1*e7b1675dSTing-Kang Chang#!/bin/bash 2*e7b1675dSTing-Kang Chang# Copyright 2021 Google LLC 3*e7b1675dSTing-Kang Chang# 4*e7b1675dSTing-Kang Chang# Licensed under the Apache License, Version 2.0 (the "License"); 5*e7b1675dSTing-Kang Chang# you may not use this file except in compliance with the License. 6*e7b1675dSTing-Kang Chang# You may obtain a copy of the License at 7*e7b1675dSTing-Kang Chang# 8*e7b1675dSTing-Kang Chang# http://www.apache.org/licenses/LICENSE-2.0 9*e7b1675dSTing-Kang Chang# 10*e7b1675dSTing-Kang Chang# Unless required by applicable law or agreed to in writing, software 11*e7b1675dSTing-Kang Chang# distributed under the License is distributed on an "AS IS" BASIS, 12*e7b1675dSTing-Kang Chang# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13*e7b1675dSTing-Kang Chang# See the License for the specific language governing permissions and 14*e7b1675dSTing-Kang Chang# limitations under the License. 15*e7b1675dSTing-Kang Chang################################################################################ 16*e7b1675dSTing-Kang Chang 17*e7b1675dSTing-Kang Changset -euo pipefail 18*e7b1675dSTing-Kang Chang 19*e7b1675dSTing-Kang Chang############################################################################# 20*e7b1675dSTing-Kang Chang# Tests for MAC Python example. 21*e7b1675dSTing-Kang Chang############################################################################# 22*e7b1675dSTing-Kang Chang 23*e7b1675dSTing-Kang ChangCLI="$1" 24*e7b1675dSTing-Kang ChangKEYSET_FILE="$2" 25*e7b1675dSTing-Kang Chang 26*e7b1675dSTing-Kang ChangDATA_FILE="${TEST_TMPDIR}/example_data.txt" 27*e7b1675dSTing-Kang ChangMAC_FILE="${TEST_TMPDIR}/expected_mac.txt" 28*e7b1675dSTing-Kang Chang 29*e7b1675dSTing-Kang Changecho "This is some message to be verified." > "${DATA_FILE}" 30*e7b1675dSTing-Kang Chang 31*e7b1675dSTing-Kang Chang############################################################################# 32*e7b1675dSTing-Kang Chang 33*e7b1675dSTing-Kang Chang# A helper function for getting the return code of a command that may fail 34*e7b1675dSTing-Kang Chang# Temporarily disables error safety and stores return value in $TEST_STATUS 35*e7b1675dSTing-Kang Chang# Usage: 36*e7b1675dSTing-Kang Chang# % test_command somecommand some args 37*e7b1675dSTing-Kang Chang# % echo $TEST_STATUS 38*e7b1675dSTing-Kang Changtest_command() { 39*e7b1675dSTing-Kang Chang set +e 40*e7b1675dSTing-Kang Chang "$@" 41*e7b1675dSTing-Kang Chang TEST_STATUS=$? 42*e7b1675dSTing-Kang Chang set -e 43*e7b1675dSTing-Kang Chang} 44*e7b1675dSTing-Kang Chang 45*e7b1675dSTing-Kang Changprint_test() { 46*e7b1675dSTing-Kang Chang echo "+++ Starting test $1..." 47*e7b1675dSTing-Kang Chang} 48*e7b1675dSTing-Kang Chang 49*e7b1675dSTing-Kang Chang############################################################################# 50*e7b1675dSTing-Kang Chang 51*e7b1675dSTing-Kang Changprint_test "mac_computation_and_verification" 52*e7b1675dSTing-Kang Chang 53*e7b1675dSTing-Kang Chang# Run computation. 54*e7b1675dSTing-Kang Chang${CLI} --mode compute --keyset_path "${KEYSET_FILE}" \ 55*e7b1675dSTing-Kang Chang --data_path "${DATA_FILE}" --mac_path "${MAC_FILE}" 56*e7b1675dSTing-Kang Chang 57*e7b1675dSTing-Kang Chang# Run verification. 58*e7b1675dSTing-Kang Changtest_command ${CLI} --mode verify --keyset_path "${KEYSET_FILE}" \ 59*e7b1675dSTing-Kang Chang --data_path "${DATA_FILE}" --mac_path "${MAC_FILE}" 60*e7b1675dSTing-Kang Chang 61*e7b1675dSTing-Kang Changif (( TEST_STATUS == 0 )); then 62*e7b1675dSTing-Kang Chang echo "+++ Success: MAC computation was successful." 63*e7b1675dSTing-Kang Changelse 64*e7b1675dSTing-Kang Chang echo "--- Failure: MAC computation was unsuccessful" 65*e7b1675dSTing-Kang Chang exit 1 66*e7b1675dSTing-Kang Changfi 67*e7b1675dSTing-Kang Chang 68*e7b1675dSTing-Kang Chang 69*e7b1675dSTing-Kang Chang############################################################################# 70*e7b1675dSTing-Kang Chang 71*e7b1675dSTing-Kang Changprint_test "mac_verification_fails_with_incorrect_mac" 72*e7b1675dSTing-Kang Chang 73*e7b1675dSTing-Kang Chang# Run computation. 74*e7b1675dSTing-Kang Chang${CLI} --mode compute --keyset_path "${KEYSET_FILE}" \ 75*e7b1675dSTing-Kang Chang --data_path "${DATA_FILE}" --mac_path "${MAC_FILE}" 76*e7b1675dSTing-Kang Chang 77*e7b1675dSTing-Kang Chang# Modify MAC. 78*e7b1675dSTing-Kang Changecho "DEADBEEF" >> "${MAC_FILE}" 79*e7b1675dSTing-Kang Chang 80*e7b1675dSTing-Kang Chang# Run verification. 81*e7b1675dSTing-Kang Changtest_command ${CLI} --mode verify --keyset_path "${KEYSET_FILE}" \ 82*e7b1675dSTing-Kang Chang --data_path "${DATA_FILE}" --mac_path "${MAC_FILE}" 83*e7b1675dSTing-Kang Chang 84*e7b1675dSTing-Kang Changif (( TEST_STATUS != 0 )); then 85*e7b1675dSTing-Kang Chang echo "+++ Success: MAC verification failed for a modified mac." 86*e7b1675dSTing-Kang Changelse 87*e7b1675dSTing-Kang Chang echo "--- Failure: MAC verification passed for a modified mac." 88*e7b1675dSTing-Kang Chang exit 1 89*e7b1675dSTing-Kang Changfi 90*e7b1675dSTing-Kang Chang 91*e7b1675dSTing-Kang Chang 92*e7b1675dSTing-Kang Chang############################################################################# 93*e7b1675dSTing-Kang Chang 94*e7b1675dSTing-Kang Changprint_test "mac_verification_fails_with_modified_message" 95*e7b1675dSTing-Kang Chang 96*e7b1675dSTing-Kang Chang# Run computation. 97*e7b1675dSTing-Kang Chang${CLI} --mode compute --keyset_path "${KEYSET_FILE}" \ 98*e7b1675dSTing-Kang Chang --data_path "${DATA_FILE}" --mac_path "${MAC_FILE}" 99*e7b1675dSTing-Kang Chang 100*e7b1675dSTing-Kang Chang# Modify MAC. 101*e7b1675dSTing-Kang Changecho "modified" >> "${DATA_FILE}" 102*e7b1675dSTing-Kang Chang 103*e7b1675dSTing-Kang Chang# Run verification. 104*e7b1675dSTing-Kang Changtest_command ${CLI} --mode verify --keyset_path "${KEYSET_FILE}" \ 105*e7b1675dSTing-Kang Chang --data_path "${DATA_FILE}" --mac_path "${MAC_FILE}" 106*e7b1675dSTing-Kang Chang 107*e7b1675dSTing-Kang Changif (( TEST_STATUS != 0 )); then 108*e7b1675dSTing-Kang Chang echo "+++ Success: MAC verification failed for a modified message." 109*e7b1675dSTing-Kang Changelse 110*e7b1675dSTing-Kang Chang echo "--- Failure: MAC verification passed for a modified message." 111*e7b1675dSTing-Kang Chang exit 1 112*e7b1675dSTing-Kang Changfi 113*e7b1675dSTing-Kang Chang 114*e7b1675dSTing-Kang Chang 115*e7b1675dSTing-Kang Chang############################################################################# 116*e7b1675dSTing-Kang Chang 117*e7b1675dSTing-Kang Changprint_test "bad_key_computation" 118*e7b1675dSTing-Kang Chang 119*e7b1675dSTing-Kang Chang# Create a plaintext and bad keyset. 120*e7b1675dSTing-Kang ChangBAD_KEY_FILE="${TEST_TMPDIR}/bad_key.txt" 121*e7b1675dSTing-Kang Changecho "not a key" > "${BAD_KEY_FILE}" 122*e7b1675dSTing-Kang Chang 123*e7b1675dSTing-Kang Chang# Run computation. 124*e7b1675dSTing-Kang Changtest_command ${CLI} --mode compute --keyset_path "${BAD_KEY_FILE}" \ 125*e7b1675dSTing-Kang Chang --data_path "${DATA_FILE}" --mac_path "${MAC_FILE}" 126*e7b1675dSTing-Kang Chang 127*e7b1675dSTing-Kang Changif (( TEST_STATUS != 0 )); then 128*e7b1675dSTing-Kang Chang echo "+++ Success: MAC computation failed with bad keyset." 129*e7b1675dSTing-Kang Changelse 130*e7b1675dSTing-Kang Chang echo "--- Failure: MAC computation did not fail with bad keyset" 131*e7b1675dSTing-Kang Chang exit 1 132*e7b1675dSTing-Kang Changfi 133