1#!/bin/bash 2# Copyright 2021 Google LLC 3# 4# Licensed under the Apache License, Version 2.0 (the "License"); 5# you may not use this file except in compliance with the License. 6# You may obtain a copy of the License at 7# 8# http://www.apache.org/licenses/LICENSE-2.0 9# 10# Unless required by applicable law or agreed to in writing, software 11# distributed under the License is distributed on an "AS IS" BASIS, 12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13# See the License for the specific language governing permissions and 14# limitations under the License. 15################################################################################ 16 17set -euo pipefail 18 19############################################################################# 20##### Tests for digital signature example. 21 22CLI="$1" 23KEYSET_FILE_PRIVATE="$2" 24KEYSET_FILE_PUBLIC="$3" 25 26DATA_FILE="${TEST_TMPDIR}/example_data.txt" 27SIGNATURE_FILE="${TEST_TMPDIR}/expected_signature.txt" 28 29echo "This is some message to be verified." > "${DATA_FILE}" 30 31############################################################################# 32 33# A helper function for getting the return code of a command that may fail 34# Temporarily disables error safety and stores return value in $TEST_STATUS 35# Usage: 36# % test_command somecommand some args 37# % echo $TEST_STATUS 38test_command() { 39 set +e 40 "$@" 41 TEST_STATUS=$? 42 set -e 43} 44 45print_test() { 46 echo "+++ Starting test $1..." 47} 48 49 50############################################################################# 51 52print_test "normal_signing_and_verification" 53 54# Run signing 55test_command ${CLI} --mode sign \ 56 --keyset_path "${KEYSET_FILE_PRIVATE}" \ 57 --data_path "${DATA_FILE}" --signature_path "${SIGNATURE_FILE}" 58 59# Run verification 60test_command ${CLI} --mode verify \ 61 --keyset_path "${KEYSET_FILE_PUBLIC}" \ 62 --data_path "${DATA_FILE}" --signature_path "${SIGNATURE_FILE}" 63 64if (( TEST_STATUS == 0 )); then 65 echo "+++ Success: Signature is valid." 66else 67 echo "--- Failure: the Signature is invalid." 68 exit 1 69fi 70 71 72############################################################################# 73 74print_test "signature_verification_fails_with_incorrect_signature" 75 76# Create a wrong signature. 77echo "ABCABCABCD" > $SIGNATURE_FILE 78 79# Run verification. 80test_command ${CLI} --mode verify \ 81 --keyset_path "${KEYSET_FILE_PUBLIC}" \ 82 --data_path "${DATA_FILE}" --signature_path "${SIGNATURE_FILE}" 83 84if (( TEST_STATUS != 0 )); then 85 echo "+++ Success: Signature verification failed for invalid signature." 86else 87 echo "--- Failure: Signature passed for an invalid signature." 88 exit 1 89fi 90 91 92############################################################################# 93 94print_test "signature_verification_fails_with_incorrect_data" 95 96# Run signing 97test_command ${CLI} --mode sign \ 98 --keyset_path "${KEYSET_FILE_PRIVATE}" \ 99 --data_path "${DATA_FILE}" --signature_path "${SIGNATURE_FILE}" 100 101# Modify the data. 102echo "ABCABCABCD" >> $DATA_FILE 103 104# Run verification. 105test_command ${CLI} --mode verify \ 106 --keyset_path "${KEYSET_FILE_PUBLIC}" \ 107 --data_path "${DATA_FILE}" --signature_path "${SIGNATURE_FILE}" 108 109if (( TEST_STATUS != 0 )); then 110 echo "+++ Success: Signature verification failed for invalid signature." 111else 112 echo "--- Failure: Signature passed for an invalid signature." 113 exit 1 114fi 115 116 117############################################################################# 118 119print_test "singing_fails_with_a_wrong_keyset" 120 121# Run computation. 122test_command ${CLI} --mode verify \ 123 --keyset_path "${KEYSET_FILE_PRIVATE}" \ 124 --data_path "${DATA_FILE}" --signature_path "${SIGNATURE_FILE}" 125 126if (( TEST_STATUS != 0 )); then 127 echo "+++ Success: Signature computation failed with public keyset." 128else 129 echo "--- Failure: Signature computation did not fail with public keyset." 130 exit 1 131fi 132