From: Mark Wooding Date: Mon, 8 Dec 2008 12:11:28 +0000 (+0000) Subject: server: Test script. X-Git-Tag: 1.0.0pre8~52 X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/tripe/commitdiff_plain/5d85da1c8dba900b960ab8fd81e2f8fdb7a7a660?ds=sidebyside server: Test script. --- diff --git a/maint-utils/make-test-keys b/maint-utils/make-test-keys new file mode 100755 index 00000000..3b3808fa --- /dev/null +++ b/maint-utils/make-test-keys @@ -0,0 +1,18 @@ +#! /bin/sh + +set -e + +for ty in ec dh; do + kr=keyring-$ty + rm -f $kr $kr.old $kr.pub $kr.pub.old + case $ty in + ec) group=nist-p256 ;; + dh) group=catacomb-ll-224-2048 ;; + esac + key -k$kr add -a$ty-param -C$group -eforever tripe-$ty-param + for who in alice bob; do + key -k$kr add -a$ty -ptripe-$ty-param -t$who -eforever tripe-$ty + done + key -k$kr extract -f-secret $kr.pub +done +rm *.old diff --git a/server/tests.at b/server/tests.at new file mode 100644 index 00000000..1a3bc4c5 --- /dev/null +++ b/server/tests.at @@ -0,0 +1,360 @@ +### -*-autotest-*- +### +### Test script for the main server +### +### (c) 2008 Straylight/Edgeware +### + +###----- Licensing notice --------------------------------------------------- +### +### This file is part of Trivial IP Encryption (TrIPE). +### +### TrIPE is free software; you can redistribute it and/or modify +### it under the terms of the GNU General Public License as published by +### the Free Software Foundation; either version 2 of the License, or +### (at your option) any later version. +### +### TrIPE is distributed in the hope that it will be useful, +### but WITHOUT ANY WARRANTY; without even the implied warranty of +### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +### GNU General Public License for more details. +### +### You should have received a copy of the GNU General Public License +### along with TrIPE; if not, write to the Free Software Foundation, +### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + +m4_define([nl], [ +]) + +## Configure a directory ready for use by tripe. +m4_define([SETUPDIR], [ + cp $abs_top_srcdir/t/keyring-$1 ./keyring + key extract -f-secret keyring.pub +]) + +## Running standard programs with useful options. +m4_define([TRIPE], + [$abs_top_builddir/server/tripe -F -d. -aadmin -p0 -b127.0.0.1 -talice]) +m4_define([TRIPECTL], [$abs_top_builddir/client/tripectl -d. -aadmin]) +m4_define([USLIP], [$abs_top_builddir/uslip/tripe-uslip]) + +## Sequences. (These are used for testing the replay protection machinery.) +m4_define([R32], [ 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 dnl + 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31]) +m4_define([P32], [21 26 14 12 25 18 2 27 10 31 24 29 0 20 17 11 dnl + 8 3 7 23 19 1 13 30 6 9 5 22 15 28 16 4]) + +###-------------------------------------------------------------------------- +### Scaffolding for running a TrIPE server. + +m4_define([WITH_TRIPEX], [ + +## Remove the status file. This is how we notice that the server's died. +rm -f $1/server-status +> $1/expected-server-output +> $1/expected-server-errors + +## Keep Autotest writes crap to standard output, which we don't want going to +## the server. So keep a copy of the standard output, do the pipe, and +## recover the old stdout inside the group. +exec 3>&1 +{ ( +exec 1>&3 3>&- + +## Wait for the socket to appear. Watch for the server crashing during +## initialization. Busy waiting is evil, but it's the best I can do and +## not sleep for ages. (Yes, a second on each test group is a long time.) +while test ! -r $1//server-status && test ! -S $1/admin; do :; done + +## Test body... +$3 + +## End of the test, now run the server. +) && :; } | { + cd $1 + echo TRIPE $2 >&2 + strace -f -o tripe.trace TRIPE $2 >server-output 2>server-errors + stat=$? + echo $stat >server-status + if test $stat -ne 0; then + echo "exit status: $stat" >>server-errors + fi +} +exec 3>&- + +## Now check that the server's output matches our expectations. +mv $1/expected-server-output expout +mv $1/expected-server-errors experr +AT_CHECK([cat $1/server-output; cat >&2 $1/server-errors],, + [expout], [experr]) +]) + +m4_define([WITH_TRIPE], [WITH_TRIPEX([.], [$1], [$2])]) + +m4_define([WITH_2TRIPES], + [WITH_TRIPEX([$1], [$3 $4], [WITH_TRIPEX([$2], [$3 $5], [$6])])]) + +###-------------------------------------------------------------------------- +### Very unpleasant coprocess handling. + +## COPROCESSES(TAG, PROC-A, PROC-B) +m4_define([COPROCESSES], [dnl +rm -f pipe-$1; mknod pipe-$1 p +{ { $2 nl } pipe-$1; } dnl +]) + +## TRIPECTL_INTERACT(ARGS, SHELLSTUFF) +m4_define([TRIPECTL_INTERACT], [ + exec 3<&1 + COPROCESSES([client], [exec 4>&1 1>&3 $2], [TRIPECTL $1]) +]) + +## TRIPECTL_COMMAND(CMD, EXPECT) +m4_define([TRIPECTL_COMMAND], [ + AT_CHECK([ + m4_if([$1], [!], [:], [echo "$1" >&4]) + read line + case "$line" in + "$2") ;; + *) echo 2>&1 "submitted $1: expected $2, found $line"; exit 1 ;; + esac + ]) + exec 3>&- +]) + +###-------------------------------------------------------------------------- +### Make sure the thing basically works. + +AT_SETUP([server basics]) +SETUPDIR([ec]) +AT_CHECK([echo port | TRIPE -p54321],, [INFO 54321[]nl[]OK[]nl]) +AT_CLEANUP + +###-------------------------------------------------------------------------- +### Challenges. + +AT_SETUP([server challenges]) +AT_KEYWORDS([chal]) +SETUPDIR([ec]) + +WITH_TRIPE(, [ + ## A simple test. + AT_CHECK([chal=$(TRIPECTL GETCHAL); TRIPECTL checkchal $chal]) + + ## A wrong challenge. (This was valid once, but the probablity that the + ## server chose the same key is negligible.) + AT_CHECK([TRIPECTL checkchal AAAAAHyoOL+HMaE0Y9B3ivuszt0], [1],, + [tripectl: invalid-challenge[]nl]) + echo WARN CHAL incorrect-tag >>expected-server-output + + ## A duplicated challenge. + AT_CHECK([ + chal=$(TRIPECTL GETCHAL) + TRIPECTL CHECKCHAL $chal + TRIPECTL CHECKCHAL $chal + ], [1],, [tripectl: invalid-challenge[]nl]) + echo WARN CHAL replay duplicated-sequence >>expected-server-output + + ## Out-of-order reception. There should be a window of 32 challenges; we + ## make 33 and check them in a strange order. + rm -f experr + echo "tripectl: invalid-challenge" >>experr + echo "WARN CHAL replay old-sequence" >>expected-server-output + for i in P32; do + echo "tripectl: invalid-challenge" >>experr + echo "WARN CHAL replay duplicated-sequence" >>expected-server-output + done + AT_CHECK([ + + ## Make the challenges. + for i in old R32; do TRIPECTL GETCHAL >chal-$i || exit 2; done + + ## Now check them back. + for i in P32; do TRIPECTL CHECKCHAL $(cat chal-$i) || exit 3; done + + ## Check the one which should have fallen off the front. + TRIPECTL CHECKCHAL $(cat chal-old) && exit 4 + + ## And make sure that the others are now considered duplicates. + for i in R32; do TRIPECTL CHECKCHAL $(cat chal-$i) && exit 5; done + + ## All done: tidy cruft away. + rm -f chal-* + exit 0 + ], [0],, [experr]) +]) + +AT_CLEANUP + +###-------------------------------------------------------------------------- +### Communication. + +AT_SETUP([server communication]) +AT_KEYWORDS([comm]) +export TRIPE_SLIPIF=USLIP + +for i in alice bob; do (mkdir $i; cd $i; SETUPDIR([ec])); done + +WITH_2TRIPES([alice], [bob], [-nslip], [-talice], [-tbob], [ + + AT_CHECK([TRIPECTL -dalice PORT],, [stdout]) + mv stdout alice/port + + AT_CHECK([TRIPECTL -dbob PORT],, [stdout]) + mv stdout bob/port + + ## Watch for the key-exchange completion announcement, and then exit. + COPROCESSES([wait], [ + echo WATCH +n + while read line; do + case "$line" in + OK) ;; + "NOTE KXDONE "*) break ;; + NOTE*) ;; + *) exit 63 ;; + esac + done + ], [ + TRIPECTL -dalice + ]) & + + ## Don't panic if you don't see the unexpected-source warning. It happens + ## for me, but it's not important either way. + AT_CHECK([TRIPECTL -dalice ADD bob INET 127.0.0.1 $(cat bob/port)]) + echo >>bob/expected-server-output \ + "WARN PEER - unexpected-source INET 127.0.0.1 $(cat alice/port)" + AT_CHECK([TRIPECTL -dbob ADD alice INET 127.0.0.1 $(cat alice/port)]) + + ## Check transport pinging. + AT_CHECK([TRIPECTL -dalice PING bob],, [ignore]) + AT_CHECK([TRIPECTL -dbob PING alice],, [ignore]) + + ## Wait for the completion announcement. + wait + + ## Check encrypted pinging. + AT_CHECK([TRIPECTL -dalice EPING bob],, [ignore]) + AT_CHECK([TRIPECTL -dbob EPING alice],, [ignore]) + + ## Check that packets can flow from one to the other. + AT_CHECK([echo "from alice" | USLIP -p alice/bob]) + AT_CHECK([USLIP -g bob/alice],, [from alice[]nl]) + + AT_CHECK([echo "from bob" | USLIP -p bob/alice]) + AT_CHECK([USLIP -g alice/bob],, [from bob[]nl]) +]) + +AT_CLEANUP + +###-------------------------------------------------------------------------- +### Services. + +AT_SETUP([server services]) +AT_KEYWORDS([svc]) +SETUPDIR([ec]) + +WITH_TRIPE(, [ + + ## Make sure it's not running yet. + AT_CHECK([TRIPECTL SVCENSURE test], [1],, + [tripectl: unknown-service test[]nl]) + + ## Run a simple service. + rm -f svc-test-running tripectl-status + COPROCESSES([svc], [ + echo SVCCLAIM test 1.0.0 + read line + case "$line" in + OK) + ;; + *) + echo >&2 "SVCCLAIM failed: $line" + exit 1 + ;; + esac + echo ok >svc-test-running + while read line; do + set -- $line + case "$[]1,$[]3,$[]4" in + SVCJOB,test,HELP) + echo SVCINFO try not to use this service for anything useful + echo SVCOK $[]2 + ;; + SVCJOB,test,GOOD) + echo SVCOK $[]2 + ;; + SVCJOB,test,BAD) + echo SVCFAIL $[]2 this-command-always-fails + ;; + SVCJOB,test,UGLY) + tag=$2 + while read line; do + set -- $line + case "$[]1,$[]2,$[]3,$[]4" in + SVCCANCEL,$tag,,) break ;; + SVCJOB,*,test,ESCAPE) + echo >&2 "attempt to escape from alkatraz" + exit 1 + ;; + esac + done + ;; + SVCJOB,test,FIRST) + firsttag=$[]2 + ;; + SVCJOB,test,SECOND) + echo SVCOK $firsttag + echo SVCOK $[]2 + ;; + SVCJOB,*) + echo SVCFAIL $[]2 unknown-svc-command $[]4 + ;; + SVCCLAIM,*) + break + ;; + OK,* | INFO,*) + ;; + FAIL,*) + echo "failure in service: $line" >&2 + ;; + esac + done + ], [ + TRIPECTL; echo $? >tripectl-status + ]) 2>tripectl-errors & + + ## Wait until it starts up. + while test ! -r svc-test-running && test ! -r tripectl-status; do :; done + + ## Make sure it's running. + AT_CHECK([TRIPECTL SVCQUERY test],, [name=test version=1.0.0[]nl]) + + ## Try some simple commands. + AT_CHECK([TRIPECTL SVCSUBMIT test GOOD]) + AT_CHECK([TRIPECTL SVCSUBMIT test BAD], [1],, + [tripectl: this-command-always-fails[]nl]) + + ## And now with commands in the background. + TRIPECTL_INTERACT([ + TRIPECTL_COMMAND([SVCSUBMIT test GOOD], [OK]) + TRIPECTL_COMMAND([SVCSUBMIT -background foo test UGLY], [BGDETACH foo]) + TRIPECTL_COMMAND([BGCANCEL foo], [OK]) + TRIPECTL_COMMAND([SVCSUBMIT test ESCAPE], + [FAIL unknown-svc-command ESCAPE]) + ]) + + ## Out-of-order completion. + TRIPECTL_INTERACT([ + TRIPECTL_COMMAND([SVCSUBMIT -background one test FIRST], [BGDETACH one]) + TRIPECTL_COMMAND([SVCSUBMIT -background two test SECOND], [BGDETACH two]) + TRIPECTL_COMMAND([!], [BGOK one]) + TRIPECTL_COMMAND([!], [BGOK two]) + ]) + + ## All done. + exit 0 +]) + +AT_CLEANUP + +###----- That's all, folks -------------------------------------------------- diff --git a/t/Makefile.am b/t/Makefile.am index 0e05409a..8b50ba39 100644 --- a/t/Makefile.am +++ b/t/Makefile.am @@ -30,7 +30,16 @@ autotest_TESTS = ###-------------------------------------------------------------------------- ### Test directories. +## The main server. +autotest_TESTS += $(top_srcdir)/server/tests.at + ## Key management. autotest_TESTS += $(top_srcdir)/keys/tests.at +###-------------------------------------------------------------------------- +### Test files. + +## Keyring files. +EXTRA_DIST += keyring-dh keyring-ec + ###----- That's all, folks -------------------------------------------------- diff --git a/t/keyring-dh b/t/keyring-dh new file mode 100644 index 00000000..dab09a01 --- /dev/null +++ b/t/keyring-dh @@ -0,0 +1,3 @@ +48b6ad10:tripe-dh:alice struct:[p=integer,shared:3113844893182469436423817481922802329154474934213986369565700235348098440269001480103560846535113493144522446351379349356211385191632945710341444495577638160076546999114567117877732507854868463110804063964212132228977417231690350182211790515961798314443291574015832300281633156990779527484905381392680532643288437519954295652416759988107781937077836044809781096660654460207183523575424301901443740349094152501352983589721328225459512044516684078781305909247963063040562914192132284695886353707336911126238203292592145886841905764429235683487108646920559740458905874135798982283901137307047131586817745416509850061963,g=integer,shared:1018599075350815414286530684646967825916370747779291600517646276513566802791874935821816063520500873842729343817973803895278528701892043836290994612088035311589900475691176610297248816678701309707300454643927577686742011376684351525767933769045470869869290385506108485669189456183746644562327923152628958690988304340204333382573235567919004822811151873260798098816157572583867825397056414990908538555039226503662448878536483457742053639607062687899859473980884756925814541061907505350254827583321961201313954703462583072253230646667723110441238195386606218014837851495231172030604130800244334912972408067680590879980,private=struct:[x=integer,private,burn:12925516279336617681749047875677910374808459601045692650183351252567],y=integer,public:2147252343272199332433093572624364150600733181272360401139826258684958424384279145806988150577635610222410097992967404883625424784184144642726033843635964577566618029602860768917644999454031707845407246999649272610738600396876995664510658888562522748574929429450804671881326957998945350853481175738068084140805913514578922673054211142426524306027661847782363099733057151725340675795636426193379444815434085929191423195852408127015244284862791758968887655610173981209464757816279326832989018651597986298264407327028105677106458198155062934722418627827294775769242447294469862143686827616893324924605673285776088348433,q=integer,shared:18749474022970964965792505501868745784157349746475161167020805104727] forever forever - +0da37666:tripe-dh-param struct:[p=integer,shared:3113844893182469436423817481922802329154474934213986369565700235348098440269001480103560846535113493144522446351379349356211385191632945710341444495577638160076546999114567117877732507854868463110804063964212132228977417231690350182211790515961798314443291574015832300281633156990779527484905381392680532643288437519954295652416759988107781937077836044809781096660654460207183523575424301901443740349094152501352983589721328225459512044516684078781305909247963063040562914192132284695886353707336911126238203292592145886841905764429235683487108646920559740458905874135798982283901137307047131586817745416509850061963,g=integer,shared:1018599075350815414286530684646967825916370747779291600517646276513566802791874935821816063520500873842729343817973803895278528701892043836290994612088035311589900475691176610297248816678701309707300454643927577686742011376684351525767933769045470869869290385506108485669189456183746644562327923152628958690988304340204333382573235567919004822811151873260798098816157572583867825397056414990908538555039226503662448878536483457742053639607062687899859473980884756925814541061907505350254827583321961201313954703462583072253230646667723110441238195386606218014837851495231172030604130800244334912972408067680590879980,q=integer,shared:18749474022970964965792505501868745784157349746475161167020805104727] forever forever - +61e17f7f:tripe-dh:bob struct:[p=integer,shared:3113844893182469436423817481922802329154474934213986369565700235348098440269001480103560846535113493144522446351379349356211385191632945710341444495577638160076546999114567117877732507854868463110804063964212132228977417231690350182211790515961798314443291574015832300281633156990779527484905381392680532643288437519954295652416759988107781937077836044809781096660654460207183523575424301901443740349094152501352983589721328225459512044516684078781305909247963063040562914192132284695886353707336911126238203292592145886841905764429235683487108646920559740458905874135798982283901137307047131586817745416509850061963,g=integer,shared:1018599075350815414286530684646967825916370747779291600517646276513566802791874935821816063520500873842729343817973803895278528701892043836290994612088035311589900475691176610297248816678701309707300454643927577686742011376684351525767933769045470869869290385506108485669189456183746644562327923152628958690988304340204333382573235567919004822811151873260798098816157572583867825397056414990908538555039226503662448878536483457742053639607062687899859473980884756925814541061907505350254827583321961201313954703462583072253230646667723110441238195386606218014837851495231172030604130800244334912972408067680590879980,private=struct:[x=integer,private,burn:12163975397932741738101903752094019200883658888161942333037284423031],y=integer,public:2538255328091619690225041752206252822929236727195947187581419491623201884002355667551139784541831040415557604602120565060968907431257786395895425685969565995115996571242707726537378860889344307644597579158919280736417138267421099827884009251003627252120392588585786096385356952091997018391656120535654089409855941438084834572780824414557902182373896449891320111559217121175917953476059534921862360583559483956764373559698591559823297030130916665584335677626307093125894088146636164355754864287500475276281337104514246279631170366631990830234749904810761492147086966825270571014875840270855862091250646671726392963239,q=integer,shared:18749474022970964965792505501868745784157349746475161167020805104727] forever forever - diff --git a/t/keyring-ec b/t/keyring-ec new file mode 100644 index 00000000..d7cc8fab --- /dev/null +++ b/t/keyring-ec @@ -0,0 +1,3 @@ +65604204:tripe-ec:bob struct:[p=ec,public:0x6df064afcdc923160114d2919f014bcef1051bf5cb3071194088a10be4f0c992,0xea0f0b538cb3ad46d07d9b83eff95458b691bdfbf09188ccd7b0758bebd8f107,private=struct:[x=integer,private,burn:26559628286452801356420934030260728558957937100654818426187327519091722521190],curve=string,shared:nist%2dp256] forever forever - +b10d3366:tripe-ec-param struct:[curve=string,shared:nist%2dp256] forever forever - +ec1faca7:tripe-ec:alice struct:[p=ec,public:0xa886b00e1457196c1fd91f11a94cf4a081169602c5e2b576d4182eca470ec253,0xb0fa9a01d4205c912d97c4b4c8d8c5e0af869bd7cdef2139aff7579ca590b4c2,private=struct:[x=integer,private,burn:27337377592101678962721737273774069706724348359128065055711824790983665511674],curve=string,shared:nist%2dp256] forever forever -