEXT}" ] ; then
echo "ok 1 - decrypt commandline argument with password from environment successful" echo "ok 1 - decrypt commandline argument with password from environment successful"
else else
echo "not ok 1 - decrypt commandline argument with password from environment unsuccessful" echo "not ok 1 - decrypt commandline argument with password from environment unsuccessful"
fi fi
DECRYPTED02="$(LIBEXIM_PASSWORD="${TEST_PASSWORD}" src/libexim-encrypt-dlfunc-decrypt-secretbox --infile ${CIPHERTEXT_FILE01})" DECRYPTED02="$(src/libexim-encrypt-dlfunc-decrypt-secretbox --infile ${CIPHERTEXT_FILE01})"
if [ "${DECRYPTED02}" == "${TEST_CLEARTEXT}" ] ; then if [ "${DECRYPTED02}" == "${TEST_CLEARTEXT}" ] ; then
echo "ok 2 - decrypt file contents with password from environment successful" echo "ok 2 - decrypt file contents with password from environment successful"
else else
echo "not ok 2 - decrypt file contents with password from environment unsuccessful" echo "not ok 2 - decrypt file contents with password from environment unsuccessful"
fi fi
unset LIBEXIM_PASSWORD DECRYPTED03="$(echo -n ${TEST_CIPHERTEXT01} | src/libexim-encrypt-dlfunc-decrypt-secretbox --infile -)"
DECRYPTED03="$(src/libexim-encrypt-dlfunc-decrypt-secretbox -p ${TEST_PASSWORD} ${TEST_CIPHERTEXT02})"
if [ "${DECRYPTED03}" == "${TEST_CLEARTEXT}" ] ; then if [ "${DECRYPTED03}" == "${TEST_CLEARTEXT}" ] ; then
echo "ok 3 - decrypt commandline argument with password from commandline successful" echo "ok 3 - decrypt stdin contents with password from environment successful"
else else
echo "not ok 3 - decrypt commandline argument with password from commandline unsuccessful" echo "not ok 3 - decrypt stdin file contents with password from environment unsuccessful"
fi fi
DECRYPTED04="$(src/libexim-encrypt-dlfunc-decrypt-secretbox -p ${TEST_PASSWORD} --infile ${CIPHERTEXT_FILE02})" export -n LIBEXIM_PASSWORD
DECRYPTED04="$(src/libexim-encrypt-dlfunc-decrypt-secretbox -p ${TEST_PASSWORD} ${TEST_CIPHERTEXT02})"
if [ "${DECRYPTED04}" == "${TEST_CLEARTEXT}" ] ; then if [ "${DECRYPTED04}" == "${TEST_CLEARTEXT}" ] ; then
echo "ok 4 - decrypt file contents with password from commandline successful" echo "ok 4 - decrypt commandline argument with password from commandline successful"
else else
echo "not ok 4 - decrypt file contents with password from commandline unsuccessful" echo "not ok 4 - decrypt commandline argument with password from commandline unsuccessful"
fi
DECRYPTED05="$(src/libexim-encrypt-dlfunc-decrypt-secretbox -p ${TEST_PASSWORD} --infile ${CIPHERTEXT_FILE02})"
if [ "${DECRYPTED05}" == "${TEST_CLEARTEXT}" ] ; then
echo "ok 5 - decrypt file contents with password from commandline successful"
else
echo "not ok 5 - decrypt file contents with password from commandline unsuccessful"
fi fi