X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/tripe/blobdiff_plain/5e55d10ba1c558cbb3371068970922ea405c728b..fb6a9f13a40d1b9e797b4fe858a06cfdbcc1109b:/server/tests.at

diff --git a/server/tests.at b/server/tests.at
index 8e155b68..d217054a 100644
--- a/server/tests.at
+++ b/server/tests.at
@@ -9,19 +9,18 @@
 ###
 ### This file is part of Trivial IP Encryption (TrIPE).
 ###
-### TrIPE is free software; you can redistribute it and/or modify
-### it under the terms of the GNU General Public License as published by
-### the Free Software Foundation; either version 2 of the License, or
-### (at your option) any later version.
+### TrIPE is free software: you can redistribute it and/or modify it under
+### the terms of the GNU General Public License as published by the Free
+### Software Foundation; either version 3 of the License, or (at your
+### option) any later version.
 ###
-### TrIPE is distributed in the hope that it will be useful,
-### but WITHOUT ANY WARRANTY; without even the implied warranty of
-### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-### GNU General Public License for more details.
+### TrIPE is distributed in the hope that it will be useful, but WITHOUT
+### ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+### FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+### for more details.
 ###
 ### You should have received a copy of the GNU General Public License
-### along with TrIPE; if not, write to the Free Software Foundation,
-### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+### along with TrIPE.  If not, see <https://www.gnu.org/licenses/>.
 
 m4_define([nl], [
 ])
@@ -35,12 +34,10 @@ m4_define([SETUPDIR], [
 ## Running standard programs with useful options.
 m4_define([TRIPE],
   [env TRIPE_PRIVHELPER=$abs_top_builddir/priv/tripe-privhelper \
-     $abs_top_builddir/server/tripe -F -d. -aadmin -p0 -b127.0.0.1 -talice \
+     $abs_top_builddir/server/tripe -F -d. -aadmin -p0 -b127.0.0.1 \
 	${TRIPE_TEST_TRACEOPTS+-T$TRIPE_TEST_TRACEOPTS}])
 m4_define([TRIPECTL], [$abs_top_builddir/client/tripectl -d. -aadmin])
 m4_define([USLIP], [$abs_top_builddir/uslip/tripe-uslip])
-m4_define([PKSTREAM],
-  [$abs_top_builddir/pkstream/pkstream -b127.0.0.1 -p127.0.0.1])
 m4_define([MITM], [$abs_top_builddir/proxy/tripe-mitm])
 
 ## WITH_STRACE(tag, cmd)
@@ -229,11 +226,12 @@ m4_define([COMMS_SLIP], [
 m4_define([AWAIT_KXDONE], [
 
   ## Ignore some reports caused by races.
-  for d in $1 $3; do
+  for i in $1!$4 $3!$2; do
+    d=${i%!*} o=${i#*!}
     TRIPECTL -d$d WARN test PUSH
-    TRIPECTL -d$d WARN test IGNORE WARN KX $2 incorrect cookie
-    TRIPECTL -d$d WARN test IGNORE WARN KX $2 unexpected pre-challenge
-    TRIPECTL -d$d WARN test IGNORE WARN KX $2 unexpected challenge
+    TRIPECTL -d$d WARN test IGNORE WARN KX $o incorrect cookie
+    TRIPECTL -d$d WARN test IGNORE WARN KX $o unexpected pre-challenge
+    TRIPECTL -d$d WARN test IGNORE WARN KX $o unexpected challenge
   done
 
   ## Watch for the key-exchange completion announcement in the background.
@@ -245,7 +243,7 @@ m4_define([AWAIT_KXDONE], [
       case "$[]1:$[]2:$[]3" in
 	OK::) ;;
 	NOTE:KXDONE:$4) break ;;
-	NOTE:*) ;;
+	NOTE:* | TRACE:* | WARN:*) ;;
 	*) exit 63 ;;
       esac
     done
@@ -390,6 +388,7 @@ for k in alpha beta-new; do
     ESTABLISH([alice], [not-alice], [-key alice],
 	      [bob], [bob], [])
   ])
+  for p in alice bob; do rm -rf $p.$k; mv $p $p.$k; done
 done
 
 AT_CLEANUP
@@ -403,16 +402,17 @@ export TRIPE_SLIPIF=USLIP
 
 for p in alice bob carol; do (mkdir $p; cd $p; SETUPDIR([alpha])); done
 
-## WITH_PKSTREAM(adir, aport, bdir, bport, body)
-m4_define([WITH_PKSTREAM], [
-  echo >&2 "pkstream: $1 <--> :$2 <-pkstream-> :$4 <--> $3"
-  PKSTREAM -l$4 127.0.0.1:$4 127.0.0.1:$(cat $3/port)& pkstream_$3_$1=$!
+## WITH_MITM(adir, aport, bdir, bport, body)
+m4_define([WITH_MITM], [
+  echo >&2 "mitm: $1 <--> :$2 <-mitm-> :$4 <--> $3"
+  MITM -k$1/keyring.pub \
+	peer:$1:$2:127.0.0.1:$(cat $1/port) \
+	peer:$3:$4:127.0.0.1:$(cat $3/port) \
+	filt:send& mitmpid_$1_$3=$!
+  trap 'kill $mitmpid_$1_$3; exit 127' EXIT INT QUIT TERM HUP
   sleep 1
-  PKSTREAM -c127.0.0.1:$4 127.0.0.1:$2 127.0.0.1:$(cat $1/port)&
-  pkstream_$1_$3=$!
-  set +x
   $5
-  kill $pkstream_$3_$1 $pkstream_$1_$3
+  kill $mitmpid_$1_$3; trap - EXIT INT QUIT TERM HUP
 ])
 
 WITH_3TRIPES([alice], [bob], [carol], [-nslip],
@@ -420,35 +420,35 @@ WITH_3TRIPES([alice], [bob], [carol], [-nslip],
 
   ## We need an indirection layer between the two peers so that we can
   ## simulate the effects of NAT remapping.  The nearest thing we have to
-  ## this is pkstream, so we may as well use that.
+  ## this is the mitm proxy, so we may as well use that.
   ##
-  ## alice <--> :5311 <-pkstream-> :5312 <--> bob
-  ## alice <--> :5321 <-pkstream-> :5322 <--> carol
+  ## alice <--> :5311 <-mitm-> :5312 <--> bob
+  ## alice <--> :5321 <-mitm-> :5322 <--> carol
 
-  WITH_PKSTREAM([alice], [5311], [bob], [5312], [
+  WITH_MITM([alice], [5311], [bob], [5312], [
     ESTABLISH([alice], [alice], [], [bob], [bob], [-mobile], [5312], [5311])
   ])
 
-  WITH_PKSTREAM([alice], [5319], [bob], [5312], [
+  WITH_MITM([alice], [5319], [bob], [5312], [
     COMMS_EPING([bob], [bob], [alice], [alice])
     COMMS_SLIP([bob], [bob], [alice], [alice])
   ])
 
-  WITH_PKSTREAM([alice], [5321], [carol], [5322], [
+  WITH_MITM([alice], [5321], [carol], [5322], [
     ESTABLISH([alice], [alice], [], [carol], [carol], [-mobile],
 	[5322], [5321])
   ])
 
-  WITH_PKSTREAM([alice], [5311], [bob], [5312], [
-  WITH_PKSTREAM([alice], [5321], [carol], [5322], [
+  WITH_MITM([alice], [5311], [bob], [5312], [
+  WITH_MITM([alice], [5321], [carol], [5322], [
     COMMS_EPING([bob], [bob], [alice], [alice])
     COMMS_EPING([carol], [carol], [alice], [alice])
     COMMS_SLIP([bob], [bob], [alice], [alice])
     COMMS_SLIP([carol], [carol], [alice], [alice])
   ])])
 
-  WITH_PKSTREAM([alice], [5321], [bob], [5312], [
-  WITH_PKSTREAM([alice], [5311], [carol], [5322], [
+  WITH_MITM([alice], [5321], [bob], [5312], [
+  WITH_MITM([alice], [5311], [carol], [5322], [
     COMMS_EPING([bob], [bob], [alice], [alice])
     COMMS_EPING([carol], [carol], [alice], [alice])
     COMMS_SLIP([bob], [bob], [alice], [alice])
@@ -472,12 +472,16 @@ WITH_2TRIPES([alice], [bob], [-nslip], [-talice], [-tbob], [
 
   ## Set up the evil proxy.
   alicemitm=24516 bobmitm=14016
-  MITM -kalice/keyring.pub >mitm.out 2>mitm.err \
-    peer:alice:$alicemitm:127.0.0.1:$(cat alice/port) \
-    peer:bob:$bobmitm:127.0.0.1:$(cat bob/port) \
-    filt:drop:5 filt:send& mitmpid=$!
-  strace -omitm.trace -p$mitmpid& mitmtrace=$!
-  trap 'kill $mitmpid $mitmtrace; exit 127' EXIT INT QUIT TERM HUP
+  mknod pipe-mitmpid p
+  WITH_STRACE([mitm],
+	      [sh -c 'echo $$ >pipe-mitmpid; exec "$@"' - \
+	       MITM -kalice/keyring.pub >mitm.out 2>mitm.err \
+		 peer:alice:$alicemitm:127.0.0.1:$(cat alice/port) \
+		 peer:bob:$bobmitm:127.0.0.1:$(cat bob/port) \
+		 filt:drop:5 filt:send])&
+  read mitmpid <pipe-mitmpid
+  trap 'kill $mitmpid; exit 127' EXIT INT QUIT TERM HUP
+  exec 3>&-
 
   ## Try to establish keys anyway.
   AWAIT_KXDONE([alice], [alice], [bob], [bob], [
@@ -491,8 +495,6 @@ WITH_2TRIPES([alice], [bob], [-nslip], [-talice], [-tbob], [
 
   ## Tear down the MITM proxy.
   kill $mitmpid
-  wait $mitmpid
-  wait $mitmtrace
 ])
 
 AT_CLEANUP
@@ -582,12 +584,12 @@ WITH_3TRIPES([alice], [bob], [carol], [-nslip -Tmx],
   for p in $princs; do TRIPECTL -d$p RELOAD; done
 
   AT_DATA([algs-alpha], [dnl
-kx-group=ec kx-group-order-bits=256 kx-group-elt-bits=512
-hash=rmd160 mgf=rmd160-mgf hash-sz=20
-bulk-transform=v0 bulk-overhead=22
-cipher=blowfish-cbc cipher-keysz=20 cipher-blksz=8
-cipher-data-limit=67108864
-mac=rmd160-hmac mac-keysz=20 mac-tagsz=10
+kx-group=curve25519 kx-group-order-bits=252 kx-group-elt-bits=255
+hash=sha256 mgf=sha256-mgf hash-sz=32
+bulk-transform=naclbox bulk-overhead=20
+cipher=chacha20 cipher-keysz=32
+mac=poly1305 mac-tagsz=16
+cipher-data-limit=2147483648
 ])
 
   AT_DATA([algs-beta-old], [dnl
@@ -595,8 +597,8 @@ kx-group=prime kx-group-order-bits=160 kx-group-elt-bits=1023
 hash=rmd160 mgf=rmd160-mgf hash-sz=20
 bulk-transform=v0 bulk-overhead=22
 cipher=blowfish-cbc cipher-keysz=20 cipher-blksz=8
-cipher-data-limit=67108864
 mac=rmd160-hmac mac-keysz=20 mac-tagsz=10
+cipher-data-limit=67108864
 ])
 
   AT_DATA([algs-beta-new], [dnl
@@ -604,9 +606,9 @@ kx-group=ec kx-group-order-bits=161 kx-group-elt-bits=320
 hash=rmd160 mgf=rmd160-mgf hash-sz=20
 bulk-transform=iiv bulk-overhead=14
 cipher=blowfish-cbc cipher-keysz=20 cipher-blksz=8
-cipher-data-limit=67108864
 mac=rmd160-hmac mac-keysz=20 mac-tagsz=10
 blkc=blowfish blkc-keysz=20 blkc-blksz=8
+cipher-data-limit=67108864
 ])
 
   cp algs-alpha expout;    AT_CHECK([TRIPECTL -dalice ALGS],,       [expout])