mirror of
https://gitlab.kit.edu/kit/scc/sys/mail/exim-encrypt-dlfunc.git
synced 2025-12-06 07:23:56 +01:00
Wrote decrypt tool for sodium_crypto_box_seal plus matching tests.
Lots of code cleanups.
This commit is contained in:
Heiko Reese
58
src/common.c
58
src/common.c
@ -3,31 +3,83 @@
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <stdbool.h>
|
||||
#include <sodium.h>
|
||||
#include "common.h"
|
||||
|
||||
//#define MIN_KEY_SIZE (crypto_box_SECRETKEYBYTES < crypto_box_PUBLICKEYBYTES ? crypto_box_SECRETKEYBYTES : crypto_box_PUBLICKEYBYTES)
|
||||
//#define MAX_KEY_SIZE (crypto_box_SECRETKEYBYTES > crypto_box_PUBLICKEYBYTES ? crypto_box_SECRETKEYBYTES : crypto_box_PUBLICKEYBYTES)
|
||||
|
||||
char *read_first_line(const char *filename) {
|
||||
FILE *stream;
|
||||
char *cipherstring;
|
||||
size_t len = 0;
|
||||
ssize_t nread;
|
||||
bool input_is_stdin = false;
|
||||
|
||||
// open file
|
||||
// open file (use stdin for '-')
|
||||
if (!strncmp(filename, "-", 1)) {
|
||||
stream = stdin;
|
||||
input_is_stdin = true;
|
||||
} else {
|
||||
stream = fopen(filename, "r");
|
||||
if (stream == NULL) {
|
||||
perror("Error opening file");
|
||||
fprintf(stderr, "[ERROR] Error opening file %s\n\n", filename);
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
}
|
||||
|
||||
nread = getline(&cipherstring, &len, stream);
|
||||
|
||||
if (nread == -1) {
|
||||
if (nread == -1 && !feof(stream)) {
|
||||
perror("getline: ");
|
||||
}
|
||||
if (input_is_stdin == false) {
|
||||
fclose(stream);
|
||||
}
|
||||
|
||||
// remove trailing newline
|
||||
cipherstring[strcspn(cipherstring, "\r\n")] = 0;
|
||||
|
||||
return cipherstring;
|
||||
}
|
||||
|
||||
char *read_password_file(const char *filename, size_t keysize, size_t *length) {
|
||||
FILE *stream;
|
||||
char *contents;
|
||||
ssize_t nread;
|
||||
bool input_is_stdin = false;
|
||||
|
||||
contents = malloc(keysize + 1);
|
||||
sodium_memzero(contents, keysize + 1);
|
||||
|
||||
// open file (use stdin for '-')
|
||||
if (!strncmp(filename, "-", 1)) {
|
||||
stream = stdin;
|
||||
input_is_stdin = true;
|
||||
} else {
|
||||
stream = fopen(filename, "r");
|
||||
if (stream == NULL) {
|
||||
fprintf(stderr, "[ERROR] Error opening file %s\n\n", filename);
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
}
|
||||
|
||||
nread = fread(contents, sizeof(char), keysize, stream);
|
||||
|
||||
if (nread < 0) {
|
||||
fprintf(stderr, "[ERROR] reading from %s failed\n\n", filename);
|
||||
exit(EXIT_FAILURE);
|
||||
} else {
|
||||
*length = (size_t) nread;
|
||||
}
|
||||
|
||||
if (input_is_stdin == false) {
|
||||
fclose(stream);
|
||||
}
|
||||
return contents;
|
||||
}
|
||||
|
||||
int base64_decode_string(const char *input, unsigned char **outstring, size_t *outlen) {
|
||||
size_t input_len = strlen(input);
|
||||
size_t outmaxlen = input_len / 4 * 3;
|
||||
|
||||
@ -5,6 +5,10 @@
|
||||
#ifndef EXIM_ENCRYPT_DLFUNC_COMMON_H
|
||||
#define EXIM_ENCRYPT_DLFUNC_COMMON_H
|
||||
|
||||
char * read_first_line(const char *);
|
||||
char *read_first_line(const char *filename);
|
||||
|
||||
char *read_password_file(const char *filename, size_t keysize, size_t *length);
|
||||
|
||||
int base64_decode_string(const char *input, unsigned char **outstring, size_t *outlen);
|
||||
|
||||
#endif //EXIM_ENCRYPT_DLFUNC_COMMON_H
|
||||
|
||||
@ -1,46 +1,62 @@
|
||||
#define _GNU_SOURCE
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdbool.h>
|
||||
#include <string.h>
|
||||
#include <getopt.h>
|
||||
#include <linux/limits.h>
|
||||
#include <sodium.h>
|
||||
#include <stdbool.h>
|
||||
#include "common.c"
|
||||
|
||||
/*
|
||||
#define PASSWORD_MAXLEN 1024
|
||||
#define CIPHERSTRING_MAX (1024*64)
|
||||
#define ENVVAR_SK_NAME "LIBEXIM_SECRETKEY"
|
||||
#define ENVVAR_PK_NAME "LIBEXIM_PUBLICKEY"
|
||||
|
||||
void print_usage(char *progname) {
|
||||
printf("Usage: %s [OPTIONS]\n\n", progname);
|
||||
printf("Usage: %s [OPTIONS] [CIPHERTEXT]\n\n", progname);
|
||||
printf("Secret and public key:\n");
|
||||
printf(" -s, --secret-key FILE read secret key from file FILE\n");
|
||||
printf(" -p, --public-key FILE read public key from file FILE\n");
|
||||
printf(" -s, --secret-key SECRETKEY Secret key (base64-encoded)\n");
|
||||
printf(" -p, --public-key PUBLICKEY Public key (base64-encoded)\n");
|
||||
printf(" -S, --secret-key-file FILE Read secret key (raw) from file FILE (use - for stdin)\n");
|
||||
printf(" -P, --public-key-file FILE Read public key (raw) from file FILE (use - for stdin)\n");
|
||||
printf("\n");
|
||||
printf("The environment variables %s and %s may contain base64-encoded secret/public keys. \n", ENVVAR_SK_NAME,
|
||||
ENVVAR_PK_NAME);
|
||||
printf("\n");
|
||||
printf("Select input:\n");
|
||||
printf(" -c, --input STRING decrypt contents of STRING\n");
|
||||
printf(" -f, --infile FILE decrypt contents of the first line of file FILE\n");
|
||||
printf(" -f, --infile FILE Decrypt contents of the first line of file FILE (use - for stdin)\n");
|
||||
printf("\n");
|
||||
printf("Output:\n");
|
||||
printf(" -n, --no-newline Do not append a newline to the output\n");
|
||||
printf("\n");
|
||||
printf("Keys in arguments and environment variables are expected to be base64 encoded (as produced by the library).\n");
|
||||
printf("Keys in files need to be raw bytes with no encoding, ciphertext should always be base64-encoded.\n");
|
||||
printf("\n");
|
||||
}
|
||||
|
||||
typedef enum {
|
||||
PASSWORD = 1,
|
||||
SECRETKEY = 2
|
||||
} decryption_mode;
|
||||
|
||||
typedef enum {
|
||||
ARGUMENT = 1,
|
||||
FROMFILE = 2
|
||||
} input_source;
|
||||
NONE = 0,
|
||||
SK = 1,
|
||||
PK = 2,
|
||||
SKENV = 4,
|
||||
PKENV = 8,
|
||||
SKFILE = 16,
|
||||
PKFILE = 32,
|
||||
INFILE = 64,
|
||||
INSTRING = 128
|
||||
} seen_sb_args;
|
||||
|
||||
int main(int argc, char *argv[]) {
|
||||
char *prog_basename = basename(argv[0]);
|
||||
int opt = 0;
|
||||
char password[PASSWORD_MAXLEN];
|
||||
char secret_key[PATH_MAX];
|
||||
char cipherstring[CIPHERSTRING_MAX];
|
||||
char infile[PATH_MAX];
|
||||
bool pass_from_env = false;
|
||||
unsigned char *secretkey, *publickey;
|
||||
size_t secretkey_len = 0, publickey_len = 0;
|
||||
char *b64cipherstring;
|
||||
unsigned char *cipherstring;
|
||||
size_t cipherstring_len;
|
||||
bool add_newline = true;
|
||||
|
||||
decryption_mode mode = 0;
|
||||
input_source input = 0;
|
||||
seen_sb_args publickey_mode = NONE;
|
||||
seen_sb_args secretkey_mode = NONE;
|
||||
seen_sb_args input = NONE;
|
||||
|
||||
if (sodium_init() < 0) {
|
||||
fputs("Unable to initialize libsodium", stderr);
|
||||
@ -49,71 +65,133 @@ int main(int argc, char *argv[]) {
|
||||
|
||||
// define arguments
|
||||
static struct option long_options[] = {
|
||||
{"password", required_argument, NULL, 'p'},
|
||||
{"pass-from-env", no_argument, NULL, 'e'},
|
||||
{"secret-key", required_argument, NULL, 'k'},
|
||||
{"public-key", required_argument, NULL, 'k'},
|
||||
{"cipherstring", required_argument, NULL, 's'},
|
||||
{"infile", required_argument, NULL, 'f'}
|
||||
{"secret-key", required_argument, NULL, 's'},
|
||||
{"public-key", required_argument, NULL, 'p'},
|
||||
{"secret-key-file", required_argument, NULL, 'S'},
|
||||
{"public-key-file", required_argument, NULL, 'P'},
|
||||
{"infile", required_argument, NULL, 'f'},
|
||||
{"no-newline", required_argument, NULL, 'n'},
|
||||
{0, 0, 0, 0}
|
||||
};
|
||||
|
||||
// check environment for LIBEXIM_SECRETKEY variable
|
||||
char *sk_env = getenv(ENVVAR_SK_NAME);
|
||||
if (sk_env != NULL && strlen(sk_env) > 0) {
|
||||
if (base64_decode_string(sk_env, &secretkey, &secretkey_len) != 0) {
|
||||
fprintf(stderr, "[ERROR] Unable to base64-decode secret key.\n\n");
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
secretkey_mode |= SKENV;
|
||||
}
|
||||
|
||||
// check environment for LIBEXIM_PUBLICKEY variable
|
||||
char *pk_env = getenv(ENVVAR_PK_NAME);
|
||||
if (pk_env != NULL && strlen(pk_env) > 0) {
|
||||
if (base64_decode_string(pk_env, &publickey, &publickey_len) != 0) {
|
||||
fprintf(stderr, "[ERROR] Unable to base64-decode public key.\n\n");
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
publickey_mode |= PKENV;
|
||||
}
|
||||
|
||||
// parse arguments
|
||||
int long_index = 0;
|
||||
while ((opt = getopt_long(argc, argv,"p:ek:s:f:",
|
||||
while ((opt = getopt_long(argc, argv, "s:p:S:P:f:n",
|
||||
long_options, &long_index)) != -1) {
|
||||
switch (opt) {
|
||||
case 'p':
|
||||
strncpy(password, optarg, sizeof(password)-1);
|
||||
mode |= PASSWORD;
|
||||
break;
|
||||
case 'e':
|
||||
pass_from_env = true;
|
||||
mode |= PASSENV;
|
||||
break;
|
||||
case 'k':
|
||||
strncpy(secret_key, optarg, sizeof(secret_key)-1);
|
||||
mode |= SECRETKEY;
|
||||
break;
|
||||
case 's':
|
||||
strncpy(cipherstring, optarg, sizeof(cipherstring)-1);
|
||||
input |= ARGUMENT;
|
||||
if (base64_decode_string(optarg, &secretkey, &secretkey_len) != 0) {
|
||||
fprintf(stderr, "[ERROR] Unable to base64-decode secret key.\n\n");
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
secretkey_mode |= SK;
|
||||
break;
|
||||
case 'p':
|
||||
if (base64_decode_string(optarg, &publickey, &publickey_len) != 0) {
|
||||
fprintf(stderr, "[ERROR] Unable to base64-decode public key.\n\n");
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
publickey_mode |= PK;
|
||||
break;
|
||||
case 'S':
|
||||
secretkey = (unsigned char *) read_password_file(optarg, crypto_box_SECRETKEYBYTES, &secretkey_len);
|
||||
secretkey_mode |= SKFILE;
|
||||
break;
|
||||
case 'P':
|
||||
publickey = (unsigned char *) read_password_file(optarg, crypto_box_PUBLICKEYBYTES, &publickey_len);
|
||||
publickey_mode |= PKFILE;
|
||||
break;
|
||||
case 'f':
|
||||
strncpy(infile, optarg, sizeof(infile)-1);
|
||||
input |= FROMFILE;
|
||||
b64cipherstring = read_first_line(optarg);
|
||||
input |= INFILE;
|
||||
break;
|
||||
default:
|
||||
print_usage(argv[0]);
|
||||
case 'n':
|
||||
add_newline = false;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
// read first non-option argument as ciphertext if present
|
||||
if (optind < argc) {
|
||||
size_t b64cipherstring_len = strlen(argv[optind]);
|
||||
b64cipherstring = malloc(b64cipherstring_len);
|
||||
sodium_memzero(b64cipherstring, b64cipherstring_len);
|
||||
strncpy(b64cipherstring, argv[optind], b64cipherstring_len);
|
||||
input |= INSTRING;
|
||||
}
|
||||
|
||||
// check if a secret key was provided
|
||||
if (secretkey_mode == NONE) {
|
||||
fprintf(stderr, "[ERROR] Please specify a secret key.\n\n");
|
||||
print_usage(prog_basename);
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
// check if the secret key has the correct size
|
||||
if (secretkey_len != crypto_box_SECRETKEYBYTES) {
|
||||
fprintf(stderr, "[ERROR] Secret key has wrong size %zu; expected %d.\n\n", secretkey_len,
|
||||
crypto_box_SECRETKEYBYTES);
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
|
||||
// retrieve password/key
|
||||
switch (mode) {
|
||||
case PASSWORD:
|
||||
if (pass_from_env == true) {
|
||||
// check if a public key was provided
|
||||
if (publickey_mode == NONE) {
|
||||
fprintf(stderr, "[ERROR] Please specify a public key.\n\n");
|
||||
print_usage(prog_basename);
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
// check if the public key has the correct size
|
||||
if (publickey_len != crypto_box_PUBLICKEYBYTES) {
|
||||
fprintf(stderr, "[ERROR] Secret key has wrong size %zu; expected %d.\n\n", publickey_len,
|
||||
crypto_box_PUBLICKEYBYTES);
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
|
||||
// check if a ciphertext was provided
|
||||
if (input == NONE) {
|
||||
fprintf(stderr, "[ERROR] Please specify a ciphertext source.\n\n");
|
||||
print_usage(prog_basename);
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
// base64-decode ciphertext
|
||||
if (base64_decode_string(b64cipherstring, &cipherstring, &cipherstring_len) != 0) {
|
||||
fprintf(stderr, "[ERROR] Unable to base64-decode ciphertext.\n\n");
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
// prepare buffer for cleartext
|
||||
size_t cleartext_len = cipherstring_len - crypto_box_SEALBYTES;
|
||||
unsigned char *cleartext = (unsigned char *) malloc(cleartext_len + 1);
|
||||
sodium_memzero(cleartext, cleartext_len + 1);
|
||||
|
||||
// decrypt message
|
||||
if (crypto_box_seal_open(cleartext, cipherstring, cipherstring_len, publickey, secretkey) != 0) {
|
||||
fprintf(stderr, "[ERROR] Unable to decrypt ciphertext.\n\n");
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
|
||||
// print cleartext to stdout
|
||||
if (add_newline == true) {
|
||||
fprintf(stdout, "%s\n", (const char *) cleartext);
|
||||
} else {
|
||||
|
||||
}
|
||||
break;
|
||||
case SECRETKEY:
|
||||
break;
|
||||
default:
|
||||
printf("ERROR: Please specify a password OR a key file.\n\n");
|
||||
print_usage(argv[0]);
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
switch (input) {
|
||||
case ARGUMENT:
|
||||
case FROMFILE:
|
||||
break;
|
||||
default:
|
||||
printf("ERROR: Please specify a ciphertext.\n\n");
|
||||
print_usage(argv[0]);
|
||||
exit(EXIT_FAILURE);
|
||||
fprintf(stdout, "%s", (const char *) cleartext);
|
||||
}
|
||||
}
|
||||
*/
|
||||
|
||||
int main(void) { return 0; }
|
||||
@ -10,19 +10,20 @@
|
||||
#define ENVVAR_PASSWORD_NAME "LIBEXIM_PASSWORD"
|
||||
|
||||
void print_usage(char *progname) {
|
||||
printf("Usage: %s [OPTIONS]\n\n", progname);
|
||||
printf("Usage: %s [OPTIONS] [CIPHERTEXT]\n\n", progname);
|
||||
printf("Password:\n");
|
||||
printf(" -p, --password PASSWORD decrypt using PASSWORD\n");
|
||||
printf(" -p, --password PASSWORD Decrypt using PASSWORD\n");
|
||||
printf("\n");
|
||||
printf(" If the environment variable LIBEXIM_PASSWORD is set the password is read from there.\n");
|
||||
printf(" Setting a password with -p/--password overwrites this mechanism.\n");
|
||||
printf("\n");
|
||||
printf("Select input:\n");
|
||||
printf(" -c, --input STRING decrypt contents of STRING\n");
|
||||
printf(" -f, --infile FILE decrypt contents of the first line of file FILE\n");
|
||||
printf(" -f, --infile FILE Decrypt contents of the first line of file FILE (use - for stdin)\n");
|
||||
printf("\n");
|
||||
printf("Output:\n");
|
||||
printf(" -n, --no-newline Do not add a newline to the output\n");
|
||||
printf(" -n, --no-newline Do not append a newline to the output\n");
|
||||
printf("\n");
|
||||
printf("Password and ciphertext are expected to be base64-encoded (as produced by the library).\n");
|
||||
printf("\n");
|
||||
}
|
||||
|
||||
@ -52,10 +53,9 @@ int main(int argc, char *argv[]) {
|
||||
}
|
||||
|
||||
// define arguments
|
||||
const char *shortargs = "p:ef:n";
|
||||
const char *shortargs = "p:f:n";
|
||||
static struct option long_options[] = {
|
||||
{"password", required_argument, NULL, 'p'},
|
||||
{"pass-from-env", no_argument, NULL, 'e'},
|
||||
{"infile", required_argument, NULL, 'f'},
|
||||
{"no-newline", no_argument, NULL, 'n'},
|
||||
{0, 0, 0, 0}
|
||||
@ -64,10 +64,6 @@ int main(int argc, char *argv[]) {
|
||||
// check environment for LIBEXIM_PASSWORD
|
||||
password_env = getenv(ENVVAR_PASSWORD_NAME);
|
||||
if (password_env != NULL && strlen(password_env) > 0) {
|
||||
// password_len = strlen((const char *) password_env);
|
||||
// password = malloc(password_len);
|
||||
// sodium_memzero(password, password_len);
|
||||
// strncpy(password, password_env, password_len);
|
||||
password = password_env;
|
||||
password_len = strlen(password);
|
||||
mode |= PASSENV;
|
||||
|
||||
@ -16,8 +16,14 @@ shared_library('exim-encrypt-dlfunc', 'libexim-encrypt-dlfunc.c',
|
||||
dependencies : [ sodium_deps ],
|
||||
install: true)
|
||||
|
||||
dlfunc_test = find_program('test_libexim-encrypt-dlfunc.sh')
|
||||
test('libexim-encrypt-dlfunc', dlfunc_test, protocol: 'tap')
|
||||
test('libexim-encrypt-dlfunc',
|
||||
find_program('test_libexim-encrypt-dlfunc.sh'),
|
||||
protocol: 'tap')
|
||||
|
||||
decrypt_secretbox_test = find_program('test_libexim-encrypt-dlfunc-decrypt-secretbox.sh')
|
||||
test('decrypt-secretbox', decrypt_secretbox_test, protocol: 'tap')
|
||||
test('decrypt-secretbox',
|
||||
find_program('test_libexim-encrypt-dlfunc-decrypt-secretbox.sh'),
|
||||
protocol: 'tap')
|
||||
|
||||
test('decrypt-sealedbox',
|
||||
find_program('test_libexim-encrypt-dlfunc-decrypt-sealedbox.sh'),
|
||||
protocol: 'tap')
|
||||
46
src/test_libexim-encrypt-dlfunc-decrypt-sealedbox.sh
Executable file
46
src/test_libexim-encrypt-dlfunc-decrypt-sealedbox.sh
Executable file
@ -0,0 +1,46 @@
|
||||
#!/bin/bash
|
||||
# shellcheck disable=SC2034
|
||||
# this script implements the TAP protocol (https://testanything.org)
|
||||
echo 1..3
|
||||
|
||||
TEST_PUBLICKEY='z7+GlUWgoiXJ4VK6cdLikCF7M6Mj9i4eXNE6Jh1m9yw='
|
||||
TEST_SECRETKEY='h5C/V2nzhILRmJ6UZrNK/6G8Xc4KWzLq/Qr8Xj42jus='
|
||||
TEST_CLEARTEXT='There is nothing in the middle of the road but a yellow stripe and dead armadillos. ~ Jim Hightower'
|
||||
TEST_CIPHERTEXT='+UgXgarCuX3dUobgt8rRnjnxPNWHpsw98GjLZy8+2m5e/v9K/acMq+0UsFW7lwAZIRqj1F55n78y73Y6XCBEVSt8G6nntV8WuDYlr1BHcBIXNr5toUbE+CxtLoGqfD3c3nw1NkJDO1NYGzK/cG43TEEBLrQJCRLRBXOZmxG6ugFo4FtYl297/B1xNtkd9IR4TY5C'
|
||||
CIPHERTEXT_FILE="$(mktemp)"
|
||||
TEST_PUBLICKEY_FILE="$(mktemp)"
|
||||
TEST_SECRETKEY_FILE="$(mktemp)"
|
||||
echo -n "${TEST_CIPHERTEXT}" > "${CIPHERTEXT_FILE}"
|
||||
echo -n "${TEST_PUBLICKEY}" | base64 -d > "${TEST_PUBLICKEY_FILE}"
|
||||
echo -n "${TEST_SECRETKEY}" | base64 -d > "${TEST_SECRETKEY_FILE}"
|
||||
|
||||
cleanup() {
|
||||
rm -rf "${CIPHERTEXT_FILE}" "${TEST_PUBLICKEY_FILE}" "${TEST_SECRETKEY_FILE}"
|
||||
}
|
||||
trap cleanup EXIT INT TERM
|
||||
|
||||
export LIBEXIM_PUBLICKEY="${TEST_PUBLICKEY}"
|
||||
export LIBEXIM_SECRETKEY="${TEST_SECRETKEY}"
|
||||
|
||||
DECRYPTED="$(src/libexim-encrypt-dlfunc-decrypt-sealedbox "${TEST_CIPHERTEXT}")"
|
||||
if [ "${DECRYPTED}" == "${TEST_CLEARTEXT}" ] ; then
|
||||
echo "ok 1 - decrypt commandline argument with keys from environment successful"
|
||||
else
|
||||
echo "not ok 1 - decrypt commandline argument with keys from environment unsuccessful"
|
||||
fi
|
||||
|
||||
export -n LIBEXIM_PUBLICKEY LIBEXIM_SECRETKEY
|
||||
|
||||
DECRYPTED="$(src/libexim-encrypt-dlfunc-decrypt-sealedbox --secret-key "${TEST_SECRETKEY}" --public-key "${TEST_PUBLICKEY}" --infile "${CIPHERTEXT_FILE}")"
|
||||
if [ "${DECRYPTED}" == "${TEST_CLEARTEXT}" ] ; then
|
||||
echo "ok 2 - decrypt file contents with keys from commandline"
|
||||
else
|
||||
echo "not ok 2 - decrypt file contents with keys from commandline"
|
||||
fi
|
||||
|
||||
DECRYPTED="$(src/libexim-encrypt-dlfunc-decrypt-sealedbox --secret-key-file "${TEST_SECRETKEY_FILE}" --public-key-file "${TEST_PUBLICKEY_FILE}" --infile - < "${CIPHERTEXT_FILE}")"
|
||||
if [ "${DECRYPTED}" == "${TEST_CLEARTEXT}" ] ; then
|
||||
echo "ok 3 - decrypt stdin contents with keys from files"
|
||||
else
|
||||
echo "not ok 3 - decrypt stdin contents with keys from files"
|
||||
fi
|
||||
@ -1,46 +1,57 @@
|
||||
#!/bin/bash
|
||||
# shellcheck disable=SC2034
|
||||
|
||||
PATH=/sbin:/usr/sbin:$PATH
|
||||
|
||||
# this script implements the TAP protocol (https://testanything.org)
|
||||
echo 1..4
|
||||
echo 1..5
|
||||
|
||||
TEST_PASSWORD='ThisIsAPassword'
|
||||
TEST_CLEARTEXT='This is my cleartext'
|
||||
TEST_CIPHERTEXT01='RCHI+VukmWIsVE3eixbWIAtPPBW63nmV1ITpSBEDYXC9Y5QMBd1zmGLLhE+S9yg0sHfOF/1+wmfF7YXv'
|
||||
TEST_CIPHERTEXT02='sEG09WnEKIN2nyJYGNNVo14o7wV6X9HQxW+zxAxMLX9jVdashdaoHqLXQGM8lzpJhG6629lccjzAfrq8'
|
||||
TEST_PASSWORD='be6rahqu3bukee3Aengohgoopheeyis5'
|
||||
TEST_CLEARTEXT='The great thing about attackers is that there are so many to choose from! - Daniel J. Bernstein'
|
||||
TEST_CIPHERTEXT01='K+TOzrbkni7wydNvF1gMRwZWQPNnNIXRG9iQgkFhszBu8ImqIrAK4wWWP02UmclITi8DZbr3sg/EVWurDzAYK+pjkcDAa78glz4qXIqrPbYvEIEHPEExFzCtwi5hqOR+KF7tsqbPvdAOIqwf/2KBomX0GS1I/1CxQMrbJd1VgXc51M4hI0I8'
|
||||
TEST_CIPHERTEXT02='lAod5UhfW6fQCxd4PSktnrzwyWzcw05Svio5XqPOr/p/Ts4Pr0eEjj2TgmT2K85T2xrxCiqmE/OUcODRldEWeSqBSxx0Z6PzXqOzz5ZL6Iq1tggjihMydGz9mNS4jRF9f52k5t2i7xFrMMCRrfq/rer/ngp1h3pposCds+OmX0u+1f4Urj0b'
|
||||
CIPHERTEXT_FILE01="$(mktemp)"
|
||||
CIPHERTEXT_FILE02="$(mktemp)"
|
||||
echo -n "${TEST_CIPHERTEXT01}" > "${CIPHERTEXT_FILE01}"
|
||||
echo -n "${TEST_CIPHERTEXT02}" > "${CIPHERTEXT_FILE02}"
|
||||
|
||||
DECRYPTED01="$(LIBEXIM_PASSWORD="${TEST_PASSWORD}" src/libexim-encrypt-dlfunc-decrypt-secretbox ${TEST_CIPHERTEXT01})"
|
||||
cleanup() {
|
||||
rm -rf "${CIPHERTEXT_FILE01}" "${CIPHERTEXT_FILE02}"
|
||||
}
|
||||
trap cleanup EXIT INT TERM
|
||||
|
||||
export LIBEXIM_PASSWORD="${TEST_PASSWORD}"
|
||||
|
||||
DECRYPTED01="$(src/libexim-encrypt-dlfunc-decrypt-secretbox ${TEST_CIPHERTEXT01})"
|
||||
if [ "${DECRYPTED01}" == "${TEST_CLEARTEXT}" ] ; then
|
||||
echo "ok 1 - decrypt commandline argument with password from environment successful"
|
||||
else
|
||||
echo "not ok 1 - decrypt commandline argument with password from environment unsuccessful"
|
||||
fi
|
||||
|
||||
DECRYPTED02="$(LIBEXIM_PASSWORD="${TEST_PASSWORD}" src/libexim-encrypt-dlfunc-decrypt-secretbox --infile ${CIPHERTEXT_FILE01})"
|
||||
DECRYPTED02="$(src/libexim-encrypt-dlfunc-decrypt-secretbox --infile ${CIPHERTEXT_FILE01})"
|
||||
if [ "${DECRYPTED02}" == "${TEST_CLEARTEXT}" ] ; then
|
||||
echo "ok 2 - decrypt file contents with password from environment successful"
|
||||
else
|
||||
echo "not ok 2 - decrypt file contents with password from environment unsuccessful"
|
||||
fi
|
||||
|
||||
unset LIBEXIM_PASSWORD
|
||||
|
||||
DECRYPTED03="$(src/libexim-encrypt-dlfunc-decrypt-secretbox -p ${TEST_PASSWORD} ${TEST_CIPHERTEXT02})"
|
||||
DECRYPTED03="$(echo -n ${TEST_CIPHERTEXT01} | src/libexim-encrypt-dlfunc-decrypt-secretbox --infile -)"
|
||||
if [ "${DECRYPTED03}" == "${TEST_CLEARTEXT}" ] ; then
|
||||
echo "ok 3 - decrypt commandline argument with password from commandline successful"
|
||||
echo "ok 3 - decrypt stdin contents with password from environment successful"
|
||||
else
|
||||
echo "not ok 3 - decrypt commandline argument with password from commandline unsuccessful"
|
||||
echo "not ok 3 - decrypt stdin file contents with password from environment unsuccessful"
|
||||
fi
|
||||
|
||||
DECRYPTED04="$(src/libexim-encrypt-dlfunc-decrypt-secretbox -p ${TEST_PASSWORD} --infile ${CIPHERTEXT_FILE02})"
|
||||
export -n LIBEXIM_PASSWORD
|
||||
|
||||
DECRYPTED04="$(src/libexim-encrypt-dlfunc-decrypt-secretbox -p ${TEST_PASSWORD} ${TEST_CIPHERTEXT02})"
|
||||
if [ "${DECRYPTED04}" == "${TEST_CLEARTEXT}" ] ; then
|
||||
echo "ok 4 - decrypt file contents with password from commandline successful"
|
||||
echo "ok 4 - decrypt commandline argument with password from commandline successful"
|
||||
else
|
||||
echo "not ok 4 - decrypt file contents with password from commandline unsuccessful"
|
||||
echo "not ok 4 - decrypt commandline argument with password from commandline unsuccessful"
|
||||
fi
|
||||
|
||||
DECRYPTED05="$(src/libexim-encrypt-dlfunc-decrypt-secretbox -p ${TEST_PASSWORD} --infile ${CIPHERTEXT_FILE02})"
|
||||
if [ "${DECRYPTED05}" == "${TEST_CLEARTEXT}" ] ; then
|
||||
echo "ok 5 - decrypt file contents with password from commandline successful"
|
||||
else
|
||||
echo "not ok 5 - decrypt file contents with password from commandline unsuccessful"
|
||||
fi
|
||||
|
||||
Reference in New Issue
Block a user