## Running standard programs with useful options.
m4_define([TRIPE],
[env TRIPE_PRIVHELPER=$abs_top_builddir/priv/tripe-privhelper \
- $abs_top_builddir/server/tripe -F -d. -aadmin -p0 -b127.0.0.1 -talice])
+ $abs_top_builddir/server/tripe -F -d. -aadmin -p0 -b127.0.0.1 -talice \
+ ${TRIPE_TEST_TRACEOPTS+-T$TRIPE_TEST_TRACEOPTS}])
m4_define([TRIPECTL], [$abs_top_builddir/client/tripectl -d. -aadmin])
m4_define([USLIP], [$abs_top_builddir/uslip/tripe-uslip])
m4_define([PKSTREAM],
[$abs_top_builddir/pkstream/pkstream -b127.0.0.1 -p127.0.0.1])
m4_define([MITM], [$abs_top_builddir/proxy/tripe-mitm])
+## WITH_STRACE(tag, cmd)
+##
+## There's an awful hack here. If a process running under strace exits with
+## a signal, then strace will kill itself with the same signal -- and
+## therefore clobber the original process's core file. So we arrange to run
+## strace in one directory and have the child process run in another.
+m4_define([WITH_STRACE],
+[case "${TRIPE_TEST_STRACE-nil}" in
+ nil)
+ $2
+ ;;
+ *)
+ mkdir -p strace-hack.$1/
+ (ulimit -c hard >/dev/null 2>&1
+ sh -c 'cd strace-hack.$1; exec "$[]@"' - \
+ strace -ff -tt -v -s1024 -o../$1.trace \
+ sh -c 'cd ..; exec "$[]@"' - \
+ $2)
+ ;;
+ esac])
+
## Sequences. (These are used for testing the replay protection machinery.)
m4_define([R32], [ 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 dnl
16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31])
## Test body...
$3
-## End of the test, now run the server. There's an awful hack here. If a
-## process running under strace exits with a signal, then strace will kill
-## itself with the same signal -- and therefore clobber the original
-## process's core file. So we arrange to run strace in one directory and
-## have the child process run in another.
+## End of the test, now run the server.
) && :; } | {
cd $1
- mkdir -p strace-hack/
echo TRIPE $2 >&2
- (cd strace-hack/
- ulimit -c hard >/dev/null 2>&1
- strace -f -o ../tripe.trace \
- TRIPE -d.. $2 >../server-output.full 2>../server-errors)
+ WITH_STRACE([tripe], [TRIPE $2 >server-output.full 2>server-errors.full])
stat=$?
echo $stat >server-status
if test $stat -ne 0; then
- echo "exit status: $stat" >>server-errors
+ echo "exit status: $stat" >>server-errors.full
fi
+ grep -v '^+ tripe: ' server-errors.full >server-errors
## We interrupt this relatively sensible macro for an especially awful
## hack. The tripe server emits warnings which are often caused by lack of
{
for (i = 0; i < npat; i++) {
n = length(pat[[i]]);
- if (substr($[]0, 0, n) == pat[[i]])
+ if (substr($[]0, 1, n) == pat[[i]])
next;
}
print $[]0;
m4_define([AWAIT_KXDONE], [
## Ignore some reports caused by races.
- TRIPECTL -d$3 WARN test PUSH
- TRIPECTL -d$3 WARN test IGNORE WARN KX $2 incorrect cookie
- TRIPECTL -d$3 WARN test IGNORE WARN KX $2 unexpected pre-challenge
+ for i in $1!$4 $3!$2; do
+ d=${i%!*} o=${i#*!}
+ TRIPECTL -d$d WARN test PUSH
+ TRIPECTL -d$d WARN test IGNORE WARN KX $o incorrect cookie
+ TRIPECTL -d$d WARN test IGNORE WARN KX $o unexpected pre-challenge
+ TRIPECTL -d$d WARN test IGNORE WARN KX $o unexpected challenge
+ done
## Watch for the key-exchange completion announcement in the background.
COPROCESSES([wait-$1], [
case "$[]1:$[]2:$[]3" in
OK::) ;;
NOTE:KXDONE:$4) break ;;
- NOTE:*) ;;
+ NOTE:* | TRACE:* | WARN:*) ;;
*) exit 63 ;;
esac
done
AT_CHECK([echo $waitrc],, [0[]nl])
## Be interested in key-exchange warnings again.
- TRIPECTL -d$4 WARN test POP
+ for d in $1 $3; do TRIPECTL -d$d WARN test POP; done
])
## ESTABLISH(adir, aname, aopts, bdir, bname, bopts, [aport], [bport])
AT_KEYWORDS([comm])
export TRIPE_SLIPIF=USLIP
-for p in alice bob; do (mkdir $p; cd $p; SETUPDIR([alpha])); done
-
-WITH_2TRIPES([alice], [bob], [-nslip], [-talice], [-tbob], [
- ESTABLISH([alice], [not-alice], [-key alice],
- [bob], [bob], [])
-])
+for k in alpha beta-new; do
+ for p in alice bob; do (
+ rm -rf $p; mkdir $p; cd $p; SETUPDIR([$k])
+ ); done
+ WITH_2TRIPES([alice], [bob], [-nslip], [-talice], [-tbob], [
+ ESTABLISH([alice], [not-alice], [-key alice],
+ [bob], [bob], [])
+ ])
+done
AT_CLEANUP
## Set up the evil proxy.
alicemitm=24516 bobmitm=14016
- MITM -kalice/keyring.pub >mitm.out 2>mitm.err \
- peer:alice:$alicemitm:127.0.0.1:$(cat alice/port) \
- peer:bob:$bobmitm:127.0.0.1:$(cat bob/port) \
- filt:drop:5 filt:send& mitmpid=$!
- strace -omitm.trace -p$mitmpid& mitmtrace=$!
- trap 'kill $mitmpid $mitmtrace; exit 127' EXIT INT QUIT TERM HUP
+ mknod pipe-mitmpid p
+ WITH_STRACE([mitm],
+ [sh -c 'echo $$ >pipe-mitmpid; exec "$@"' - \
+ MITM -kalice/keyring.pub >mitm.out 2>mitm.err \
+ peer:alice:$alicemitm:127.0.0.1:$(cat alice/port) \
+ peer:bob:$bobmitm:127.0.0.1:$(cat bob/port) \
+ filt:drop:5 filt:send])&
+ read mitmpid <pipe-mitmpid
+ trap 'kill $mitmpid; exit 127' EXIT INT QUIT TERM HUP
+ exec 3>&-
## Try to establish keys anyway.
AWAIT_KXDONE([alice], [alice], [bob], [bob], [
## Tear down the MITM proxy.
kill $mitmpid
- wait $mitmpid
- wait $mitmtrace
+])
+
+AT_CLEANUP
+
+###--------------------------------------------------------------------------
+### Key management.
+
+AT_SETUP([server key-management])
+AT_KEYWORDS([keymgmt])
+export TRIPE_SLIPIF=USLIP
+
+## Determine all of the nets and the principals.
+princs=""
+nets=" "
+while read princ pnets; do
+ princs="$princs $princ"
+ for n in $pnets; do
+ case " $nets " in *" $n "*) ;; *) nets="$nets$n " ;; esac
+ done
+done <<PRINC
+alice alpha beta
+bob alpha beta
+carol beta
+PRINC
+
+## Build the master keyring. All key tags here are of the form PRINC/NET.
+for n in $nets; do
+ key -k$abs_top_srcdir/t/keyring-$n extract keyring-$n $princs
+ for p in $princs; do key -kkeyring-$n tag $p $p/$n; done
+ key merge keyring-$n
+ rm keyring-$n
+done
+key extract -f-secret keyring.pub
+
+## Set up the principals' directories.
+for p in $princs; do
+ mkdir $p
+ cp keyring keyring.pub $p/
+done
+
+WITH_3TRIPES([alice], [bob], [carol], [-nslip -Tmx],
+ [-talice/alpha], [-tbob/alpha], [-tcarol/beta], [
+
+ ## Establish this little merry-go-round.
+ ESTABLISH([alice], [alice], [-key alice/alpha],
+ [bob], [bob], [-key bob/alpha])
+ ESTABLISH([alice], [alice], [-key alice/beta],
+ [carol], [carol], [-priv alice/beta -key carol/beta])
+ ESTABLISH([bob], [bob], [-key bob/beta],
+ [carol], [carol], [-priv bob/beta -key carol/beta])
+
+ ## Tweak Bob's alpha key.
+ for p in $princs; do
+ TRIPECTL -d$p WARN test COMMENT tweak bob/alpha
+ done
+
+ key -k$abs_top_srcdir/t/keyring-alpha extract keyring-bob-new bob-new
+ key merge keyring-bob-new
+ key tag -r bob-new bob/alpha
+ key extract -f-secret keyring.pub
+ for p in alice bob; do cp keyring keyring.pub $p/; done
+
+ ## Kick the peers to see whether they update.
+ AWAIT_KXDONE([alice], [alice], [bob], [bob], [
+ TRIPECTL -dalice RELOAD
+ TRIPECTL -dbob RELOAD
+ TRIPECTL -dalice FORCEKX bob
+ TRIPECTL -dbob FORCEKX alice
+ ])
+
+ COMMS_EPING([alice], [alice], [bob], [bob])
+ COMMS_EPING([bob], [bob], [alice], [alice])
+
+ ## Update the beta ring.
+ key merge $abs_top_srcdir/t/keyring-beta-new
+ for p in $princs; do key tag -r $p $p/beta; done
+ key extract -f-secret keyring.pub
+
+ ## Update alice's and carol's private keys, bob's public. This should be
+ ## insufficient for them to switch, but the results could be interesting.
+ for p in $princs; do
+ TRIPECTL -d$p WARN test COMMENT tweak beta step 1
+ done
+
+ for p in alice carol; do cp keyring $p/; done
+ cp keyring.pub bob/
+ for p in $princs; do TRIPECTL -d$p RELOAD; done
+
+ AT_DATA([algs-alpha], [dnl
+kx-group=ec kx-group-order-bits=256 kx-group-elt-bits=512
+hash=rmd160 mgf=rmd160-mgf hash-sz=20
+bulk-transform=v0 bulk-overhead=22
+cipher=blowfish-cbc cipher-keysz=20 cipher-blksz=8
+cipher-data-limit=67108864
+mac=rmd160-hmac mac-keysz=20 mac-tagsz=10
+])
+
+ AT_DATA([algs-beta-old], [dnl
+kx-group=prime kx-group-order-bits=160 kx-group-elt-bits=1023
+hash=rmd160 mgf=rmd160-mgf hash-sz=20
+bulk-transform=v0 bulk-overhead=22
+cipher=blowfish-cbc cipher-keysz=20 cipher-blksz=8
+cipher-data-limit=67108864
+mac=rmd160-hmac mac-keysz=20 mac-tagsz=10
+])
+
+ AT_DATA([algs-beta-new], [dnl
+kx-group=ec kx-group-order-bits=161 kx-group-elt-bits=320
+hash=rmd160 mgf=rmd160-mgf hash-sz=20
+bulk-transform=iiv bulk-overhead=14
+cipher=blowfish-cbc cipher-keysz=20 cipher-blksz=8
+cipher-data-limit=67108864
+mac=rmd160-hmac mac-keysz=20 mac-tagsz=10
+blkc=blowfish blkc-keysz=20 blkc-blksz=8
+])
+
+ cp algs-alpha expout; AT_CHECK([TRIPECTL -dalice ALGS],, [expout])
+ cp algs-beta-old expout; AT_CHECK([TRIPECTL -dalice ALGS carol],, [expout])
+ cp algs-beta-old expout; AT_CHECK([TRIPECTL -dbob ALGS carol],, [expout])
+ cp algs-beta-new expout; AT_CHECK([TRIPECTL -dcarol ALGS],, [expout])
+ cp algs-beta-old expout; AT_CHECK([TRIPECTL -dcarol ALGS alice],, [expout])
+
+ ## Now copy the full keys. We expect this to provoke key exchange.
+ for p in $princs; do
+ TRIPECTL -d$p WARN test COMMENT tweak beta step 2
+ done
+
+ for p in $princs; do cp keyring keyring.pub $p/; done
+
+ AWAIT_KXDONE([alice], [alice], [carol], [carol], [
+ TRIPECTL -dalice RELOAD
+ AWAIT_KXDONE([bob], [bob], [carol], [carol], [
+ TRIPECTL -dbob RELOAD
+ TRIPECTL -dcarol RELOAD
+ ])
+ ])
+
+ cp algs-alpha expout; AT_CHECK([TRIPECTL -dalice ALGS],, [expout])
+ cp algs-beta-new expout; AT_CHECK([TRIPECTL -dalice ALGS carol],, [expout])
+ cp algs-beta-new expout; AT_CHECK([TRIPECTL -dbob ALGS carol],, [expout])
+ cp algs-beta-new expout; AT_CHECK([TRIPECTL -dcarol ALGS],, [expout])
])
AT_CLEANUP