AT_CLEANUP
+###--------------------------------------------------------------------------
+### Adverse communication.
+
+AT_SETUP([server retry])
+AT_KEYWORDS([backoff])
+export TRIPE_SLIPIF=USLIP
+
+for i in alice bob; do (mkdir $i; cd $i; SETUPDIR([beta])); done
+
+WITH_2TRIPES([alice], [bob], [-nslip], [-talice], [-tbob], [
+
+ ## Set up the evil proxy.
+ alicemitm=24516 bobmitm=14016
+ MITM -kalice/keyring.pub >mitm.out 2>mitm.err \
+ peer:alice:$alicemitm:127.0.0.1:$(cat alice/port) \
+ peer:bob:$bobmitm:127.0.0.1:$(cat bob/port) \
+ filt:drop:5 filt:send& mitmpid=$!
+ strace -omitm.trace -p$mitmpid& mitmtrace=$!
+ trap 'kill $mitmpid $mitmtrace; exit 127' EXIT INT QUIT TERM HUP
+
+ ## Try to establish keys anyway.
+ AWAIT_KXDONE([alice], [alice], [bob], [bob], [
+ AT_CHECK([TRIPECTL -dalice ADD -cork bob INET 127.0.0.1 $alicemitm])
+ AT_CHECK([TRIPECTL -dbob ADD alice INET 127.0.0.1 $bobmitm])
+ ])
+
+ ## Check pinging.
+ COMMS_EPING([alice], [alice], [bob], [bob], [10])
+ COMMS_EPING([bob], [bob], [alice], [alice], [10])
+
+ ## Tear down the MITM proxy.
+ kill $mitmpid
+ wait $mitmpid
+ wait $mitmtrace
+])
+
+AT_CLEANUP
+
+ ###--------------------------------------------------------------------------
+ ### Key management.
+
+ AT_SETUP([server key-management])
+ AT_KEYWORDS([keymgmt])
+ export TRIPE_SLIPIF=USLIP
+
+ ## Determine all of the nets and the principals.
+ princs=""
+ nets=" "
+ while read princ pnets; do
+ princs="$princs $princ"
+ for n in $pnets; do
+ case " $nets " in *" $n "*) ;; *) nets="$nets$n " ;; esac
+ done
+ done <<PRINC
+ alice alpha beta
+ bob alpha beta
+ carol beta
+ PRINC
+
+ ## Build the master keyring. All key tags here are of the form PRINC/NET.
+ for n in $nets; do
+ key -k$abs_top_srcdir/t/keyring-$n extract keyring-$n $princs
+ for p in $princs; do key -kkeyring-$n tag $p $p/$n; done
+ key merge keyring-$n
+ rm keyring-$n
+ done
+ key extract -f-secret keyring.pub
+
+ ## Set up the principals' directories.
+ for p in $princs; do
+ mkdir $p
+ cp keyring keyring.pub $p/
+ done
+
+ WITH_3TRIPES([alice], [bob], [carol], [-nslip -Tmx],
+ [-talice/alpha], [-tbob/alpha], [-tcarol/beta], [
+
+ ## Establish this little merry-go-round.
+ ESTABLISH([alice], [alice], [-key alice/alpha],
+ [bob], [bob], [-key bob/alpha])
+ ESTABLISH([alice], [alice], [-key alice/beta],
+ [carol], [carol], [-priv alice/beta -key carol/beta])
+ ESTABLISH([bob], [bob], [-key bob/beta],
+ [carol], [carol], [-priv bob/beta -key carol/beta])
+
+ ## Tweak Bob's alpha key.
+ for p in $princs; do
+ TRIPECTL -d$p WARN test COMMENT tweak bob/alpha
+ done
+
+ key -k$abs_top_srcdir/t/keyring-alpha extract keyring-bob-new bob-new
+ key merge keyring-bob-new
+ key tag -r bob-new bob/alpha
+ key extract -f-secret keyring.pub
+ for p in alice bob; do cp keyring keyring.pub $p/; done
+
+ ## Kick the peers to see whether they update.
+ AWAIT_KXDONE([alice], [alice], [bob], [bob], [
+ TRIPECTL -dalice RELOAD
+ TRIPECTL -dbob RELOAD
+ TRIPECTL -dalice FORCEKX bob
+ TRIPECTL -dbob FORCEKX alice
+ ])
+
+ COMMS_EPING([alice], [alice], [bob], [bob])
+ COMMS_EPING([bob], [bob], [alice], [alice])
+
+ ## Update the beta ring.
+ key merge $abs_top_srcdir/t/keyring-beta-new
+ for p in $princs; do key tag -r $p $p/beta; done
+ key extract -f-secret keyring.pub
+
+ ## Update alice's and carol's private keys, bob's public. This should be
+ ## insufficient for them to switch, but the results could be interesting.
+ for p in $princs; do
+ TRIPECTL -d$p WARN test COMMENT tweak beta step 1
+ done
+
+ for p in alice carol; do cp keyring $p/; done
+ cp keyring.pub bob/
+ for p in $princs; do TRIPECTL -d$p RELOAD; done
+
+ AT_DATA([algs-alpha], [dnl
+ kx-group=ec kx-group-order-bits=256 kx-group-elt-bits=512
+ hash=rmd160 mgf=rmd160-mgf hash-sz=20
+ cipher=blowfish-cbc cipher-keysz=20 cipher-blksz=8
+ cipher-data-limit=67108864
+ mac=rmd160-hmac mac-keysz=20 mac-tagsz=10
+ ])
+
+ AT_DATA([algs-beta-old], [dnl
+ kx-group=prime kx-group-order-bits=160 kx-group-elt-bits=1023
+ hash=rmd160 mgf=rmd160-mgf hash-sz=20
+ cipher=blowfish-cbc cipher-keysz=20 cipher-blksz=8
+ cipher-data-limit=67108864
+ mac=rmd160-hmac mac-keysz=20 mac-tagsz=10
+ ])
+
+ AT_DATA([algs-beta-new], [dnl
+ kx-group=ec kx-group-order-bits=161 kx-group-elt-bits=320
+ hash=rmd160 mgf=rmd160-mgf hash-sz=20
+ cipher=blowfish-cbc cipher-keysz=20 cipher-blksz=8
+ cipher-data-limit=67108864
+ mac=rmd160-hmac mac-keysz=20 mac-tagsz=10
+ ])
+
+ cp algs-alpha expout; AT_CHECK([TRIPECTL -dalice ALGS],, [expout])
+ cp algs-beta-old expout; AT_CHECK([TRIPECTL -dalice ALGS carol],, [expout])
+ cp algs-beta-old expout; AT_CHECK([TRIPECTL -dbob ALGS carol],, [expout])
+ cp algs-beta-new expout; AT_CHECK([TRIPECTL -dcarol ALGS],, [expout])
+ cp algs-beta-old expout; AT_CHECK([TRIPECTL -dcarol ALGS alice],, [expout])
+
+ ## Now copy the full keys. We expect this to provoke key exchange.
+ for p in $princs; do
+ TRIPECTL -d$p WARN test COMMENT tweak beta step 2
+ done
+
+ for p in $princs; do cp keyring keyring.pub $p/; done
+
+ AWAIT_KXDONE([alice], [alice], [carol], [carol], [
+ TRIPECTL -dalice RELOAD
+ AWAIT_KXDONE([bob], [bob], [carol], [carol], [
+ TRIPECTL -dbob RELOAD
+ TRIPECTL -dcarol RELOAD
+ ])
+ ])
+
+ cp algs-alpha expout; AT_CHECK([TRIPECTL -dalice ALGS],, [expout])
+ cp algs-beta-new expout; AT_CHECK([TRIPECTL -dalice ALGS carol],, [expout])
+ cp algs-beta-new expout; AT_CHECK([TRIPECTL -dbob ALGS carol],, [expout])
+ cp algs-beta-new expout; AT_CHECK([TRIPECTL -dcarol ALGS],, [expout])
+ ])
+
+ AT_CLEANUP
+
###--------------------------------------------------------------------------
### Services.
~mdw / tripe / commitdiff