xref: /aosp_15_r20/external/tink/cc/examples/daead/deterministic_aead_cli_test.sh (revision e7b1675dde1b92d52ec075b0a92829627f2c52a5) 
1#!/bin/bash
2# Copyright 2022 Google LLC
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8#      http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15################################################################################
16
17set -euo pipefail
18
19#############################################################################
20# Tests for Tink CC Deterministic AEAD.
21#############################################################################
22
23: "${TEST_TMPDIR:=$(mktemp -d)}"
24
25readonly CLI="$1"
26readonly KEYSET_FILE="$2"
27readonly DATA_FILE="${TEST_TMPDIR}/example_data.txt"
28readonly TEST_NAME="TinkExamplesCcDeterministicAeadTest"
29
30echo "This is some plaintext to be encrypted." > "${DATA_FILE}"
31
32#######################################
33# A helper function for getting the return code of a command that may fail.
34# Temporarily disables error safety and stores return value in TEST_STATUS.
35#
36# Globals:
37#   TEST_STATUS
38# Arguments:
39#   Command to execute.
40#######################################
41test_command() {
42  set +e
43  "$@"
44  TEST_STATUS=$?
45  set -e
46}
47
48#######################################
49# Asserts that the outcome of the latest test command is 0.
50#
51# If not, it terminates the test execution.
52#
53# Globals:
54#   TEST_STATUS
55#   TEST_NAME
56#   TEST_CASE
57#######################################
58assert_command_succeeded() {
59  if (( TEST_STATUS != 0 )); then
60    echo "[   FAILED ] ${TEST_NAME}.${TEST_CASE}"
61    exit 1
62  fi
63}
64
65#######################################
66# Asserts that the outcome of the latest test command is not 0.
67#
68# If not, it terminates the test execution.
69#
70# Globals:
71#   TEST_STATUS
72#   TEST_NAME
73#   TEST_CASE
74#######################################
75assert_command_failed() {
76  if (( TEST_STATUS == 0 )); then
77      echo "[   FAILED ] ${TEST_NAME}.${TEST_CASE}"
78      exit 1
79  fi
80}
81
82#######################################
83# Starts a new test case; records the test case name to TEST_CASE.
84#
85# Globals:
86#   TEST_NAME
87#   TEST_CASE
88# Arguments:
89#   test_case: The name of the test case.
90#######################################
91start_test_case() {
92  TEST_CASE="$1"
93  echo "[ RUN      ] ${TEST_NAME}.${TEST_CASE}"
94}
95
96#######################################
97# Ends a test case printing a success message.
98#
99# Globals:
100#   TEST_NAME
101#   TEST_CASE
102#######################################
103end_test_case() {
104  echo "[       OK ] ${TEST_NAME}.${TEST_CASE}"
105}
106
107#############################################################################
108
109start_test_case "encrypt"
110
111# Run encryption.
112test_command "${CLI}" \
113  --mode encrypt \
114  --keyset_filename "${KEYSET_FILE}" \
115  --input_filename "${DATA_FILE}" \
116  --output_filename "${DATA_FILE}.encrypted"
117assert_command_succeeded
118
119end_test_case
120
121#############################################################################
122
123start_test_case "decrypt"
124
125# Run decryption.
126test_command "${CLI}" \
127  --mode decrypt \
128  --keyset_filename "${KEYSET_FILE}" \
129  --input_filename "${DATA_FILE}.encrypted" \
130  --output_filename "${DATA_FILE}.decrypted"
131assert_command_succeeded
132
133test_command cmp -s "${DATA_FILE}" "${DATA_FILE}.decrypted"
134assert_command_succeeded
135
136end_test_case
137
138#############################################################################
139
140start_test_case "encrypt_decrypt_fails_with_modified_ciphertext"
141
142# Run encryption
143test_command "${CLI}" \
144  --mode encrypt \
145  --keyset_filename "${KEYSET_FILE}" \
146  --input_filename "${DATA_FILE}" \
147  --output_filename "${DATA_FILE}.encrypted"
148assert_command_succeeded
149
150# Modify ciphertext.
151echo "modified" >> "${DATA_FILE}.encrypted"
152
153# Run decryption.
154test_command "${CLI}" \
155  --mode decrypt \
156  --keyset_filename "${KEYSET_FILE}" \
157  --input_filename "${DATA_FILE}.encrypted" \
158  --output_filename "${DATA_FILE}.decrypted"
159assert_command_failed
160
161end_test_case
162
163#############################################################################
164
165start_test_case "encrypt_decrypt_succeeds_with_associated_data"
166
167# Run encryption.
168ASSOCIATED_DATA="header information"
169test_command "${CLI}" \
170  --mode encrypt \
171  --keyset_filename "${KEYSET_FILE}" \
172  --input_filename "${DATA_FILE}" \
173  --output_filename "${DATA_FILE}.encrypted" \
174  --associated_data "${ASSOCIATED_DATA}"
175assert_command_succeeded
176
177# Run decryption.
178test_command "${CLI}" \
179  --mode decrypt \
180  --keyset_filename "${KEYSET_FILE}" \
181  --input_filename "${DATA_FILE}.encrypted" \
182  --output_filename "${DATA_FILE}.decrypted" \
183  --associated_data "${ASSOCIATED_DATA}"
184assert_command_succeeded
185
186cmp --silent "${DATA_FILE}" "${DATA_FILE}.decrypted"
187assert_command_succeeded
188
189end_test_case
190
191#############################################################################
192
193start_test_case "encrypt_decrypt_fails_with_modified_associated_data"
194
195# Run encryption.
196ASSOCIATED_DATA="header information"
197test_command "${CLI}" \
198  --mode encrypt \
199  --keyset_filename "${KEYSET_FILE}" \
200  --input_filename "${DATA_FILE}" \
201  --output_filename "${DATA_FILE}.encrypted" \
202  --associated_data "${ASSOCIATED_DATA}"
203assert_command_succeeded
204
205# Run decryption.
206MODIFIED_ASSOCIATED_DATA="modified header information"
207test_command "${CLI}" \
208  --mode decrypt \
209  --keyset_filename "${KEYSET_FILE}" \
210  --input_filename "${DATA_FILE}.encrypted" \
211  --output_filename "${DATA_FILE}.decrypted" \
212  --associated_data "${MODIFIED_ASSOCIATED_DATA}"
213assert_command_failed
214
215end_test_case
216