X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/tripe/blobdiff_plain/9e930d39de569d0aa24eeb7e0603408e89a35c95..fb6a9f13a40d1b9e797b4fe858a06cfdbcc1109b:/server/tests.at

diff --git a/server/tests.at b/server/tests.at
index b3e01a0e..d217054a 100644
--- a/server/tests.at
+++ b/server/tests.at
@@ -9,19 +9,18 @@
 ###
 ### This file is part of Trivial IP Encryption (TrIPE).
 ###
-### TrIPE is free software; you can redistribute it and/or modify
-### it under the terms of the GNU General Public License as published by
-### the Free Software Foundation; either version 2 of the License, or
-### (at your option) any later version.
+### TrIPE is free software: you can redistribute it and/or modify it under
+### the terms of the GNU General Public License as published by the Free
+### Software Foundation; either version 3 of the License, or (at your
+### option) any later version.
 ###
-### TrIPE is distributed in the hope that it will be useful,
-### but WITHOUT ANY WARRANTY; without even the implied warranty of
-### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-### GNU General Public License for more details.
+### TrIPE is distributed in the hope that it will be useful, but WITHOUT
+### ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+### FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+### for more details.
 ###
 ### You should have received a copy of the GNU General Public License
-### along with TrIPE; if not, write to the Free Software Foundation,
-### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+### along with TrIPE.  If not, see <https://www.gnu.org/licenses/>.
 
 m4_define([nl], [
 ])
@@ -35,9 +34,32 @@ m4_define([SETUPDIR], [
 ## Running standard programs with useful options.
 m4_define([TRIPE],
   [env TRIPE_PRIVHELPER=$abs_top_builddir/priv/tripe-privhelper \
-     $abs_top_builddir/server/tripe -F -d. -aadmin -p0 -b127.0.0.1 -talice])
+     $abs_top_builddir/server/tripe -F -d. -aadmin -p0 -b127.0.0.1 \
+	${TRIPE_TEST_TRACEOPTS+-T$TRIPE_TEST_TRACEOPTS}])
 m4_define([TRIPECTL], [$abs_top_builddir/client/tripectl -d. -aadmin])
 m4_define([USLIP], [$abs_top_builddir/uslip/tripe-uslip])
+m4_define([MITM], [$abs_top_builddir/proxy/tripe-mitm])
+
+## WITH_STRACE(tag, cmd)
+##
+## There's an awful hack here.  If a process running under strace exits with
+## a signal, then strace will kill itself with the same signal -- and
+## therefore clobber the original process's core file.  So we arrange to run
+## strace in one directory and have the child process run in another.
+m4_define([WITH_STRACE],
+[case "${TRIPE_TEST_STRACE-nil}" in
+  nil)
+    $2
+    ;;
+  *)
+    mkdir -p strace-hack.$1/
+    (ulimit -c hard >/dev/null 2>&1
+     sh -c 'cd strace-hack.$1; exec "$[]@"' - \
+	strace -ff -tt -v -s1024 -o../$1.trace \
+	sh -c 'cd ..; exec "$[]@"' - \
+	$2)
+    ;;
+ esac])
 
 ## Sequences.  (These are used for testing the replay protection machinery.)
 m4_define([R32], [ 0  1  2  3  4  5  6  7  8  9 10 11 12 13 14 15   dnl
@@ -81,24 +103,17 @@ mv stdout $1/port
 ## Test body...
 $3
 
-## End of the test, now run the server.  There's an awful hack here.  If a
-## process running under strace exits with a signal, then strace will kill
-## itself with the same signal -- and therefore clobber the original
-## process's core file.  So we arrange to run strace in one directory and
-## have the child process run in another.
+## End of the test, now run the server.
 ) && :; } | {
   cd $1
-  mkdir -p strace-hack/
   echo TRIPE $2 >&2
-  (cd strace-hack/
-   ulimit -c hard >/dev/null 2>&1
-   strace -f -o ../tripe.trace \
-     TRIPE -d.. $2 >../server-output.full 2>../server-errors)
+  WITH_STRACE([tripe], [TRIPE $2 >server-output.full 2>server-errors.full])
   stat=$?
   echo $stat >server-status
   if test $stat -ne 0; then
-    echo "exit status: $stat" >>server-errors
+    echo "exit status: $stat" >>server-errors.full
   fi
+  grep -v '^+ tripe: ' server-errors.full >server-errors
 
   ## We interrupt this relatively sensible macro for an especially awful
   ## hack.  The tripe server emits warnings which are often caused by lack of
@@ -149,7 +164,7 @@ $3
 	{
 	  for (i = 0; i < npat; i++) {
 	    n = length(pat[[i]]);
-	    if (substr($[]0, 0, n) == pat[[i]])
+	    if (substr($[]0, 1, n) == pat[[i]])
 	      next;
 	  }
 	  print $[]0;
@@ -172,6 +187,13 @@ m4_define([WITH_TRIPE], [WITH_TRIPEX([.], [$1], [$2])])
 m4_define([WITH_2TRIPES],
 	  [WITH_TRIPEX([$1], [$3 $4], [WITH_TRIPEX([$2], [$3 $5], [$6])])])
 
+## WITH_3TRIPES(adir, bdir, cdir, allargs, aargs, bargs, cargs, body)
+m4_define([WITH_3TRIPES],
+	  [WITH_TRIPEX([$1], [$4 $5],
+	  [WITH_TRIPEX([$2], [$4 $6],
+	  [WITH_TRIPEX([$3], [$4 $7],
+	  [$8])])])])
+
 ## RETRY(n, body)
 m4_define([RETRY], [
   n=0 rc=1
@@ -204,9 +226,13 @@ m4_define([COMMS_SLIP], [
 m4_define([AWAIT_KXDONE], [
 
   ## Ignore some reports caused by races.
-  TRIPECTL -d$3 WARN test PUSH
-  TRIPECTL -d$3 WARN test IGNORE WARN KX $2 incorrect cookie
-  TRIPECTL -d$3 WARN test IGNORE WARN KX $2 unexpected pre-challenge
+  for i in $1!$4 $3!$2; do
+    d=${i%!*} o=${i#*!}
+    TRIPECTL -d$d WARN test PUSH
+    TRIPECTL -d$d WARN test IGNORE WARN KX $o incorrect cookie
+    TRIPECTL -d$d WARN test IGNORE WARN KX $o unexpected pre-challenge
+    TRIPECTL -d$d WARN test IGNORE WARN KX $o unexpected challenge
+  done
 
   ## Watch for the key-exchange completion announcement in the background.
   COPROCESSES([wait-$1], [
@@ -217,7 +243,7 @@ m4_define([AWAIT_KXDONE], [
       case "$[]1:$[]2:$[]3" in
 	OK::) ;;
 	NOTE:KXDONE:$4) break ;;
-	NOTE:*) ;;
+	NOTE:* | TRACE:* | WARN:*) ;;
 	*) exit 63 ;;
       esac
     done
@@ -232,16 +258,18 @@ m4_define([AWAIT_KXDONE], [
   AT_CHECK([echo $waitrc],, [0[]nl])
 
   ## Be interested in key-exchange warnings again.
-  TRIPECTL -d$4 WARN test POP
+  for d in $1 $3; do TRIPECTL -d$d WARN test POP; done
 ])
 
-## ESTABLISH(adir, aname, aopts, bdir, bname, bopts)
+## ESTABLISH(adir, aname, aopts, bdir, bname, bopts, [aport], [bport])
 m4_define([ESTABLISH], [
 
   ## Set up the establishment.
   AWAIT_KXDONE([$1], [$2], [$4], [$5], [
-    AT_CHECK([TRIPECTL -d$1 ADD -cork $6 $5 INET 127.0.0.1 $(cat $4/port)])
-    AT_CHECK([TRIPECTL -d$4 ADD $3 $2 INET 127.0.0.1 $(cat $1/port)])
+    AT_CHECK([TRIPECTL -d$1 ADD -cork $6 $5 INET 127.0.0.1 \
+      m4_if([$8], [], [$(cat $4/port)], [$8])])
+    AT_CHECK([TRIPECTL -d$4 ADD $3 $2 INET 127.0.0.1 \
+      m4_if([$7], [], [$(cat $1/port)], [$7])])
   ])
 
   ## Check transport pinging.
@@ -285,7 +313,7 @@ m4_define([TRIPECTL_COMMAND], [
 ### Make sure the thing basically works.
 
 AT_SETUP([server basics])
-SETUPDIR([ec])
+SETUPDIR([alpha])
 AT_CHECK([echo port | TRIPE -p54321],, [INFO 54321[]nl[]OK[]nl])
 AT_CLEANUP
 
@@ -294,7 +322,7 @@ AT_CLEANUP
 
 AT_SETUP([server challenges])
 AT_KEYWORDS([chal])
-SETUPDIR([ec])
+SETUPDIR([alpha])
 
 WITH_TRIPE(, [
   ## A simple test.
@@ -352,11 +380,262 @@ AT_SETUP([server communication])
 AT_KEYWORDS([comm])
 export TRIPE_SLIPIF=USLIP
 
-for i in alice bob; do (mkdir $i; cd $i; SETUPDIR([ec])); done
+for k in alpha beta-new; do
+  for p in alice bob; do (
+    rm -rf $p; mkdir $p; cd $p; SETUPDIR([$k])
+  ); done
+  WITH_2TRIPES([alice], [bob], [-nslip], [-talice], [-tbob], [
+    ESTABLISH([alice], [not-alice], [-key alice],
+	      [bob], [bob], [])
+  ])
+  for p in alice bob; do rm -rf $p.$k; mv $p $p.$k; done
+done
+
+AT_CLEANUP
+
+###--------------------------------------------------------------------------
+### Mobile peer tracking.
+
+AT_SETUP([peer tracking])
+AT_KEYWORDS([mobile])
+export TRIPE_SLIPIF=USLIP
+
+for p in alice bob carol; do (mkdir $p; cd $p; SETUPDIR([alpha])); done
+
+## WITH_MITM(adir, aport, bdir, bport, body)
+m4_define([WITH_MITM], [
+  echo >&2 "mitm: $1 <--> :$2 <-mitm-> :$4 <--> $3"
+  MITM -k$1/keyring.pub \
+	peer:$1:$2:127.0.0.1:$(cat $1/port) \
+	peer:$3:$4:127.0.0.1:$(cat $3/port) \
+	filt:send& mitmpid_$1_$3=$!
+  trap 'kill $mitmpid_$1_$3; exit 127' EXIT INT QUIT TERM HUP
+  sleep 1
+  $5
+  kill $mitmpid_$1_$3; trap - EXIT INT QUIT TERM HUP
+])
+
+WITH_3TRIPES([alice], [bob], [carol], [-nslip],
+	     [-talice], [-tbob], [-tcarol], [
+
+  ## We need an indirection layer between the two peers so that we can
+  ## simulate the effects of NAT remapping.  The nearest thing we have to
+  ## this is the mitm proxy, so we may as well use that.
+  ##
+  ## alice <--> :5311 <-mitm-> :5312 <--> bob
+  ## alice <--> :5321 <-mitm-> :5322 <--> carol
+
+  WITH_MITM([alice], [5311], [bob], [5312], [
+    ESTABLISH([alice], [alice], [], [bob], [bob], [-mobile], [5312], [5311])
+  ])
+
+  WITH_MITM([alice], [5319], [bob], [5312], [
+    COMMS_EPING([bob], [bob], [alice], [alice])
+    COMMS_SLIP([bob], [bob], [alice], [alice])
+  ])
+
+  WITH_MITM([alice], [5321], [carol], [5322], [
+    ESTABLISH([alice], [alice], [], [carol], [carol], [-mobile],
+	[5322], [5321])
+  ])
+
+  WITH_MITM([alice], [5311], [bob], [5312], [
+  WITH_MITM([alice], [5321], [carol], [5322], [
+    COMMS_EPING([bob], [bob], [alice], [alice])
+    COMMS_EPING([carol], [carol], [alice], [alice])
+    COMMS_SLIP([bob], [bob], [alice], [alice])
+    COMMS_SLIP([carol], [carol], [alice], [alice])
+  ])])
+
+  WITH_MITM([alice], [5321], [bob], [5312], [
+  WITH_MITM([alice], [5311], [carol], [5322], [
+    COMMS_EPING([bob], [bob], [alice], [alice])
+    COMMS_EPING([carol], [carol], [alice], [alice])
+    COMMS_SLIP([bob], [bob], [alice], [alice])
+    COMMS_SLIP([carol], [carol], [alice], [alice])
+  ])])
+  wait
+])
+
+AT_CLEANUP
+
+###--------------------------------------------------------------------------
+### Adverse communication.
+
+AT_SETUP([server retry])
+AT_KEYWORDS([backoff])
+export TRIPE_SLIPIF=USLIP
+
+for i in alice bob; do (mkdir $i; cd $i; SETUPDIR([beta])); done
 
 WITH_2TRIPES([alice], [bob], [-nslip], [-talice], [-tbob], [
-  ESTABLISH([alice], [not-alice], [-key alice],
-	    [bob], [bob], [])
+
+  ## Set up the evil proxy.
+  alicemitm=24516 bobmitm=14016
+  mknod pipe-mitmpid p
+  WITH_STRACE([mitm],
+	      [sh -c 'echo $$ >pipe-mitmpid; exec "$@"' - \
+	       MITM -kalice/keyring.pub >mitm.out 2>mitm.err \
+		 peer:alice:$alicemitm:127.0.0.1:$(cat alice/port) \
+		 peer:bob:$bobmitm:127.0.0.1:$(cat bob/port) \
+		 filt:drop:5 filt:send])&
+  read mitmpid <pipe-mitmpid
+  trap 'kill $mitmpid; exit 127' EXIT INT QUIT TERM HUP
+  exec 3>&-
+
+  ## Try to establish keys anyway.
+  AWAIT_KXDONE([alice], [alice], [bob], [bob], [
+    AT_CHECK([TRIPECTL -dalice ADD -cork bob   INET 127.0.0.1 $alicemitm])
+    AT_CHECK([TRIPECTL -dbob   ADD       alice INET 127.0.0.1 $bobmitm])
+  ])
+
+  ## Check pinging.
+  COMMS_EPING([alice], [alice], [bob], [bob], [10])
+  COMMS_EPING([bob], [bob], [alice], [alice], [10])
+
+  ## Tear down the MITM proxy.
+  kill $mitmpid
+])
+
+AT_CLEANUP
+
+###--------------------------------------------------------------------------
+### Key management.
+
+AT_SETUP([server key-management])
+AT_KEYWORDS([keymgmt])
+export TRIPE_SLIPIF=USLIP
+
+## Determine all of the nets and the principals.
+princs=""
+nets=" "
+while read princ pnets; do
+  princs="$princs $princ"
+  for n in $pnets; do
+    case " $nets " in *" $n "*) ;; *) nets="$nets$n " ;; esac
+  done
+done <<PRINC
+alice	alpha	beta
+bob	alpha	beta
+carol	beta
+PRINC
+
+## Build the master keyring.  All key tags here are of the form PRINC/NET.
+for n in $nets; do
+  key -k$abs_top_srcdir/t/keyring-$n extract keyring-$n $princs
+  for p in $princs; do key -kkeyring-$n tag $p $p/$n; done
+  key merge keyring-$n
+  rm keyring-$n
+done
+key extract -f-secret keyring.pub
+
+## Set up the principals' directories.
+for p in $princs; do
+  mkdir $p
+  cp keyring keyring.pub $p/
+done
+
+WITH_3TRIPES([alice], [bob], [carol], [-nslip -Tmx],
+	[-talice/alpha], [-tbob/alpha], [-tcarol/beta], [
+
+  ## Establish this little merry-go-round.
+  ESTABLISH([alice], [alice], [-key alice/alpha],
+	[bob], [bob], [-key bob/alpha])
+  ESTABLISH([alice], [alice], [-key alice/beta],
+	[carol], [carol], [-priv alice/beta -key carol/beta])
+  ESTABLISH([bob], [bob], [-key bob/beta],
+	[carol], [carol], [-priv bob/beta -key carol/beta])
+
+  ## Tweak Bob's alpha key.
+  for p in $princs; do
+    TRIPECTL -d$p WARN test COMMENT tweak bob/alpha
+  done
+
+  key -k$abs_top_srcdir/t/keyring-alpha extract keyring-bob-new bob-new
+  key merge keyring-bob-new
+  key tag -r bob-new bob/alpha
+  key extract -f-secret keyring.pub
+  for p in alice bob; do cp keyring keyring.pub $p/; done
+
+  ## Kick the peers to see whether they update.
+  AWAIT_KXDONE([alice], [alice], [bob], [bob], [
+    TRIPECTL -dalice RELOAD
+    TRIPECTL -dbob RELOAD
+    TRIPECTL -dalice FORCEKX bob
+    TRIPECTL -dbob FORCEKX alice
+  ])
+
+  COMMS_EPING([alice], [alice], [bob], [bob])
+  COMMS_EPING([bob], [bob], [alice], [alice])
+
+  ## Update the beta ring.
+  key merge $abs_top_srcdir/t/keyring-beta-new
+  for p in $princs; do key tag -r $p $p/beta; done
+  key extract -f-secret keyring.pub
+
+  ## Update alice's and carol's private keys, bob's public.  This should be
+  ## insufficient for them to switch, but the results could be interesting.
+  for p in $princs; do
+    TRIPECTL -d$p WARN test COMMENT tweak beta step 1
+  done
+
+  for p in alice carol; do cp keyring $p/; done
+  cp keyring.pub bob/
+  for p in $princs; do TRIPECTL -d$p RELOAD; done
+
+  AT_DATA([algs-alpha], [dnl
+kx-group=curve25519 kx-group-order-bits=252 kx-group-elt-bits=255
+hash=sha256 mgf=sha256-mgf hash-sz=32
+bulk-transform=naclbox bulk-overhead=20
+cipher=chacha20 cipher-keysz=32
+mac=poly1305 mac-tagsz=16
+cipher-data-limit=2147483648
+])
+
+  AT_DATA([algs-beta-old], [dnl
+kx-group=prime kx-group-order-bits=160 kx-group-elt-bits=1023
+hash=rmd160 mgf=rmd160-mgf hash-sz=20
+bulk-transform=v0 bulk-overhead=22
+cipher=blowfish-cbc cipher-keysz=20 cipher-blksz=8
+mac=rmd160-hmac mac-keysz=20 mac-tagsz=10
+cipher-data-limit=67108864
+])
+
+  AT_DATA([algs-beta-new], [dnl
+kx-group=ec kx-group-order-bits=161 kx-group-elt-bits=320
+hash=rmd160 mgf=rmd160-mgf hash-sz=20
+bulk-transform=iiv bulk-overhead=14
+cipher=blowfish-cbc cipher-keysz=20 cipher-blksz=8
+mac=rmd160-hmac mac-keysz=20 mac-tagsz=10
+blkc=blowfish blkc-keysz=20 blkc-blksz=8
+cipher-data-limit=67108864
+])
+
+  cp algs-alpha expout;    AT_CHECK([TRIPECTL -dalice ALGS],,       [expout])
+  cp algs-beta-old expout; AT_CHECK([TRIPECTL -dalice ALGS carol],, [expout])
+  cp algs-beta-old expout; AT_CHECK([TRIPECTL -dbob   ALGS carol],, [expout])
+  cp algs-beta-new expout; AT_CHECK([TRIPECTL -dcarol ALGS],,       [expout])
+  cp algs-beta-old expout; AT_CHECK([TRIPECTL -dcarol ALGS alice],, [expout])
+
+  ## Now copy the full keys.  We expect this to provoke key exchange.
+  for p in $princs; do
+    TRIPECTL -d$p WARN test COMMENT tweak beta step 2
+  done
+
+  for p in $princs; do cp keyring keyring.pub $p/; done
+
+  AWAIT_KXDONE([alice], [alice], [carol], [carol], [
+    TRIPECTL -dalice RELOAD
+    AWAIT_KXDONE([bob], [bob], [carol], [carol], [
+      TRIPECTL -dbob RELOAD
+      TRIPECTL -dcarol RELOAD
+    ])
+  ])
+
+  cp algs-alpha expout;    AT_CHECK([TRIPECTL -dalice ALGS],,       [expout])
+  cp algs-beta-new expout; AT_CHECK([TRIPECTL -dalice ALGS carol],, [expout])
+  cp algs-beta-new expout; AT_CHECK([TRIPECTL -dbob   ALGS carol],, [expout])
+  cp algs-beta-new expout; AT_CHECK([TRIPECTL -dcarol ALGS],,       [expout])
 ])
 
 AT_CLEANUP
@@ -366,7 +645,7 @@ AT_CLEANUP
 
 AT_SETUP([server services])
 AT_KEYWORDS([svc])
-SETUPDIR([ec])
+SETUPDIR([alpha])
 
 WITH_TRIPE(, [