1#!/bin/bash 2# Copyright 2021 Google LLC 3# 4# Licensed under the Apache License, Version 2.0 (the "License"); 5# you may not use this file except in compliance with the License. 6# You may obtain a copy of the License at 7# 8# http://www.apache.org/licenses/LICENSE-2.0 9# 10# Unless required by applicable law or agreed to in writing, software 11# distributed under the License is distributed on an "AS IS" BASIS, 12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13# See the License for the specific language governing permissions and 14# limitations under the License. 15################################################################################ 16 17set -euo pipefail 18 19############################################################################# 20# Tests for Deterministic AEAD example. 21############################################################################# 22 23CLI="$1" 24KEYSET_FILE="$2" 25 26DATA_FILE="${TEST_TMPDIR}/example_data.txt" 27 28echo "This is some plaintext to be encrypted." > "${DATA_FILE}" 29 30############################################################################# 31 32# A helper function for getting the return code of a command that may fail 33# Temporarily disables error safety and stores return value in ${TEST_STATUS} 34# Usage: 35# % test_command somecommand some args 36# % echo ${TEST_STATUS} 37test_command() { 38 set +e 39 "$@" 40 TEST_STATUS=$? 41 set -e 42} 43 44print_test() { 45 echo "+++ Starting test $1..." 46} 47 48############################################################################# 49 50print_test "encrypt" 51 52# Run encryption 53test_command ${CLI} --mode encrypt --keyset_path "${KEYSET_FILE}" \ 54 --input_path "${DATA_FILE}" --output_path "${DATA_FILE}.encrypted" 55 56if (( TEST_STATUS == 0 )); then 57 echo "+++ Success: file was encrypted." 58else 59 echo "--- Failure: could not encrypt file." 60 exit 1 61fi 62 63############################################################################# 64 65print_test "decrypt" 66 67# Run decryption 68test_command ${CLI} --mode decrypt --keyset_path "${KEYSET_FILE}" \ 69 --input_path "${DATA_FILE}.encrypted" --output_path "${DATA_FILE}.decrypted" 70 71if (( TEST_STATUS == 0 )); then 72 echo "+++ Success: file was successfully decrypted." 73else 74 echo "--- Failure: could not decrypt file." 75 exit 1 76fi 77 78if cmp -s "${DATA_FILE}" "$DATA_FILE.decrypted"; then 79 echo "+++ Success: file content is the same after decryption." 80else 81 echo "--- Failure: file content is not the same after decryption." 82 exit 1 83fi 84 85############################################################################# 86 87print_test "encrypt_is_deterministically" 88 89# Run encryption two times 90test_command ${CLI} --mode encrypt --keyset_path "${KEYSET_FILE}" \ 91 --input_path "${DATA_FILE}" --output_path "${DATA_FILE}.encrypted1" 92 93test_command ${CLI} --mode encrypt --keyset_path "${KEYSET_FILE}" \ 94 --input_path "${DATA_FILE}" --output_path "${DATA_FILE}.encrypted2" 95 96if cmp -s "${DATA_FILE}.encrypted1" "${DATA_FILE}.encrypted2"; then 97 echo "+++ Success: ciphertext is the same." 98else 99 echo "--- Failure: ciphertext is different." 100 exit 1 101fi 102 103############################################################################# 104 105print_test "test_encrypt_decrypt_fails_with_modified_ciphertext" 106 107# Run encryption 108test_command ${CLI} --mode encrypt --keyset_path "${KEYSET_FILE}" \ 109 --input_path "${DATA_FILE}" --output_path "${DATA_FILE}.encrypted" 110 111if (( TEST_STATUS == 0 )); then 112 echo "+++ Encryption successful." 113else 114 echo "--- Encryption failed." 115 exit 1 116fi 117 118# Modify ciphertext 119echo "modified" >> "${DATA_FILE}.encrypted" 120 121# Run decryption 122test_command ${CLI} --mode decrypt --keyset_path "${KEYSET_FILE}" \ 123 --input_path "${DATA_FILE}.encrypted" --output_path "${DATA_FILE}.decrypted" 124 125if (( TEST_STATUS == 1 )); then 126 echo "+++ Decryption failed as expected." 127else 128 echo "--- Decryption succeeded but expected to fail." 129 exit 1 130fi 131 132############################################################################# 133 134print_test "test_encrypt_decrypt_succeeds_with_associated_data" 135 136# Run encryption 137ASSOCIATED_DATA="header information" 138test_command ${CLI} --mode encrypt --keyset_path "${KEYSET_FILE}" \ 139 --input_path "${DATA_FILE}" --output_path "${DATA_FILE}.encrypted" \ 140 --associated_data "${ASSOCIATED_DATA}" 141 142if (( TEST_STATUS == 0 )); then 143 echo "+++ Encryption successful." 144else 145 echo "--- Encryption failed." 146 exit 1 147fi 148 149# Run decryption 150test_command ${CLI} --mode decrypt --keyset_path "${KEYSET_FILE}" \ 151 --input_path "${DATA_FILE}.encrypted" --output_path "${DATA_FILE}.decrypted" \ 152 --associated_data "${ASSOCIATED_DATA}" 153 154if (( TEST_STATUS == 0 )); then 155 echo "+++ Decryption successful." 156else 157 echo "--- Decryption failed." 158 exit 1 159fi 160 161cmp --silent "${DATA_FILE}" "${DATA_FILE}.decrypted" 162 163############################################################################# 164 165print_test "test_encrypt_decrypt_fails_with_modified_associated_data" 166 167# Run encryption 168ASSOCIATED_DATA="header information" 169test_command ${CLI} --mode encrypt --keyset_path "${KEYSET_FILE}" \ 170 --input_path "${DATA_FILE}" --output_path "${DATA_FILE}.encrypted" \ 171 --associated_data "${ASSOCIATED_DATA}" 172 173if (( TEST_STATUS == 0 )); then 174 echo "+++ Encryption successful." 175else 176 echo "--- Encryption failed." 177 exit 1 178fi 179 180# Run decryption 181MODIFIED_ASSOCIATED_DATA="modified header information" 182test_command ${CLI} --mode decrypt --keyset_path "${KEYSET_FILE}" \ 183 --input_path "${DATA_FILE}.encrypted" --output_path "${DATA_FILE}.decrypted" \ 184 --associated_data "${MODIFIED_ASSOCIATED_DATA}" 185 186if (( TEST_STATUS == 1 )); then 187 echo "+++ Decryption failed as expected." 188else 189 echo "--- Decryption succeeded but expected to fail." 190 exit 1 191fi 192