1*e7b1675dSTing-Kang Chang#!/bin/bash 2*e7b1675dSTing-Kang Chang# Copyright 2021 Google LLC 3*e7b1675dSTing-Kang Chang# 4*e7b1675dSTing-Kang Chang# Licensed under the Apache License, Version 2.0 (the "License"); 5*e7b1675dSTing-Kang Chang# you may not use this file except in compliance with the License. 6*e7b1675dSTing-Kang Chang# You may obtain a copy of the License at 7*e7b1675dSTing-Kang Chang# 8*e7b1675dSTing-Kang Chang# http://www.apache.org/licenses/LICENSE-2.0 9*e7b1675dSTing-Kang Chang# 10*e7b1675dSTing-Kang Chang# Unless required by applicable law or agreed to in writing, software 11*e7b1675dSTing-Kang Chang# distributed under the License is distributed on an "AS IS" BASIS, 12*e7b1675dSTing-Kang Chang# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13*e7b1675dSTing-Kang Chang# See the License for the specific language governing permissions and 14*e7b1675dSTing-Kang Chang# limitations under the License. 15*e7b1675dSTing-Kang Chang################################################################################ 16*e7b1675dSTing-Kang Chang 17*e7b1675dSTing-Kang Changset -euo pipefail 18*e7b1675dSTing-Kang Chang 19*e7b1675dSTing-Kang Chang############################################################################# 20*e7b1675dSTing-Kang Chang# Tests for AEAD example. 21*e7b1675dSTing-Kang Chang############################################################################# 22*e7b1675dSTing-Kang Chang 23*e7b1675dSTing-Kang ChangCLI="$1" 24*e7b1675dSTing-Kang ChangKEYSET_FILE="$2" 25*e7b1675dSTing-Kang Chang 26*e7b1675dSTing-Kang ChangDATA_FILE="${TEST_TMPDIR}/example_data.txt" 27*e7b1675dSTing-Kang Chang 28*e7b1675dSTing-Kang Changecho "This is some plaintext to be encrypted." > "${DATA_FILE}" 29*e7b1675dSTing-Kang Chang 30*e7b1675dSTing-Kang Chang############################################################################# 31*e7b1675dSTing-Kang Chang 32*e7b1675dSTing-Kang Chang# A helper function for getting the return code of a command that may fail. 33*e7b1675dSTing-Kang Chang# Temporarily disables error safety and stores return value in ${TEST_STATUS} 34*e7b1675dSTing-Kang Chang# Usage: 35*e7b1675dSTing-Kang Chang# % test_command somecommand some args 36*e7b1675dSTing-Kang Chang# % echo ${TEST_STATUS} 37*e7b1675dSTing-Kang Changtest_command() { 38*e7b1675dSTing-Kang Chang set +e 39*e7b1675dSTing-Kang Chang "$@" 40*e7b1675dSTing-Kang Chang TEST_STATUS=$? 41*e7b1675dSTing-Kang Chang set -e 42*e7b1675dSTing-Kang Chang} 43*e7b1675dSTing-Kang Chang 44*e7b1675dSTing-Kang Changprint_test() { 45*e7b1675dSTing-Kang Chang echo "+++ Starting test $1..." 46*e7b1675dSTing-Kang Chang} 47*e7b1675dSTing-Kang Chang 48*e7b1675dSTing-Kang Chang############################################################################# 49*e7b1675dSTing-Kang Chang 50*e7b1675dSTing-Kang Changprint_test "encrypt" 51*e7b1675dSTing-Kang Chang 52*e7b1675dSTing-Kang Chang# Run encryption 53*e7b1675dSTing-Kang Changtest_command ${CLI} --mode encrypt --keyset_path "${KEYSET_FILE}" \ 54*e7b1675dSTing-Kang Chang --input_path "${DATA_FILE}" --output_path "${DATA_FILE}.encrypted" 55*e7b1675dSTing-Kang Chang 56*e7b1675dSTing-Kang Changif (( TEST_STATUS == 0 )); then 57*e7b1675dSTing-Kang Chang echo "+++ Success: file was encrypted." 58*e7b1675dSTing-Kang Changelse 59*e7b1675dSTing-Kang Chang echo "--- Failure: could not encrypt file." 60*e7b1675dSTing-Kang Chang exit 1 61*e7b1675dSTing-Kang Changfi 62*e7b1675dSTing-Kang Chang 63*e7b1675dSTing-Kang Chang############################################################################# 64*e7b1675dSTing-Kang Chang 65*e7b1675dSTing-Kang Changprint_test "decrypt" 66*e7b1675dSTing-Kang Chang 67*e7b1675dSTing-Kang Chang# Run decryption 68*e7b1675dSTing-Kang Changtest_command ${CLI} --mode decrypt --keyset_path "${KEYSET_FILE}" \ 69*e7b1675dSTing-Kang Chang --input_path "${DATA_FILE}.encrypted" --output_path "${DATA_FILE}.decrypted" 70*e7b1675dSTing-Kang Chang 71*e7b1675dSTing-Kang Changif (( TEST_STATUS == 0 )); then 72*e7b1675dSTing-Kang Chang echo "+++ Success: file was successfully decrypted." 73*e7b1675dSTing-Kang Changelse 74*e7b1675dSTing-Kang Chang echo "--- Failure: could not decrypt file." 75*e7b1675dSTing-Kang Chang exit 1 76*e7b1675dSTing-Kang Changfi 77*e7b1675dSTing-Kang Chang 78*e7b1675dSTing-Kang Changif cmp -s "${DATA_FILE}" "$DATA_FILE.decrypted"; then 79*e7b1675dSTing-Kang Chang echo "+++ Success: file content is the same after decryption." 80*e7b1675dSTing-Kang Changelse 81*e7b1675dSTing-Kang Chang echo "--- Failure: file content is not the same after decryption." 82*e7b1675dSTing-Kang Chang exit 1 83*e7b1675dSTing-Kang Changfi 84*e7b1675dSTing-Kang Chang 85*e7b1675dSTing-Kang Chang 86*e7b1675dSTing-Kang Chang############################################################################# 87*e7b1675dSTing-Kang Chang 88*e7b1675dSTing-Kang Changprint_test "test_encrypt_decrypt_fails_with_modified_ciphertext" 89*e7b1675dSTing-Kang Chang 90*e7b1675dSTing-Kang Chang# Run encryption 91*e7b1675dSTing-Kang Changtest_command ${CLI} --mode encrypt --keyset_path "${KEYSET_FILE}" \ 92*e7b1675dSTing-Kang Chang --input_path "${DATA_FILE}" --output_path "${DATA_FILE}.encrypted" 93*e7b1675dSTing-Kang Chang 94*e7b1675dSTing-Kang Changif (( TEST_STATUS == 0 )); then 95*e7b1675dSTing-Kang Chang echo "+++ Encryption successful." 96*e7b1675dSTing-Kang Changelse 97*e7b1675dSTing-Kang Chang echo "--- Encryption failed." 98*e7b1675dSTing-Kang Chang exit 1 99*e7b1675dSTing-Kang Changfi 100*e7b1675dSTing-Kang Chang 101*e7b1675dSTing-Kang Chang# Modify ciphertext 102*e7b1675dSTing-Kang Changecho "modified" >> "${DATA_FILE}.encrypted" 103*e7b1675dSTing-Kang Chang 104*e7b1675dSTing-Kang Chang# Run decryption 105*e7b1675dSTing-Kang Changtest_command ${CLI} --mode decrypt --keyset_path "${KEYSET_FILE}" \ 106*e7b1675dSTing-Kang Chang --input_path "${DATA_FILE}.encrypted" --output_path "${DATA_FILE}.decrypted" 107*e7b1675dSTing-Kang Chang 108*e7b1675dSTing-Kang Changif (( TEST_STATUS == 1 )); then 109*e7b1675dSTing-Kang Chang echo "+++ Decryption failed as expected." 110*e7b1675dSTing-Kang Changelse 111*e7b1675dSTing-Kang Chang echo "--- Decryption succeeded but expected to fail." 112*e7b1675dSTing-Kang Chang exit 1 113*e7b1675dSTing-Kang Changfi 114*e7b1675dSTing-Kang Chang 115*e7b1675dSTing-Kang Chang############################################################################# 116*e7b1675dSTing-Kang Chang 117*e7b1675dSTing-Kang Changprint_test "test_encrypt_decrypt_succeeds_with_associated_data" 118*e7b1675dSTing-Kang Chang 119*e7b1675dSTing-Kang Chang# Run encryption 120*e7b1675dSTing-Kang ChangASSOCIATED_DATA="header information" 121*e7b1675dSTing-Kang Changtest_command ${CLI} --mode encrypt --keyset_path "${KEYSET_FILE}" \ 122*e7b1675dSTing-Kang Chang --input_path "${DATA_FILE}" --output_path "${DATA_FILE}.encrypted" \ 123*e7b1675dSTing-Kang Chang --associated_data "${ASSOCIATED_DATA}" 124*e7b1675dSTing-Kang Chang 125*e7b1675dSTing-Kang Changif (( TEST_STATUS == 0 )); then 126*e7b1675dSTing-Kang Chang echo "+++ Encryption successful." 127*e7b1675dSTing-Kang Changelse 128*e7b1675dSTing-Kang Chang echo "--- Encryption failed." 129*e7b1675dSTing-Kang Chang exit 1 130*e7b1675dSTing-Kang Changfi 131*e7b1675dSTing-Kang Chang 132*e7b1675dSTing-Kang Chang# Run decryption 133*e7b1675dSTing-Kang Changtest_command ${CLI} --mode decrypt --keyset_path "${KEYSET_FILE}" \ 134*e7b1675dSTing-Kang Chang --input_path "${DATA_FILE}.encrypted" --output_path "${DATA_FILE}.decrypted" \ 135*e7b1675dSTing-Kang Chang --associated_data "${ASSOCIATED_DATA}" 136*e7b1675dSTing-Kang Chang 137*e7b1675dSTing-Kang Changif (( TEST_STATUS == 0 )); then 138*e7b1675dSTing-Kang Chang echo "+++ Decryption successful." 139*e7b1675dSTing-Kang Changelse 140*e7b1675dSTing-Kang Chang echo "--- Decryption failed." 141*e7b1675dSTing-Kang Chang exit 1 142*e7b1675dSTing-Kang Changfi 143*e7b1675dSTing-Kang Chang 144*e7b1675dSTing-Kang Changcmp --silent "${DATA_FILE}" "${DATA_FILE}.decrypted" 145*e7b1675dSTing-Kang Chang 146*e7b1675dSTing-Kang Chang############################################################################# 147*e7b1675dSTing-Kang Chang 148*e7b1675dSTing-Kang Changprint_test "test_encrypt_decrypt_fails_with_modified_associated_data" 149*e7b1675dSTing-Kang Chang 150*e7b1675dSTing-Kang Chang# Run encryption 151*e7b1675dSTing-Kang ChangASSOCIATED_DATA="header information" 152*e7b1675dSTing-Kang Changtest_command ${CLI} --mode encrypt --keyset_path "${KEYSET_FILE}" \ 153*e7b1675dSTing-Kang Chang --input_path "${DATA_FILE}" --output_path "${DATA_FILE}.encrypted" \ 154*e7b1675dSTing-Kang Chang --associated_data "${ASSOCIATED_DATA}" 155*e7b1675dSTing-Kang Chang 156*e7b1675dSTing-Kang Changif (( TEST_STATUS == 0 )); then 157*e7b1675dSTing-Kang Chang echo "+++ Encryption successful." 158*e7b1675dSTing-Kang Changelse 159*e7b1675dSTing-Kang Chang echo "--- Encryption failed." 160*e7b1675dSTing-Kang Chang exit 1 161*e7b1675dSTing-Kang Changfi 162*e7b1675dSTing-Kang Chang 163*e7b1675dSTing-Kang Chang# Run decryption 164*e7b1675dSTing-Kang ChangMODIFIED_ASSOCIATED_DATA="modified header information" 165*e7b1675dSTing-Kang Changtest_command ${CLI} --mode decrypt --keyset_path "${KEYSET_FILE}" \ 166*e7b1675dSTing-Kang Chang --input_path "${DATA_FILE}.encrypted" --output_path "${DATA_FILE}.decrypted" \ 167*e7b1675dSTing-Kang Chang --associated_data "${MODIFIED_ASSOCIATED_DATA}" 168*e7b1675dSTing-Kang Chang 169*e7b1675dSTing-Kang Changif (( TEST_STATUS == 1 )); then 170*e7b1675dSTing-Kang Chang echo "+++ Decryption failed as expected." 171*e7b1675dSTing-Kang Changelse 172*e7b1675dSTing-Kang Chang echo "--- Decryption succeeded but expected to fail." 173*e7b1675dSTing-Kang Chang exit 1 174*e7b1675dSTing-Kang Changfi 175