pegh/test.sh

#!/bin/bash

export dummy_file="$1"
shift
export dummy_mb="$1"

[ "$dummy_file" = "" ] && export dummy_file='/tmp/randombytes'
[ "$dummy_mb" = "" ] && export dummy_mb='100'

[ "$TEST_BINS" = "" ] && TEST_BINS="./pegh.openssl ./pegh.libsodium ./pegh.libsodium-openssl"

set -euxo pipefail

# try different size files to encrypt/decrypt
[ -e "$dummy_file" ] || dd if=/dev/urandom bs=1M "count=$dummy_mb" of="$dummy_file"

# try make if it's installed, otherwise fall back to cc
rm -f pegh

# compile against openssl
make PEGH_OPENSSL=1 || cc -O3 -DPEGH_OPENSSL pegh.c -lcrypto -o pegh
mv pegh pegh.openssl

# compile against libsodium
make PEGH_LIBSODIUM=1 || cc -O3 -DPEGH_LIBSODIUM pegh.c -lsodium -o pegh
mv pegh pegh.libsodium

# compile against both libsodium and openssl as a fallback for CPUs libsodium doesn't support
make PEGH_LIBSODIUM=1 PEGH_OPENSSL=1 || cc -O3 -DPEGH_LIBSODIUM -DPEGH_OPENSSL pegh.c -lsodium -lcrypto -o pegh
mv pegh pegh.libsodium-openssl

export key="$(< /dev/urandom tr -dc 'a-z0-9' | head -c12)"

echo "key: $key"

test () {
    bin="$1"
    shift
    bin_decrypt="${1:-$bin}"
    shift

    echo "testing binaries bin: $bin bin_decrypt: $bin_decrypt"

    set +eu
    if [ "$2" != "1" ]
    then
        # check both binaries through full pipe to see if it fails with an AES error
        echo a | "$bin" "$@" "$key" | "$bin_decrypt" -d "$key" >/dev/null
        # 19 is the special return code that means specifically libsodium-only and CPU doesn't support AES
        [ ${PIPESTATUS[1]} -eq 19 -o ${PIPESTATUS[2]} -eq 19 ] && set -eu && echo "skipping this test because libsodium doesn't support AES on this CPU" && return 0
    fi
    set -eu


    echo 'encrypting same data with same key should result in different ciphertext'
    cmp <(echo a | "$bin" "$@" "$key") <(echo a | "$bin" "$@" "$key") && echo "random generation broken? same data and key resulted in same decryption so salt generation is broken and this is insecure" && exit 1 || true

    echo 'encrypting then decrypting with the same key should succeed'
    "$bin" -e "$@" "$key" < "$dummy_file" | "$bin_decrypt" -d "$key" | cmp - "$dummy_file"

    echo 'test with -s 32 requiring 2gb of ram should succeed'
    # can send -s 32 or -m 2048 to decrypt command with identical effect
    "$bin" -e "$@" "$key" -s 32 < "$dummy_file" | "$bin_decrypt" -d "$key" -m 2048 | cmp - "$dummy_file"

    echo 'encrypting/decrypting with key in file should work, even when key has leading 0s and a trailing newline'
    "$bin" -e "$@" -f <(cat <(dd if=/dev/zero bs=1M count=1) <(echo "$key")) < "$dummy_file" | "$bin_decrypt" -d -f <(cat <(dd if=/dev/zero bs=1M count=1) <(echo "$key")) | cmp - "$dummy_file"

    set +e
    # these should fail
    echo 'encrypting with one key and decrypting with another should fail'
    "$bin" -e "$@" "$key" -i "$dummy_file" | "$bin_decrypt" -d "$key-wrongkey" | cmp - "$dummy_file" && echo "ERROR: appending -wrongkey to key somehow still worked" && exit 1

    echo 'encrypting/decrypting with key in file where last byte is different should fail'
    "$bin" -e "$@" -f <(cat <(dd if=/dev/zero bs=1M count=1) <(echo "$key") <(echo -n a)) < "$dummy_file" | "$bin_decrypt" -d -f <(cat <(dd if=/dev/zero bs=1M count=1) <(echo "$key") <(echo -n b)) | cmp - "$dummy_file" && echo "ERROR: differing last byte in password file somehow still worked" && exit 1

    echo 'large values of N without enough memory should fail'
    "$bin" -e "$@" "$key" -N 2000000 -i "$dummy_file" >/dev/null && echo "ERROR: N of 2 million without extra memory worked" && exit 1
    "$bin_decrypt" -d "$key" -N 2000000 -i "$dummy_file" >/dev/null && echo "ERROR: N of 2 million without extra memory worked" && exit 1

    echo 'bad decryption bytes are never output, file should be 0 bytes'
    echo 'hopefully this doesnt make it to disk' | "$bin" "$@" "$key" | cat - <(echo -n a) | "$bin_decrypt" -d "$key" -o bla.txt && exit 1
    [ -s bla.txt ] && echo "ERROR: bla.txt should be empty" && exit 1
    set -e
}

for bin in $TEST_BINS
do
    for bin_decrypt in $TEST_BINS
    do
        # test default versions
        time test $bin $bin_decrypt
        # test aes
        time test $bin $bin_decrypt -v 0
        # test chacha
        time test $bin $bin_decrypt -v 1
    done
done

echo "successful test run!"
Initial commit 2019-12-25 01:21:43 -05:00			`#!/bin/bash`
Practically rewrite all of pegh.c to operate on streams supporting unlimited length files 2019-12-26 15:46:55 -05:00
Add support for compiling against openssl OR libsodium, and tests for both against each other 2019-12-29 00:47:36 -05:00			`export dummy_file="$1"`
			`shift`
			`export dummy_mb="$1"`

Add CI builds 2019-12-27 01:00:10 -05:00			`[ "$dummy_file" = "" ] && export dummy_file='/tmp/randombytes'`
Add support for compiling against openssl OR libsodium, and tests for both against each other 2019-12-29 00:47:36 -05:00			`[ "$dummy_mb" = "" ] && export dummy_mb='100'`

CI: compile/test against libressl too 2019-12-30 00:10:18 -05:00			`[ "$TEST_BINS" = "" ] && TEST_BINS="./pegh.openssl ./pegh.libsodium ./pegh.libsodium-openssl"`
Add CI builds 2019-12-27 01:00:10 -05:00
			`set -euxo pipefail`
Practically rewrite all of pegh.c to operate on streams supporting unlimited length files 2019-12-26 15:46:55 -05:00
Initial commit 2019-12-25 01:21:43 -05:00			`# try different size files to encrypt/decrypt`
Add support for compiling against openssl OR libsodium, and tests for both against each other 2019-12-29 00:47:36 -05:00			`[ -e "$dummy_file" ] \|\| dd if=/dev/urandom bs=1M "count=$dummy_mb" of="$dummy_file"`
Initial commit 2019-12-25 01:21:43 -05:00
Practically rewrite all of pegh.c to operate on streams supporting unlimited length files 2019-12-26 15:46:55 -05:00			`# try make if it's installed, otherwise fall back to cc`
Add CI builds 2019-12-27 01:00:10 -05:00			`rm -f pegh`
Add support for compiling against openssl OR libsodium, and tests for both against each other 2019-12-29 00:47:36 -05:00
			`# compile against openssl`
Fix Makefile 2019-12-30 02:55:42 -05:00			`make PEGH_OPENSSL=1 \|\| cc -O3 -DPEGH_OPENSSL pegh.c -lcrypto -o pegh`
Add support for compiling against openssl OR libsodium, and tests for both against each other 2019-12-29 00:47:36 -05:00			`mv pegh pegh.openssl`
Initial commit 2019-12-25 01:21:43 -05:00
Add support for compiling against openssl OR libsodium, and tests for both against each other 2019-12-29 00:47:36 -05:00			`# compile against libsodium`
Fix Makefile 2019-12-30 02:55:42 -05:00			`make PEGH_LIBSODIUM=1 \|\| cc -O3 -DPEGH_LIBSODIUM pegh.c -lsodium -o pegh`
Add support for compiling against openssl OR libsodium, and tests for both against each other 2019-12-29 00:47:36 -05:00			`mv pegh pegh.libsodium`

Add mode that uses libsodium AES if the CPU supports it but falls back to OpenSSL AES if not 2019-12-29 23:59:38 -05:00			`# compile against both libsodium and openssl as a fallback for CPUs libsodium doesn't support`
Fix Makefile 2019-12-30 02:55:42 -05:00			`make PEGH_LIBSODIUM=1 PEGH_OPENSSL=1 \|\| cc -O3 -DPEGH_LIBSODIUM -DPEGH_OPENSSL pegh.c -lsodium -lcrypto -o pegh`
CI: compile/test against libressl too 2019-12-30 00:10:18 -05:00			`mv pegh pegh.libsodium-openssl`
Add mode that uses libsodium AES if the CPU supports it but falls back to OpenSSL AES if not 2019-12-29 23:59:38 -05:00
Add support for compiling against openssl OR libsodium, and tests for both against each other 2019-12-29 00:47:36 -05:00			`export key="$(< /dev/urandom tr -dc 'a-z0-9' \| head -c12)"`
Initial commit 2019-12-25 01:21:43 -05:00
			`echo "key: $key"`

			`test () {`
Practically rewrite all of pegh.c to operate on streams supporting unlimited length files 2019-12-26 15:46:55 -05:00			`bin="$1"`
Rework tests and AES CPU detection 2020-01-01 02:17:35 -05:00			`shift`
			`bin_decrypt="${1:-$bin}"`
			`shift`
Add support for compiling against openssl OR libsodium, and tests for both against each other 2019-12-29 00:47:36 -05:00
Add CI builds 2019-12-27 01:00:10 -05:00			`echo "testing binaries bin: $bin bin_decrypt: $bin_decrypt"`
Practically rewrite all of pegh.c to operate on streams supporting unlimited length files 2019-12-26 15:46:55 -05:00
Rework tests and AES CPU detection 2020-01-01 02:17:35 -05:00			`set +eu`
			`if [ "$2" != "1" ]`
			`then`
			`# check both binaries through full pipe to see if it fails with an AES error`
			`echo a \| "$bin" "$@" "$key" \| "$bin_decrypt" -d "$key" >/dev/null`
			`# 19 is the special return code that means specifically libsodium-only and CPU doesn't support AES`
			`[ ${PIPESTATUS[1]} -eq 19 -o ${PIPESTATUS[2]} -eq 19 ] && set -eu && echo "skipping this test because libsodium doesn't support AES on this CPU" && return 0`
			`fi`
			`set -eu`


			`echo 'encrypting same data with same key should result in different ciphertext'`
			`cmp <(echo a \| "$bin" "$@" "$key") <(echo a \| "$bin" "$@" "$key") && echo "random generation broken? same data and key resulted in same decryption so salt generation is broken and this is insecure" && exit 1 \|\| true`

Practically rewrite all of pegh.c to operate on streams supporting unlimited length files 2019-12-26 15:46:55 -05:00			`echo 'encrypting then decrypting with the same key should succeed'`
Rework tests and AES CPU detection 2020-01-01 02:17:35 -05:00			`"$bin" -e "$@" "$key" < "$dummy_file" \| "$bin_decrypt" -d "$key" \| cmp - "$dummy_file"`
Practically rewrite all of pegh.c to operate on streams supporting unlimited length files 2019-12-26 15:46:55 -05:00
			`echo 'test with -s 32 requiring 2gb of ram should succeed'`
			`# can send -s 32 or -m 2048 to decrypt command with identical effect`
Rework tests and AES CPU detection 2020-01-01 02:17:35 -05:00			`"$bin" -e "$@" "$key" -s 32 < "$dummy_file" \| "$bin_decrypt" -d "$key" -m 2048 \| cmp - "$dummy_file"`
Practically rewrite all of pegh.c to operate on streams supporting unlimited length files 2019-12-26 15:46:55 -05:00
Implement reading password from file 2020-01-02 00:42:22 -05:00			`echo 'encrypting/decrypting with key in file should work, even when key has leading 0s and a trailing newline'`
			`"$bin" -e "$@" -f <(cat <(dd if=/dev/zero bs=1M count=1) <(echo "$key")) < "$dummy_file" \| "$bin_decrypt" -d -f <(cat <(dd if=/dev/zero bs=1M count=1) <(echo "$key")) \| cmp - "$dummy_file"`

Practically rewrite all of pegh.c to operate on streams supporting unlimited length files 2019-12-26 15:46:55 -05:00			`set +e`
			`# these should fail`
			`echo 'encrypting with one key and decrypting with another should fail'`
Rework tests and AES CPU detection 2020-01-01 02:17:35 -05:00			`"$bin" -e "$@" "$key" -i "$dummy_file" \| "$bin_decrypt" -d "$key-wrongkey" \| cmp - "$dummy_file" && echo "ERROR: appending -wrongkey to key somehow still worked" && exit 1`
Practically rewrite all of pegh.c to operate on streams supporting unlimited length files 2019-12-26 15:46:55 -05:00
Implement reading password from file 2020-01-02 00:42:22 -05:00			`echo 'encrypting/decrypting with key in file where last byte is different should fail'`
			`"$bin" -e "$@" -f <(cat <(dd if=/dev/zero bs=1M count=1) <(echo "$key") <(echo -n a)) < "$dummy_file" \| "$bin_decrypt" -d -f <(cat <(dd if=/dev/zero bs=1M count=1) <(echo "$key") <(echo -n b)) \| cmp - "$dummy_file" && echo "ERROR: differing last byte in password file somehow still worked" && exit 1`

Practically rewrite all of pegh.c to operate on streams supporting unlimited length files 2019-12-26 15:46:55 -05:00			`echo 'large values of N without enough memory should fail'`
Rework tests and AES CPU detection 2020-01-01 02:17:35 -05:00			`"$bin" -e "$@" "$key" -N 2000000 -i "$dummy_file" >/dev/null && echo "ERROR: N of 2 million without extra memory worked" && exit 1`
Add support for compiling against openssl OR libsodium, and tests for both against each other 2019-12-29 00:47:36 -05:00			`"$bin_decrypt" -d "$key" -N 2000000 -i "$dummy_file" >/dev/null && echo "ERROR: N of 2 million without extra memory worked" && exit 1`
Practically rewrite all of pegh.c to operate on streams supporting unlimited length files 2019-12-26 15:46:55 -05:00
Remove obsolete comments in test.sh 2019-12-30 01:01:29 -05:00			`echo 'bad decryption bytes are never output, file should be 0 bytes'`
Rework tests and AES CPU detection 2020-01-01 02:17:35 -05:00			`echo 'hopefully this doesnt make it to disk' \| "$bin" "$@" "$key" \| cat - <(echo -n a) \| "$bin_decrypt" -d "$key" -o bla.txt && exit 1`
Remove obsolete comments in test.sh 2019-12-30 01:01:29 -05:00			`[ -s bla.txt ] && echo "ERROR: bla.txt should be empty" && exit 1`
Practically rewrite all of pegh.c to operate on streams supporting unlimited length files 2019-12-26 15:46:55 -05:00			`set -e`
Initial commit 2019-12-25 01:21:43 -05:00			`}`

Add CI builds 2019-12-27 01:00:10 -05:00			`for bin in $TEST_BINS`
Add support for compiling against openssl OR libsodium, and tests for both against each other 2019-12-29 00:47:36 -05:00			`do`
Add CI builds 2019-12-27 01:00:10 -05:00			`for bin_decrypt in $TEST_BINS`
Add support for compiling against openssl OR libsodium, and tests for both against each other 2019-12-29 00:47:36 -05:00			`do`
Rework tests and AES CPU detection 2020-01-01 02:17:35 -05:00			`# test default versions`
Add support for compiling against openssl OR libsodium, and tests for both against each other 2019-12-29 00:47:36 -05:00			`time test $bin $bin_decrypt`
Rework tests and AES CPU detection 2020-01-01 02:17:35 -05:00			`# test aes`
			`time test $bin $bin_decrypt -v 0`
			`# test chacha`
			`time test $bin $bin_decrypt -v 1`
Add support for compiling against openssl OR libsodium, and tests for both against each other 2019-12-29 00:47:36 -05:00			`done`
			`done`
Practically rewrite all of pegh.c to operate on streams supporting unlimited length files 2019-12-26 15:46:55 -05:00
			`echo "successful test run!"`