hreese/exim-encrypt-dlfunc
1
0
Fork 0
mirror of https://gitlab.kit.edu/kit/scc/sys/mail/exim-encrypt-dlfunc.git synced 2025-12-06 09:23:57 +01:00
Code Issues Releases Wiki Activity
Files
c3db123a7a8660a3d19654f733ba5b69164f9f17
exim-encrypt-dlfunc/src/test_libexim-encrypt-dlfunc.sh
heiko.reese 781c716d8e Code cleanup & more tests
2021-09-13 02:40:12 +02:00

100 lines
3.4 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# shellcheck disable=SC2164
PATH=/sbin:/usr/sbin:$PATH
# this script implements the TAP protocol (https://testanything.org)
echo 1..6
# copy to /tmp to keep commandline arguments to exim calls under 256 chars (prevent problems on Ubuntu)
install -t /tmp src/libexim-encrypt-dlfunc.so
LIB=/tmp/libexim-encrypt-dlfunc.so
CLEARTEXT="127.88.99.23" # keep short; see above
PASSWORD="$(openssl rand -base64 32)"
CIPHERTEXT=$(exim -C /dev/null -be "\${dlfunc{${LIB}}{sodium_crypto_secretbox_encrypt_password}{${PASSWORD}}{${CLEARTEXT}}}")
DECRYPTED=$(exim -C /dev/null -be "\${dlfunc{${LIB}}{sodium_crypto_secretbox_decrypt_password}{${PASSWORD}}{${CIPHERTEXT}}}")
if [ "${CLEARTEXT}" == "${DECRYPTED}" ] ; then
echo "ok 1 - secretbox test successful"
else
echo "not ok 1 - secretbox test unsuccessful"
fi
PK="tgFFIJ9VBnQpcXteqWhgXoEaVGvJgJd4QcYgrmaf2VM="
SK="lY1F70Vqwe+uCn4czGdwyGdr0WLUWdkj/Gq39m2k3P0="
CIPHERTEXT=$(exim -C /dev/null -be "\${dlfunc{${LIB}}{sodium_crypto_box_seal}{${PK}}{${CLEARTEXT}}}")
DECRYPTED=$(exim -C /dev/null -be "\${dlfunc{${LIB}}{sodium_crypto_box_seal_open}{${SK}}{${PK}}{${CIPHERTEXT}}}")
if [ "${CLEARTEXT}" == "${DECRYPTED}" ] ; then
echo "ok 2 - sealed_box test with pre-generated key pair successful"
else
echo "not ok 2 - sealed_box test with pre-generated key pair unsuccessful"
fi
# skip test on Ubuntu
#[ "$(lsb_release --id --short)" == "Ubuntu" ] && echo "not ok 3 # skip Ubuntu has patches against long commandline arguments, bailing out"
### Test libexim-encrypt-dlfunc-genkeys
TEMPDIR01="$(mktemp --directory --quiet)"
TEMPDIR02="$(mktemp --directory --quiet)"
cleanup() {
rm -rf "${TEMPDIR01}" "${TEMPDIR02}"
}
trap cleanup EXIT INT TERM
CURDIR="$(pwd)"
pushd "${TEMPDIR01}" > /dev/null
"${CURDIR}/src/libexim-encrypt-dlfunc-genkeys" 2> /dev/null # TAP parser seems to hate the output
PK="$(base64 cryptobox_recipient_pk.raw)"
SK="$(base64 cryptobox_recipient_sk.raw)"
popd > /dev/null
CIPHERTEXT=$(exim -C /dev/null -be "\${dlfunc{${LIB}}{sodium_crypto_box_seal}{${PK}}{${CLEARTEXT}}}")
DECRYPTED=$(exim -C /dev/null -be "\${dlfunc{${LIB}}{sodium_crypto_box_seal_open}{${SK}}{${PK}}{${CIPHERTEXT}}}")
if [ "${CLEARTEXT}" == "${DECRYPTED}" ] ; then
echo "ok 3 - sealed_box test with newly generated key pair successful"
else
echo "not ok 3 - sealed_box test with newly generated key pair unsuccessful"
fi
### Check if --help works
if src/libexim-encrypt-dlfunc-decrypt-secretbox --help > /dev/null ; then
echo "ok 4 - secretbox --help argument works"
else
echo "not ok 4 - secretbox --help argument does not work"
fi
if src/libexim-encrypt-dlfunc-decrypt-sealedbox --help > /dev/null ; then
echo "ok 5 - sealedbox --help argument works"
else
echo "not ok 5 - sealedbox --help argument does not work"
fi
### Code coverage for genkeys file access failures
pushd "${TEMPDIR02}" > /dev/null
KEYFILES=(cryptobox_recipient_pk.raw cryptobox_recipient_pk_exim.conf cryptobox_recipient_sk.raw cryptobox_recipient_sk_exim.conf)
for KF in "${KEYFILES[@]}"; do
rm -f "${KF}"
touch "${KF}"
done
FS_ACCESS_FAILURE=0
for KF in "${KEYFILES[@]}"; do
su -s /bin/bash -c "${CURDIR}/src/libexim-encrypt-dlfunc-genkeys" - nobody 2> /dev/null && FS_ACCESS_FAILURE=1
rm -f "${KF}"
touch "${KF}"
chown nobody: "${KF}"
done
if [ ${FS_ACCESS_FAILURE} -eq 0 ]; then
echo "ok 6 - genkeys should fail without filesystem access"
else
echo "not ok 6 - genkeys should fail without filesystem access"
fi
popd > /dev/null
Reference in New Issue View Git Blame Copy Permalink