xref: /aosp_15_r20/external/tink/python/examples/aead/aead_test.sh (revision e7b1675dde1b92d52ec075b0a92829627f2c52a5) 
1#!/bin/bash
2# Copyright 2021 Google LLC
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8#      http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15################################################################################
16
17set -euo pipefail
18
19#############################################################################
20# Tests for AEAD example.
21#############################################################################
22
23CLI="$1"
24KEYSET_FILE="$2"
25
26DATA_FILE="${TEST_TMPDIR}/example_data.txt"
27
28echo "This is some plaintext to be encrypted." > "${DATA_FILE}"
29
30#############################################################################
31
32# A helper function for getting the return code of a command that may fail.
33# Temporarily disables error safety and stores return value in ${TEST_STATUS}
34# Usage:
35#   % test_command somecommand some args
36#   % echo ${TEST_STATUS}
37test_command() {
38  set +e
39  "$@"
40  TEST_STATUS=$?
41  set -e
42}
43
44print_test() {
45  echo "+++ Starting test $1..."
46}
47
48#############################################################################
49
50print_test "encrypt"
51
52# Run encryption
53test_command ${CLI} --mode encrypt --keyset_path "${KEYSET_FILE}" \
54  --input_path "${DATA_FILE}" --output_path "${DATA_FILE}.encrypted"
55
56if (( TEST_STATUS == 0 )); then
57  echo "+++ Success: file was encrypted."
58else
59  echo "--- Failure: could not encrypt file."
60  exit 1
61fi
62
63#############################################################################
64
65print_test "decrypt"
66
67# Run decryption
68test_command ${CLI} --mode decrypt --keyset_path "${KEYSET_FILE}" \
69  --input_path "${DATA_FILE}.encrypted" --output_path "${DATA_FILE}.decrypted"
70
71if (( TEST_STATUS == 0 )); then
72  echo "+++ Success: file was successfully decrypted."
73else
74  echo "--- Failure: could not decrypt file."
75  exit 1
76fi
77
78if cmp -s "${DATA_FILE}" "$DATA_FILE.decrypted"; then
79  echo "+++ Success: file content is the same after decryption."
80else
81  echo "--- Failure: file content is not the same after decryption."
82  exit 1
83fi
84
85
86#############################################################################
87
88print_test "test_encrypt_decrypt_fails_with_modified_ciphertext"
89
90# Run encryption
91test_command ${CLI} --mode  encrypt --keyset_path "${KEYSET_FILE}" \
92  --input_path "${DATA_FILE}" --output_path "${DATA_FILE}.encrypted"
93
94if (( TEST_STATUS == 0 )); then
95  echo "+++ Encryption successful."
96else
97  echo "--- Encryption failed."
98  exit 1
99fi
100
101# Modify ciphertext
102echo "modified" >> "${DATA_FILE}.encrypted"
103
104# Run decryption
105test_command ${CLI} --mode decrypt --keyset_path "${KEYSET_FILE}" \
106  --input_path "${DATA_FILE}.encrypted" --output_path  "${DATA_FILE}.decrypted"
107
108if (( TEST_STATUS == 1 )); then
109  echo "+++ Decryption failed as expected."
110else
111  echo "--- Decryption succeeded but expected to fail."
112  exit 1
113fi
114
115#############################################################################
116
117print_test "test_encrypt_decrypt_succeeds_with_associated_data"
118
119# Run encryption
120ASSOCIATED_DATA="header information"
121test_command ${CLI} --mode encrypt --keyset_path "${KEYSET_FILE}" \
122  --input_path "${DATA_FILE}" --output_path "${DATA_FILE}.encrypted" \
123  --associated_data "${ASSOCIATED_DATA}"
124
125if (( TEST_STATUS == 0 )); then
126  echo "+++ Encryption successful."
127else
128  echo "--- Encryption failed."
129  exit 1
130fi
131
132# Run decryption
133test_command ${CLI} --mode decrypt --keyset_path "${KEYSET_FILE}" \
134  --input_path "${DATA_FILE}.encrypted" --output_path "${DATA_FILE}.decrypted" \
135  --associated_data "${ASSOCIATED_DATA}"
136
137if (( TEST_STATUS == 0 )); then
138  echo "+++ Decryption successful."
139else
140  echo "--- Decryption failed."
141  exit 1
142fi
143
144cmp --silent "${DATA_FILE}" "${DATA_FILE}.decrypted"
145
146#############################################################################
147
148print_test "test_encrypt_decrypt_fails_with_modified_associated_data"
149
150# Run encryption
151ASSOCIATED_DATA="header information"
152test_command ${CLI} --mode encrypt --keyset_path "${KEYSET_FILE}" \
153  --input_path "${DATA_FILE}" --output_path "${DATA_FILE}.encrypted" \
154  --associated_data "${ASSOCIATED_DATA}"
155
156if (( TEST_STATUS == 0 )); then
157  echo "+++ Encryption successful."
158else
159  echo "--- Encryption failed."
160  exit 1
161fi
162
163# Run decryption
164MODIFIED_ASSOCIATED_DATA="modified header information"
165test_command ${CLI} --mode decrypt --keyset_path "${KEYSET_FILE}" \
166  --input_path "${DATA_FILE}.encrypted" --output_path "${DATA_FILE}.decrypted" \
167  --associated_data "${MODIFIED_ASSOCIATED_DATA}"
168
169if (( TEST_STATUS == 1 )); then
170  echo "+++ Decryption failed as expected."
171else
172  echo "--- Decryption succeeded but expected to fail."
173  exit 1
174fi
175