1*e7b1675dSTing-Kang Chang#!/bin/bash 2*e7b1675dSTing-Kang Chang# Copyright 2021 Google LLC 3*e7b1675dSTing-Kang Chang# 4*e7b1675dSTing-Kang Chang# Licensed under the Apache License, Version 2.0 (the "License"); 5*e7b1675dSTing-Kang Chang# you may not use this file except in compliance with the License. 6*e7b1675dSTing-Kang Chang# You may obtain a copy of the License at 7*e7b1675dSTing-Kang Chang# 8*e7b1675dSTing-Kang Chang# http://www.apache.org/licenses/LICENSE-2.0 9*e7b1675dSTing-Kang Chang# 10*e7b1675dSTing-Kang Chang# Unless required by applicable law or agreed to in writing, software 11*e7b1675dSTing-Kang Chang# distributed under the License is distributed on an "AS IS" BASIS, 12*e7b1675dSTing-Kang Chang# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13*e7b1675dSTing-Kang Chang# See the License for the specific language governing permissions and 14*e7b1675dSTing-Kang Chang# limitations under the License. 15*e7b1675dSTing-Kang Chang################################################################################ 16*e7b1675dSTing-Kang Chang 17*e7b1675dSTing-Kang Changset -euo pipefail 18*e7b1675dSTing-Kang Chang 19*e7b1675dSTing-Kang Chang############################################################################# 20*e7b1675dSTing-Kang Chang##### Tests for digital signature example. 21*e7b1675dSTing-Kang Chang 22*e7b1675dSTing-Kang ChangCLI="$1" 23*e7b1675dSTing-Kang ChangKEYSET_FILE_PRIVATE="$2" 24*e7b1675dSTing-Kang ChangKEYSET_FILE_PUBLIC="$3" 25*e7b1675dSTing-Kang Chang 26*e7b1675dSTing-Kang ChangDATA_FILE="${TEST_TMPDIR}/example_data.txt" 27*e7b1675dSTing-Kang ChangSIGNATURE_FILE="${TEST_TMPDIR}/expected_signature.txt" 28*e7b1675dSTing-Kang Chang 29*e7b1675dSTing-Kang Changecho "This is some message to be verified." > "${DATA_FILE}" 30*e7b1675dSTing-Kang Chang 31*e7b1675dSTing-Kang Chang############################################################################# 32*e7b1675dSTing-Kang Chang 33*e7b1675dSTing-Kang Chang# A helper function for getting the return code of a command that may fail 34*e7b1675dSTing-Kang Chang# Temporarily disables error safety and stores return value in $TEST_STATUS 35*e7b1675dSTing-Kang Chang# Usage: 36*e7b1675dSTing-Kang Chang# % test_command somecommand some args 37*e7b1675dSTing-Kang Chang# % echo $TEST_STATUS 38*e7b1675dSTing-Kang Changtest_command() { 39*e7b1675dSTing-Kang Chang set +e 40*e7b1675dSTing-Kang Chang "$@" 41*e7b1675dSTing-Kang Chang TEST_STATUS=$? 42*e7b1675dSTing-Kang Chang set -e 43*e7b1675dSTing-Kang Chang} 44*e7b1675dSTing-Kang Chang 45*e7b1675dSTing-Kang Changprint_test() { 46*e7b1675dSTing-Kang Chang echo "+++ Starting test $1..." 47*e7b1675dSTing-Kang Chang} 48*e7b1675dSTing-Kang Chang 49*e7b1675dSTing-Kang Chang 50*e7b1675dSTing-Kang Chang############################################################################# 51*e7b1675dSTing-Kang Chang 52*e7b1675dSTing-Kang Changprint_test "normal_signing_and_verification" 53*e7b1675dSTing-Kang Chang 54*e7b1675dSTing-Kang Chang# Run signing 55*e7b1675dSTing-Kang Changtest_command ${CLI} --mode sign \ 56*e7b1675dSTing-Kang Chang --keyset_path "${KEYSET_FILE_PRIVATE}" \ 57*e7b1675dSTing-Kang Chang --data_path "${DATA_FILE}" --signature_path "${SIGNATURE_FILE}" 58*e7b1675dSTing-Kang Chang 59*e7b1675dSTing-Kang Chang# Run verification 60*e7b1675dSTing-Kang Changtest_command ${CLI} --mode verify \ 61*e7b1675dSTing-Kang Chang --keyset_path "${KEYSET_FILE_PUBLIC}" \ 62*e7b1675dSTing-Kang Chang --data_path "${DATA_FILE}" --signature_path "${SIGNATURE_FILE}" 63*e7b1675dSTing-Kang Chang 64*e7b1675dSTing-Kang Changif (( TEST_STATUS == 0 )); then 65*e7b1675dSTing-Kang Chang echo "+++ Success: Signature is valid." 66*e7b1675dSTing-Kang Changelse 67*e7b1675dSTing-Kang Chang echo "--- Failure: the Signature is invalid." 68*e7b1675dSTing-Kang Chang exit 1 69*e7b1675dSTing-Kang Changfi 70*e7b1675dSTing-Kang Chang 71*e7b1675dSTing-Kang Chang 72*e7b1675dSTing-Kang Chang############################################################################# 73*e7b1675dSTing-Kang Chang 74*e7b1675dSTing-Kang Changprint_test "signature_verification_fails_with_incorrect_signature" 75*e7b1675dSTing-Kang Chang 76*e7b1675dSTing-Kang Chang# Create a wrong signature. 77*e7b1675dSTing-Kang Changecho "ABCABCABCD" > $SIGNATURE_FILE 78*e7b1675dSTing-Kang Chang 79*e7b1675dSTing-Kang Chang# Run verification. 80*e7b1675dSTing-Kang Changtest_command ${CLI} --mode verify \ 81*e7b1675dSTing-Kang Chang --keyset_path "${KEYSET_FILE_PUBLIC}" \ 82*e7b1675dSTing-Kang Chang --data_path "${DATA_FILE}" --signature_path "${SIGNATURE_FILE}" 83*e7b1675dSTing-Kang Chang 84*e7b1675dSTing-Kang Changif (( TEST_STATUS != 0 )); then 85*e7b1675dSTing-Kang Chang echo "+++ Success: Signature verification failed for invalid signature." 86*e7b1675dSTing-Kang Changelse 87*e7b1675dSTing-Kang Chang echo "--- Failure: Signature passed for an invalid signature." 88*e7b1675dSTing-Kang Chang exit 1 89*e7b1675dSTing-Kang Changfi 90*e7b1675dSTing-Kang Chang 91*e7b1675dSTing-Kang Chang 92*e7b1675dSTing-Kang Chang############################################################################# 93*e7b1675dSTing-Kang Chang 94*e7b1675dSTing-Kang Changprint_test "signature_verification_fails_with_incorrect_data" 95*e7b1675dSTing-Kang Chang 96*e7b1675dSTing-Kang Chang# Run signing 97*e7b1675dSTing-Kang Changtest_command ${CLI} --mode sign \ 98*e7b1675dSTing-Kang Chang --keyset_path "${KEYSET_FILE_PRIVATE}" \ 99*e7b1675dSTing-Kang Chang --data_path "${DATA_FILE}" --signature_path "${SIGNATURE_FILE}" 100*e7b1675dSTing-Kang Chang 101*e7b1675dSTing-Kang Chang# Modify the data. 102*e7b1675dSTing-Kang Changecho "ABCABCABCD" >> $DATA_FILE 103*e7b1675dSTing-Kang Chang 104*e7b1675dSTing-Kang Chang# Run verification. 105*e7b1675dSTing-Kang Changtest_command ${CLI} --mode verify \ 106*e7b1675dSTing-Kang Chang --keyset_path "${KEYSET_FILE_PUBLIC}" \ 107*e7b1675dSTing-Kang Chang --data_path "${DATA_FILE}" --signature_path "${SIGNATURE_FILE}" 108*e7b1675dSTing-Kang Chang 109*e7b1675dSTing-Kang Changif (( TEST_STATUS != 0 )); then 110*e7b1675dSTing-Kang Chang echo "+++ Success: Signature verification failed for invalid signature." 111*e7b1675dSTing-Kang Changelse 112*e7b1675dSTing-Kang Chang echo "--- Failure: Signature passed for an invalid signature." 113*e7b1675dSTing-Kang Chang exit 1 114*e7b1675dSTing-Kang Changfi 115*e7b1675dSTing-Kang Chang 116*e7b1675dSTing-Kang Chang 117*e7b1675dSTing-Kang Chang############################################################################# 118*e7b1675dSTing-Kang Chang 119*e7b1675dSTing-Kang Changprint_test "singing_fails_with_a_wrong_keyset" 120*e7b1675dSTing-Kang Chang 121*e7b1675dSTing-Kang Chang# Run computation. 122*e7b1675dSTing-Kang Changtest_command ${CLI} --mode verify \ 123*e7b1675dSTing-Kang Chang --keyset_path "${KEYSET_FILE_PRIVATE}" \ 124*e7b1675dSTing-Kang Chang --data_path "${DATA_FILE}" --signature_path "${SIGNATURE_FILE}" 125*e7b1675dSTing-Kang Chang 126*e7b1675dSTing-Kang Changif (( TEST_STATUS != 0 )); then 127*e7b1675dSTing-Kang Chang echo "+++ Success: Signature computation failed with public keyset." 128*e7b1675dSTing-Kang Changelse 129*e7b1675dSTing-Kang Chang echo "--- Failure: Signature computation did not fail with public keyset." 130*e7b1675dSTing-Kang Chang exit 1 131*e7b1675dSTing-Kang Changfi 132