#!/bin/bash

PATH=/sbin:/usr/sbin:$PATH

# this script implements the TAP protocol (https://testanything.org)
echo 1..2

# copy to /tmp to keep call to exim under 256 chars (prevent problems on Ubuntu)
install -t /tmp src/libexim-encrypt-dlfunc.so

LIB=/tmp/libexim-encrypt-dlfunc.so
CLEARTEXT="127.88.99.23" # keep short; see above
PASSWORD="$(openssl rand -base64 32)"

CIPHERTEXT=$(exim -be "\${dlfunc{${LIB}}{sodium_crypto_secretbox_encrypt_password}{${PASSWORD}}{${CLEARTEXT}}}")
DECRYPTED=$(exim -be "\${dlfunc{${LIB}}{sodium_crypto_secretbox_decrypt_password}{${PASSWORD}}{${CIPHERTEXT}}}")

if [ "${CLEARTEXT}" == "${DECRYPTED}" ] ; then
	echo "ok 1 - secretbox test successful"
else
	echo "not ok 1 - secretbox test unsuccessful"
fi

# { 0xb6, 0x01, 0x45, 0x20, 0x9f, 0x55, 0x06, 0x74, 0x29, 0x71, 0x7b, 0x5e, 0xa9, 0x68, 0x60, 0x5e, 0x81, 0x1a, 0x54, 0x6b, 0xc9, 0x80, 0x97, 0x78, 0x41, 0xc6, 0x20, 0xae, 0x66, 0x9f, 0xd9, 0x53 };
PK="tgFFIJ9VBnQpcXteqWhgXoEaVGvJgJd4QcYgrmaf2VM="
# { 0x95, 0x8d, 0x45, 0xef, 0x45, 0x6a, 0xc1, 0xef, 0xae, 0x0a, 0x7e, 0x1c, 0xcc, 0x67, 0x70, 0xc8, 0x67, 0x6b, 0xd1, 0x62, 0xd4, 0x59, 0xd9, 0x23, 0xfc, 0x6a, 0xb7, 0xf6, 0x6d, 0xa4, 0xdc, 0xfd };
SK="lY1F70Vqwe+uCn4czGdwyGdr0WLUWdkj/Gq39m2k3P0="

CIPHERTEXT=$(exim -be "\${dlfunc{${LIB}}{sodium_crypto_box_seal}{${PK}}{${CLEARTEXT}}}")
DECRYPTED=$(exim -be "\${dlfunc{${LIB}}{sodium_crypto_box_seal_open}{${SK}}{${PK}}{${CIPHERTEXT}}}")

if [ "${CLEARTEXT}" == "${DECRYPTED}" ] ; then
	echo "ok 2 - sealed_box test successful"
else
	echo "ok 2 - sealed_box test unsuccessful"
fi