## Running standard programs with useful options.
m4_define([TRIPE],
[env TRIPE_PRIVHELPER=$abs_top_builddir/priv/tripe-privhelper \
- $abs_top_builddir/server/tripe -F -d. -aadmin -p0 -b127.0.0.1 -talice \
+ $abs_top_builddir/server/tripe -F -d. -aadmin -p0 -b127.0.0.1 \
${TRIPE_TEST_TRACEOPTS+-T$TRIPE_TEST_TRACEOPTS}])
m4_define([TRIPECTL], [$abs_top_builddir/client/tripectl -d. -aadmin])
m4_define([USLIP], [$abs_top_builddir/uslip/tripe-uslip])
-m4_define([PKSTREAM],
- [$abs_top_builddir/pkstream/pkstream -b127.0.0.1 -p127.0.0.1])
m4_define([MITM], [$abs_top_builddir/proxy/tripe-mitm])
+m4_define([BULKTEST],
+ [$abs_top_builddir/server/tripe-test \
+ ${TRIPE_TEST_TRACEOPTS+-T$TRIPE_TEST_TRACEOPTS}])
## WITH_STRACE(tag, cmd)
##
for p in alice bob carol; do (mkdir $p; cd $p; SETUPDIR([alpha])); done
-## WITH_PKSTREAM(adir, aport, bdir, bport, body)
-m4_define([WITH_PKSTREAM], [
- echo >&2 "pkstream: $1 <--> :$2 <-pkstream-> :$4 <--> $3"
- PKSTREAM -l$4 127.0.0.1:$4 127.0.0.1:$(cat $3/port)& pkstream_$3_$1=$!
+## WITH_MITM(adir, aport, bdir, bport, body)
+m4_define([WITH_MITM], [
+ echo >&2 "mitm: $1 <--> :$2 <-mitm-> :$4 <--> $3"
+ MITM -k$1/keyring.pub \
+ peer:$1:$2:127.0.0.1:$(cat $1/port) \
+ peer:$3:$4:127.0.0.1:$(cat $3/port) \
+ filt:send& mitmpid_$1_$3=$!
+ trap 'kill $mitmpid_$1_$3; exit 127' EXIT INT QUIT TERM HUP
sleep 1
- PKSTREAM -c127.0.0.1:$4 127.0.0.1:$2 127.0.0.1:$(cat $1/port)&
- pkstream_$1_$3=$!
- set +x
$5
- kill $pkstream_$3_$1 $pkstream_$1_$3
+ kill $mitmpid_$1_$3; trap - EXIT INT QUIT TERM HUP
])
WITH_3TRIPES([alice], [bob], [carol], [-nslip],
## We need an indirection layer between the two peers so that we can
## simulate the effects of NAT remapping. The nearest thing we have to
- ## this is pkstream, so we may as well use that.
+ ## this is the mitm proxy, so we may as well use that.
##
- ## alice <--> :5311 <-pkstream-> :5312 <--> bob
- ## alice <--> :5321 <-pkstream-> :5322 <--> carol
+ ## alice <--> :5311 <-mitm-> :5312 <--> bob
+ ## alice <--> :5321 <-mitm-> :5322 <--> carol
- WITH_PKSTREAM([alice], [5311], [bob], [5312], [
+ WITH_MITM([alice], [5311], [bob], [5312], [
ESTABLISH([alice], [alice], [], [bob], [bob], [-mobile], [5312], [5311])
])
- WITH_PKSTREAM([alice], [5319], [bob], [5312], [
+ WITH_MITM([alice], [5319], [bob], [5312], [
COMMS_EPING([bob], [bob], [alice], [alice])
COMMS_SLIP([bob], [bob], [alice], [alice])
])
- WITH_PKSTREAM([alice], [5321], [carol], [5322], [
+ WITH_MITM([alice], [5321], [carol], [5322], [
ESTABLISH([alice], [alice], [], [carol], [carol], [-mobile],
[5322], [5321])
])
- WITH_PKSTREAM([alice], [5311], [bob], [5312], [
- WITH_PKSTREAM([alice], [5321], [carol], [5322], [
+ WITH_MITM([alice], [5311], [bob], [5312], [
+ WITH_MITM([alice], [5321], [carol], [5322], [
COMMS_EPING([bob], [bob], [alice], [alice])
COMMS_EPING([carol], [carol], [alice], [alice])
COMMS_SLIP([bob], [bob], [alice], [alice])
COMMS_SLIP([carol], [carol], [alice], [alice])
])])
- WITH_PKSTREAM([alice], [5321], [bob], [5312], [
- WITH_PKSTREAM([alice], [5311], [carol], [5322], [
+ WITH_MITM([alice], [5321], [bob], [5312], [
+ WITH_MITM([alice], [5311], [carol], [5322], [
COMMS_EPING([bob], [bob], [alice], [alice])
COMMS_EPING([carol], [carol], [alice], [alice])
COMMS_SLIP([bob], [bob], [alice], [alice])
AT_CLEANUP
+###--------------------------------------------------------------------------
+### Knock and bye.
+
+AT_SETUP([server knock])
+AT_KEYWORDS([knock])
+export TRIPE_SLIPIF=USLIP
+
+for i in alice bob; do (mkdir $i; cd $i; SETUPDIR([gamma])); done
+
+WITH_2TRIPES([alice], [bob], [-nslip], [-talice], [-tbob], [
+ WITH_MITM([alice], [5311], [bob], [5312], [
+
+ COPROCESSES([wait-knock], [
+ echo WATCH +n
+ while read line; do
+ set x $line; shift
+ echo >&2 ">>> $line"
+ case "$1:$2:$3" in
+ OK::) ;;
+ NOTE:KNOCK:bob) shift 3; echo "$*" >knock-addr; break ;;
+ NOTE:* | TRACE:* | WARN:*) ;;
+ *) exit 63 ;;
+ esac
+ done
+ ], [
+ TRIPECTL -dalice
+ ])& waiter=$!
+
+ AT_CHECK([TRIPECTL -dbob ADD -knock bob alice INET 127.0.0.1 5312])
+
+ wait $waiter; waitrc=$?
+ AT_CHECK([echo $waitrc],, [0[]nl])
+ AT_CHECK([cat knock-addr],, [INET 127.0.0.1 5311[]nl])
+
+ AWAIT_KXDONE([alice], [alice], [bob], [bob], [
+ AT_CHECK([TRIPECTL -dalice ADD -ephemeral bob INET 127.0.0.1 5311])
+ ])
+
+ COMMS_EPING([alice], [alice], [bob], [bob])
+ COMMS_SLIP([alice], [alice], [bob], [bob])
+ ])
+
+ WITH_MITM([alice], [5319], [bob], [5312], [
+ AWAIT_KXDONE([alice], [alice], [bob], [bob], [
+ AT_CHECK([TRIPECTL -dalice FORCEKX bob])
+ AT_CHECK([TRIPECTL -dbob FORCEKX alice])
+ ])
+
+ AT_CHECK([TRIPECTL -dbob KILL alice])
+ AT_CHECK([TRIPECTL -dalice LIST],, [])
+ ])
+])
+
+AT_CLEANUP
+
+###--------------------------------------------------------------------------
+### Key-exchange ad bulk crypto round trip.
+
+AT_SETUP([server roundtrip])
+AT_KEYWORDS([roundtrip])
+
+while read label genalg paramalg spec; do
+ paramopts=${spec%--*} attrs=${spec#*--}
+ key -kkeyring.$label add -a$paramalg -eforever $paramopts -tparam tripe-param $attrs
+ key -kkeyring.$label add -a$genalg -pparam -eforever -talice tripe
+ key -kkeyring.$label extract -f-secret keyring.$label-pub
+ { sh -c "echo $$"; date; } >msg
+ AT_CHECK([BULKTEST -kkeyring.$label -talice \
+ ies-encrypt 99 "$(cat msg)nl"], [0], [stdout], [stderr])
+ cp msg expout; mv stdout ct
+ AT_CHECK([BULKTEST -kkeyring.$label -talice \
+ ies-decrypt 99 "$(cat ct)"], [0], [expout], [stderr])
+done <<EOF
+vanilla dh dh-param -Ccatacomb-ll-256-3072 --
+suite-b ec ec-param -Cnist-p256 -- kx-group=ec bulk=iiv cipher=rijndael-counter hash=sha256
+djb x25519 empty -- kx-group=x25519 bulk=naclbox cipher=salsa20
+fancy x448 empty -- kx-group=x448 bulk=aead cipher=chacha20-poly1305 hash=shake256 mgf=shake256-xof
+weird x25519 empty -- kx-group=x25519 bulk=aead cipher=blowfish-ocb3 hash=sha256 tagsz=48
+terrible ec ec-param -Csecp112r1 -- kx-group=ec bulk=aead cipher=des-ccm mac=aead/16
+EOF
+
+AT_CLEANUP
+
###----- That's all, folks --------------------------------------------------
~mdw / tripe / blobdiff