X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/tripe/blobdiff_plain/31b8e627f0c466a2cd44e7be8c2a57dd38ff083f..15e8239f47dbd30b4da82dfedf983e07bc2f4122:/server/tests.at?ds=sidebyside diff --git a/server/tests.at b/server/tests.at index a326709e..7a64cb44 100644 --- a/server/tests.at +++ b/server/tests.at @@ -40,6 +40,7 @@ m4_define([TRIPECTL], [$abs_top_builddir/client/tripectl -d. -aadmin]) m4_define([USLIP], [$abs_top_builddir/uslip/tripe-uslip]) m4_define([PKSTREAM], [$abs_top_builddir/pkstream/pkstream -b127.0.0.1 -p127.0.0.1]) +m4_define([MITM], [$abs_top_builddir/proxy/tripe-mitm]) ## Sequences. (These are used for testing the replay protection machinery.) m4_define([R32], [ 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 dnl @@ -151,7 +152,7 @@ $3 { for (i = 0; i < npat; i++) { n = length(pat[[i]]); - if (substr($[]0, 0, n) == pat[[i]]) + if (substr($[]0, 1, n) == pat[[i]]) next; } print $[]0; @@ -181,10 +182,24 @@ m4_define([WITH_3TRIPES], [WITH_TRIPEX([$3], [$4 $7], [$8])])])]) -## COMMS_EPING(adir, aname, bdir, bname) +## RETRY(n, body) +m4_define([RETRY], [ + n=0 rc=1 + while test $n -lt $1; do + if $2 + then rc=0; break + fi + n=$(( $n + 1 )) + done + exit $rc +]) + +## COMMS_EPING(adir, aname, bdir, bname, [n]) m4_define([COMMS_EPING], [ - AT_CHECK([TRIPECTL -d$1 EPING $4],, [ignore]) - AT_CHECK([TRIPECTL -d$3 EPING $2],, [ignore]) + AT_CHECK([RETRY([m4_default([$5], [1])], + [TRIPECTL -d$1 EPING $4])],, [ignore]) + AT_CHECK([RETRY([m4_default([$5], [1])], + [TRIPECTL -d$3 EPING $2])],, [ignore]) ]) ## COMMS_SLIP(adir, aname, bdir, bname) @@ -349,12 +364,15 @@ AT_SETUP([server communication]) AT_KEYWORDS([comm]) export TRIPE_SLIPIF=USLIP -for p in alice bob; do (mkdir $p; cd $p; SETUPDIR([alpha])); done - -WITH_2TRIPES([alice], [bob], [-nslip], [-talice], [-tbob], [ - ESTABLISH([alice], [not-alice], [-key alice], - [bob], [bob], []) -]) +for k in alpha beta-new; do + for p in alice bob; do ( + rm -rf $p; mkdir $p; cd $p; SETUPDIR([$k]) + ); done + WITH_2TRIPES([alice], [bob], [-nslip], [-talice], [-tbob], [ + ESTABLISH([alice], [not-alice], [-key alice], + [bob], [bob], []) + ]) +done AT_CLEANUP @@ -423,6 +441,44 @@ WITH_3TRIPES([alice], [bob], [carol], [-nslip], AT_CLEANUP +###-------------------------------------------------------------------------- +### Adverse communication. + +AT_SETUP([server retry]) +AT_KEYWORDS([backoff]) +export TRIPE_SLIPIF=USLIP + +for i in alice bob; do (mkdir $i; cd $i; SETUPDIR([beta])); done + +WITH_2TRIPES([alice], [bob], [-nslip], [-talice], [-tbob], [ + + ## Set up the evil proxy. + alicemitm=24516 bobmitm=14016 + MITM -kalice/keyring.pub >mitm.out 2>mitm.err \ + peer:alice:$alicemitm:127.0.0.1:$(cat alice/port) \ + peer:bob:$bobmitm:127.0.0.1:$(cat bob/port) \ + filt:drop:5 filt:send& mitmpid=$! + strace -omitm.trace -p$mitmpid& mitmtrace=$! + trap 'kill $mitmpid $mitmtrace; exit 127' EXIT INT QUIT TERM HUP + + ## Try to establish keys anyway. + AWAIT_KXDONE([alice], [alice], [bob], [bob], [ + AT_CHECK([TRIPECTL -dalice ADD -cork bob INET 127.0.0.1 $alicemitm]) + AT_CHECK([TRIPECTL -dbob ADD alice INET 127.0.0.1 $bobmitm]) + ]) + + ## Check pinging. + COMMS_EPING([alice], [alice], [bob], [bob], [10]) + COMMS_EPING([bob], [bob], [alice], [alice], [10]) + + ## Tear down the MITM proxy. + kill $mitmpid + wait $mitmpid + wait $mitmtrace +]) + +AT_CLEANUP + ###-------------------------------------------------------------------------- ### Key management. @@ -510,6 +566,7 @@ WITH_3TRIPES([alice], [bob], [carol], [-nslip -Tmx], AT_DATA([algs-alpha], [dnl kx-group=ec kx-group-order-bits=256 kx-group-elt-bits=512 hash=rmd160 mgf=rmd160-mgf hash-sz=20 +bulk-transform=v0 bulk-overhead=22 cipher=blowfish-cbc cipher-keysz=20 cipher-blksz=8 cipher-data-limit=67108864 mac=rmd160-hmac mac-keysz=20 mac-tagsz=10 @@ -518,6 +575,7 @@ mac=rmd160-hmac mac-keysz=20 mac-tagsz=10 AT_DATA([algs-beta-old], [dnl kx-group=prime kx-group-order-bits=160 kx-group-elt-bits=1023 hash=rmd160 mgf=rmd160-mgf hash-sz=20 +bulk-transform=v0 bulk-overhead=22 cipher=blowfish-cbc cipher-keysz=20 cipher-blksz=8 cipher-data-limit=67108864 mac=rmd160-hmac mac-keysz=20 mac-tagsz=10 @@ -526,9 +584,11 @@ mac=rmd160-hmac mac-keysz=20 mac-tagsz=10 AT_DATA([algs-beta-new], [dnl kx-group=ec kx-group-order-bits=161 kx-group-elt-bits=320 hash=rmd160 mgf=rmd160-mgf hash-sz=20 +bulk-transform=iiv bulk-overhead=14 cipher=blowfish-cbc cipher-keysz=20 cipher-blksz=8 cipher-data-limit=67108864 mac=rmd160-hmac mac-keysz=20 mac-tagsz=10 +blkc=blowfish blkc-keysz=20 blkc-blksz=8 ]) cp algs-alpha expout; AT_CHECK([TRIPECTL -dalice ALGS],, [expout])