###
### This file is part of Trivial IP Encryption (TrIPE).
###
-### TrIPE is free software; you can redistribute it and/or modify
-### it under the terms of the GNU General Public License as published by
-### the Free Software Foundation; either version 2 of the License, or
-### (at your option) any later version.
+### TrIPE is free software: you can redistribute it and/or modify it under
+### the terms of the GNU General Public License as published by the Free
+### Software Foundation; either version 3 of the License, or (at your
+### option) any later version.
###
-### TrIPE is distributed in the hope that it will be useful,
-### but WITHOUT ANY WARRANTY; without even the implied warranty of
-### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-### GNU General Public License for more details.
+### TrIPE is distributed in the hope that it will be useful, but WITHOUT
+### ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+### FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+### for more details.
###
### You should have received a copy of the GNU General Public License
-### along with TrIPE; if not, write to the Free Software Foundation,
-### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+### along with TrIPE. If not, see <https://www.gnu.org/licenses/>.
m4_define([nl], [
])
m4_define([AWAIT_KXDONE], [
## Ignore some reports caused by races.
- for d in $1 $3; do
+ for i in $1!$4 $3!$2; do
+ d=${i%!*} o=${i#*!}
TRIPECTL -d$d WARN test PUSH
- TRIPECTL -d$d WARN test IGNORE WARN KX $2 incorrect cookie
- TRIPECTL -d$d WARN test IGNORE WARN KX $2 unexpected pre-challenge
- TRIPECTL -d$d WARN test IGNORE WARN KX $2 unexpected challenge
+ TRIPECTL -d$d WARN test IGNORE WARN KX $o incorrect cookie
+ TRIPECTL -d$d WARN test IGNORE WARN KX $o unexpected pre-challenge
+ TRIPECTL -d$d WARN test IGNORE WARN KX $o unexpected challenge
done
## Watch for the key-exchange completion announcement in the background.
case "$[]1:$[]2:$[]3" in
OK::) ;;
NOTE:KXDONE:$4) break ;;
- NOTE:*) ;;
+ NOTE:* | TRACE:* | WARN:*) ;;
*) exit 63 ;;
esac
done
ESTABLISH([alice], [not-alice], [-key alice],
[bob], [bob], [])
])
+ for p in alice bob; do rm -rf $p.$k; mv $p $p.$k; done
done
AT_CLEANUP
## Set up the evil proxy.
alicemitm=24516 bobmitm=14016
- MITM -kalice/keyring.pub >mitm.out 2>mitm.err \
- peer:alice:$alicemitm:127.0.0.1:$(cat alice/port) \
- peer:bob:$bobmitm:127.0.0.1:$(cat bob/port) \
- filt:drop:5 filt:send& mitmpid=$!
- strace -omitm.trace -p$mitmpid& mitmtrace=$!
- trap 'kill $mitmpid $mitmtrace; exit 127' EXIT INT QUIT TERM HUP
+ mknod pipe-mitmpid p
+ WITH_STRACE([mitm],
+ [sh -c 'echo $$ >pipe-mitmpid; exec "$@"' - \
+ MITM -kalice/keyring.pub >mitm.out 2>mitm.err \
+ peer:alice:$alicemitm:127.0.0.1:$(cat alice/port) \
+ peer:bob:$bobmitm:127.0.0.1:$(cat bob/port) \
+ filt:drop:5 filt:send])&
+ read mitmpid <pipe-mitmpid
+ trap 'kill $mitmpid; exit 127' EXIT INT QUIT TERM HUP
+ exec 3>&-
## Try to establish keys anyway.
AWAIT_KXDONE([alice], [alice], [bob], [bob], [
## Tear down the MITM proxy.
kill $mitmpid
- wait $mitmpid
- wait $mitmtrace
])
AT_CLEANUP
for p in $princs; do TRIPECTL -d$p RELOAD; done
AT_DATA([algs-alpha], [dnl
-kx-group=ec kx-group-order-bits=256 kx-group-elt-bits=512
-hash=rmd160 mgf=rmd160-mgf hash-sz=20
-bulk-transform=v0 bulk-overhead=22
-cipher=blowfish-cbc cipher-keysz=20 cipher-blksz=8
-cipher-data-limit=67108864
-mac=rmd160-hmac mac-keysz=20 mac-tagsz=10
+kx-group=curve25519 kx-group-order-bits=252 kx-group-elt-bits=255
+hash=sha256 mgf=sha256-mgf hash-sz=32
+bulk-transform=naclbox bulk-overhead=20
+cipher=chacha20 cipher-keysz=32
+mac=poly1305 mac-tagsz=16
+cipher-data-limit=2147483648
])
AT_DATA([algs-beta-old], [dnl
hash=rmd160 mgf=rmd160-mgf hash-sz=20
bulk-transform=v0 bulk-overhead=22
cipher=blowfish-cbc cipher-keysz=20 cipher-blksz=8
-cipher-data-limit=67108864
mac=rmd160-hmac mac-keysz=20 mac-tagsz=10
+cipher-data-limit=67108864
])
AT_DATA([algs-beta-new], [dnl
hash=rmd160 mgf=rmd160-mgf hash-sz=20
bulk-transform=iiv bulk-overhead=14
cipher=blowfish-cbc cipher-keysz=20 cipher-blksz=8
-cipher-data-limit=67108864
mac=rmd160-hmac mac-keysz=20 mac-tagsz=10
blkc=blowfish blkc-keysz=20 blkc-blksz=8
+cipher-data-limit=67108864
])
cp algs-alpha expout; AT_CHECK([TRIPECTL -dalice ALGS],, [expout])