xref: /aosp_15_r20/external/tink/java_src/examples/deterministicaead/deterministic_aead_test.sh (revision e7b1675dde1b92d52ec075b0a92829627f2c52a5) 
1#!/bin/bash
2# Copyright 2021 Google LLC
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8#      http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15################################################################################
16
17set -euo pipefail
18
19#############################################################################
20##### Tests for Deterministic AEAD example.
21
22CLI="$1"
23KEYSET_FILE="$2"
24
25DATA_FILE="${TEST_TMPDIR}/example_data.txt"
26
27echo "This is some plaintext to be encrypted." > ${DATA_FILE}
28
29#############################################################################
30
31# A helper function for getting the return code of a command that may fail
32# Temporarily disables error safety and stores return value in ${TEST_STATUS}
33# Usage:
34# % test_command somecommand some args
35# % echo ${TEST_STATUS}
36test_command() {
37  set +e
38  "$@"
39  TEST_STATUS=$?
40  set -e
41}
42
43#############################################################################
44#### Test initialization and encryption
45test_name="encrypt"
46echo "+++ Starting test ${test_name}..."
47
48##### Run encryption
49test_command ${CLI} encrypt ${KEYSET_FILE} ${DATA_FILE} "${DATA_FILE}.encrypted"
50
51if [[ ${TEST_STATUS} -eq 0 ]]; then
52  echo "+++ Success: file was encrypted."
53else
54  echo "--- Failure: could not encrypt file."
55  exit 1
56fi
57
58#############################################################################
59#### Test if decryption succeeds and returns original file
60test_name="decrypt"
61echo "+++ Starting test $test_name..."
62
63##### Run decryption
64test_command  ${CLI} decrypt ${KEYSET_FILE} ${DATA_FILE}.encrypted "${DATA_FILE}.decrypted"
65
66if [[ ${TEST_STATUS} -eq 0 ]]; then
67  echo "+++ Success: file was successfully decrypted."
68else
69  echo "--- Failure: could not decrypt file."
70  exit 1
71fi
72
73if cmp -s $DATA_FILE "$DATA_FILE.decrypted"; then
74  echo "+++ Success: file content is the same after decryption."
75else
76  echo "--- Failure: file content is not the same after decryption."
77  exit 1
78fi
79
80#############################################################################
81#### Test encryption is deterministically
82test_name="encrypt_is_deterministically"
83echo "+++ Starting test ${test_name}..."
84
85##### Run encryption two times
86test_command ${CLI} encrypt ${KEYSET_FILE} ${DATA_FILE} "${DATA_FILE}.encrypted1"
87test_command ${CLI} encrypt ${KEYSET_FILE} ${DATA_FILE} "${DATA_FILE}.encrypted2"
88
89if cmp -s "${DATA_FILE}.encrypted1" "${DATA_FILE}.encrypted2"; then
90  echo "+++ Success: ciphertext is the same."
91else
92  echo "--- Failure: ciphertext is different."
93  exit 1
94fi
95
96#############################################################################
97#### Test decryption fails with modified ciphertext
98test_name="test_encrypt_decrypt_fails_with_modified_ciphertext"
99echo "+++ Starting test ${test_name}..."
100
101##### Run encryption
102test_command ${CLI} encrypt ${KEYSET_FILE} ${DATA_FILE} "${DATA_FILE}.encrypted"
103if [[ ${TEST_STATUS} -eq 0 ]]; then
104  echo "+++ Encryption successful."
105else
106  echo "--- Encryption failed."
107  exit 1
108fi
109
110# Modify ciphertext
111echo "modified" >> ${DATA_FILE}.encrypted
112
113##### Run decryption
114test_command ${CLI} decrypt ${KEYSET_FILE} ${DATA_FILE}.encrypted "${DATA_FILE}.decrypted"
115if [[ ${TEST_STATUS} -eq 1 ]]; then
116  echo "+++ Decryption failed as expected."
117else
118  echo "--- Decryption succeeded but expected to fail."
119  exit 1
120fi
121
122#############################################################################
123#### Test correct encryption and decryption with associated data
124test_name="test_encrypt_decrypt_succeeds_with_associated_data"
125echo "+++ Starting test ${test_name}..."
126
127##### Run encryption
128ASSOCIATED_DATA="header information"
129test_command ${CLI} encrypt ${KEYSET_FILE} ${DATA_FILE} "${DATA_FILE}.encrypted" "${ASSOCIATED_DATA}"
130if [[ ${TEST_STATUS} -eq 0 ]]; then
131  echo "+++ Encryption successful."
132else
133  echo "--- Encryption failed."
134  exit 1
135fi
136
137##### Run decryption
138test_command ${CLI} decrypt ${KEYSET_FILE} ${DATA_FILE}.encrypted "${DATA_FILE}.decrypted" "${ASSOCIATED_DATA}"
139if [[ ${TEST_STATUS} -eq 0 ]]; then
140  echo "+++ Decryption successful."
141else
142  echo "--- Decryption failed."
143  exit 1
144fi
145
146cmp --silent ${DATA_FILE} ${DATA_FILE}.decrypted
147
148#############################################################################
149#### Test decryption fails with modified associated data
150test_name="test_encrypt_decrypt_fails_with_modified_associated_data"
151echo "+++ Starting test ${test_name}..."
152
153##### Run encryption
154ASSOCIATED_DATA="header information"
155test_command ${CLI} encrypt ${KEYSET_FILE} ${DATA_FILE} "${DATA_FILE}.encrypted" "${ASSOCIATED_DATA}"
156if [[ ${TEST_STATUS} -eq 0 ]]; then
157  echo "+++ Encryption successful."
158else
159  echo "--- Encryption failed."
160  exit 1
161fi
162
163##### Run decryption
164MODIFIED_ASSOCIATED_DATA="modified header information"
165test_command ${CLI} decrypt ${KEYSET_FILE} ${DATA_FILE}.encrypted "${DATA_FILE}.decrypted" "${MODIFIED_ASSOCIATED_DATA}"
166if [[ ${TEST_STATUS} -eq 1 ]]; then
167  echo "+++ Decryption failed as expected."
168else
169  echo "--- Decryption succeeded but expected to fail."
170  exit 1
171fi
172