From 92b679d17ca41f85009c9e33cdd5967f955b5557 Mon Sep 17 00:00:00 2001
From: Ivan Stakhov <50211739+left-try@users.noreply.github.com>
Date: Wed, 18 Sep 2024 19:10:59 +0300
Subject: [Feature] Add rspamadm secretbox command

* [Minor] Small fix for error messages

* [Feature] Create rspamadm util to decrypt header

* [Feature] Create python example to encrypt/decrypt header

* [Minor] Small clean up

* [Minor] Change c-rspamadm util to lua-rspamadm util

* [Minor] Small clean up

* [Minor] Add some debug

* [Feature] Add secretbox command

* [Minor] Debug

* [Minor] Add additional return for encrypted string(noce + encrypted string

* [Minor] Small debug

* [Minor] Add a way to provide encrypted text concatenated with nonce

* [Minor] Add nonce to encrypt text

* [Minor] Clean up

* [Minor] Clean up unused variable

* [Minor] Small fix

* [Minor] Fix return issue

* [Minor] Add blake2b for key derivation

* [Minor] Small upgrade to debug

* [Minor] Small clean up

* [Minor] Change return to more convenient form

* [Minor] Change print to test form

* [Test] Provide tests for encrypt/decrypt with rspamadm util and python script

* [Minor] Change python to python3

* [Minor] Add stderr check

* [Minor] Make the function return nonce+text

* [Minor] Change unit tests to new return format

* [Minor] Add flag to manage encodings

* [Minor] Add --encoding argument to manage encodings

* [Minor] Change tests for new input format

* [Minor] Fix lua format

* [Minor] Small fix

* [Minor] Provide full support for new return format of maybe_encrypt_header

* [Test] Test small fix

* [Test] Small fix

* [Minor] Clean up

* [Minor] Small fix for name of variable

* [Minor] Small clean up

* [Minor] Change format of command to a mre convenient

* [Minor] Change tests to be same as a format of a command

* [Minor] Change description of flags

* [Minor] Small fix

---------

Co-authored-by: Ivan Stakhov <50211739+LeftTry@users.noreply.github.com>
---
 test/functional/cases/150_rspamadm.robot | 47 ++++++++++++++++++++++++++++++++
 1 file changed, 47 insertions(+)

(limited to 'test/functional')

diff --git a/test/functional/cases/150_rspamadm.robot b/test/functional/cases/150_rspamadm.robot
index 6bff14b2e..257b0b501 100644
--- a/test/functional/cases/150_rspamadm.robot
+++ b/test/functional/cases/150_rspamadm.robot
@@ -4,6 +4,13 @@ Suite Teardown  Rspamadm Teardown
 Library         ${RSPAMD_TESTDIR}/lib/rspamd.py
 Resource        ${RSPAMD_TESTDIR}/lib/rspamd.robot
 
+*** Variables ***
+${TEXT}                text
+${KEY}                 12345678901234567890123456789012
+${NONCE}               9pyeEd986hrjcpozCIZ41jEo6dCDbgjg
+${ENCRYPTED_TEXT}      8KGF6VLI7vnweUdR8FuQZuT+ID8=
+${PYTHON_SCRIPT}       ${RSPAMD_TESTDIR}/../../utils/encrypt_decrypt_header.py
+
 *** Test Cases ***
 Config Test
   ${result} =  Rspamadm  configtest
@@ -46,3 +53,43 @@ Verbose mode
   Should Match Regexp  ${result.stderr}  ^$
   Should Match Regexp  ${result.stdout}  hello world\n
   Should Be Equal As Integers  ${result.rc}  0
+  
+SecretBox rspamadm encrypt/decrypt
+  ${result} =  Rspamadm  secret_box  -B  encrypt  -t  ${TEXT}  -k  ${KEY}  -n  ${NONCE}
+  Should Match Regexp  ${result.stderr}  ^$
+  Should Be Equal As Strings  ${result.stdout}  ${NONCE}${ENCRYPTED_TEXT}
+  ${result1} =  Rspamadm  secret_box  -B  decrypt  -t  ${ENCRYPTED_TEXT}  -k  ${KEY}  -n  ${NONCE}
+  Should Match Regexp  ${result.stderr}  ^$
+  Should Be Equal As Strings  ${result1.stdout}  ${TEXT}
+
+SecretBox python encrypt/decrypt
+  ${result} =  Run Process  python3  ${PYTHON_SCRIPT}  -B  encrypt  -t  ${TEXT}  -k  ${KEY}  -n  ${NONCE}
+  Should Match Regexp  ${result.stderr}  ^$
+  Should Be Equal As Strings  ${result.stdout}  ${NONCE}${ENCRYPTED_TEXT}
+  ${result1} =  Run Process  python3  ${PYTHON_SCRIPT}  -B  decrypt  -t  ${NONCE}${ENCRYPTED_TEXT}  -k  ${KEY}
+  Should Match Regexp  ${result.stderr}  ^$
+  Should Be Equal As Strings  ${result1.stdout}  ${TEXT}
+  
+SecretBox encrypt python with nonce decrypt rspamadm
+  ${result} =  Run Process  python3  ${PYTHON_SCRIPT}  -B  encrypt  -t  ${TEXT}  -k  ${KEY}  -n  ${NONCE}
+  ${result1} =  Rspamadm  secret_box  -B  decrypt  -t  ${result.stdout}  -k  ${KEY}
+  Should Match Regexp  ${result.stderr}  ^$
+  Should Be Equal As Strings  ${TEXT}  ${result1.stdout}
+
+SecretBox encrypt python without nonce decrypt rspamadm
+  ${result} =  Run Process  python3  ${PYTHON_SCRIPT}  -B  encrypt  -t  ${TEXT}  -k  ${KEY}
+  ${result1} =  Rspamadm  secret_box  -B  decrypt  -t  ${result.stdout}  -k  ${KEY}
+  Should Match Regexp  ${result.stderr}  ^$
+  Should Be Equal As Strings  ${TEXT}  ${result1.stdout}
+
+SecretBox encrypt rspamadm with nonce decrypt python
+  ${result} =  Rspamadm  secret_box  -B  encrypt  -t  ${TEXT}  -k  ${KEY}  -n  ${NONCE}
+  ${result1} =  Run Process  python3  ${PYTHON_SCRIPT}  -B  decrypt  -t  ${result.stdout}  -k  ${KEY}
+  Should Match Regexp  ${result.stderr}  ^$
+  Should Be Equal As Strings  ${TEXT}  ${result1.stdout}
+
+SecretBox encrypt rspamadm without nonce decrypt python
+  ${result} =  Rspamadm  secret_box  -B  encrypt  -t  ${TEXT}  -k  ${KEY}
+  ${result1} =  Run Process  python3  ${PYTHON_SCRIPT}  -B  decrypt  -t  ${result.stdout}  -k  ${KEY}
+  Should Match Regexp  ${result.stderr}  ^$
+  Should Be Equal As Strings  ${TEXT}  ${result1.stdout}
-- 
cgit v1.2.3