From: Mark Wooding Date: Thu, 28 Apr 2022 15:22:01 +0000 (+0100) Subject: Merge remote-tracking branch 'origin/mdw/master.found-crybaby' X-Git-Url: https://git.distorted.org.uk/~mdw/tripe/commitdiff_plain/5891679d126ad426ed4250aeec75901bc854bf41?hp=9bde278981525e565c9a7edfd3f03c76a0020e73 Merge remote-tracking branch 'origin/mdw/found-crybaby' * origin/mdw/master.found-crybaby: server/bulkcrypto.c: Document the procedures for producing challenges. server/chal.c: Add a missing blank line. server/tripe-admin.5.in: Place the blame correctly for a couple of errors. svc/connect.8.in: Fix message formatting. server/tripe-admin.5.in: Remove incorrect blame on Catacomb. server/tripe-admin.5.in: Improve some clumsy wording. server/tripe-admin.5.in: Add cross-reference for ECODE and MESSAGE. server/tripe-admin.5.in: Add missing origin-command notes to errors. server/tripe-admin.5.in: Use gender-neutral pronouns. server/bulkcrypto.c: Fix description comment for AEAD schemes. py/tripe.py.in: Raise an error if a command token contains a newline. --- diff --git a/common/defs.man b/common/defs.man index 161f4e3b..74752a9f 100644 --- a/common/defs.man +++ b/common/defs.man @@ -32,6 +32,9 @@ . ds se \d\s0 . if \n(.g \{\ . fam P +. ev an-1 +. fam P +. ev . \} .\} .el \{\ diff --git a/keys/tripe-keys.conf.5.in b/keys/tripe-keys.conf.5.in index ce40baf3..225ee678 100644 --- a/keys/tripe-keys.conf.5.in +++ b/keys/tripe-keys.conf.5.in @@ -76,58 +76,58 @@ The fingerprint of the signing key identified by .BR @MASTER-SEQUENCE@ . .SS "Master repository parameters" .TP -.I base-url +.B base-url The base URL of the key repository (usually with a trailing .RB ` / '). Typically, this will be something like -.RB http://www.distorted.org.uk/vpn/ . +.RB ` http://www.distorted.org.uk/vpn/ '. No default. .TP -.I repos-base +.B repos-base The basename for the repository archive. Default is -.BR tripe-keys.tar.gz . +.RB ` tripe-keys.tar.gz '. .TP -.I sig-base +.B sig-base The basename template for repository signatures. Default is -.BR tripe-keys.sig- . +.RB ` tripe-keys.sig- '. The .RB ` ' portion, if any, is replaced by the sequence number of the key which made the signature. .TP -.I repos-url +.B repos-url The URL for the key repository tarball. Default is the concatenation of .I base-url and .IR repos-base . .TP -.I sig-url +.B sig-url The URL template for key repository signatures. Default is the concatenation of .I base-url and .IR sig-base . .TP -.I master-sequence +.B master-sequence The sequence number of the master authority's current signing key. No default. Usually set up automatically. .TP -.I master-keygen-flags +.B master-keygen-flags Additional options for generating master keys. Default is -.RB ` -l '. +.RB ` \-l '. .TP -.I master-attrs +.B master-attrs Additional attributes to set on the master key, as .IB key = value pairs separated by spaces. Default is empty. .TP -.I hk-master +.B hk-master The fingerprint of the current master signing key. No default. Usually set up automatically. .TP -.I upload-hook +.B upload-hook A shell command to run by .B tripe-keys upload after it has successfully written the @@ -135,21 +135,21 @@ after it has successfully written the and .IR sig-file s. Default is -.B ": run upload hook" +.RB ` ": run upload hook" ' which does nothing. .SS "Crypto parameters" .TP -.I kx +.B kx Key-exchange algorithm to use. Either .B dh (integer Diffie-Hellman) or .B ec (elliptic curves). The default is -.BR dh . +.RB ` dh '. .ne 9 .TP -.I kx-genalg +.B kx-genalg Key generation algorithm name to pass to .B "key add" when generating keys. @@ -171,7 +171,7 @@ _ .TE .ne 9 .TP -.I kx-param-genalg +.B kx-param-genalg Key generation algorithm name to pass to .B "key add" when generating the parameters key. @@ -193,7 +193,7 @@ _ .TE .ne 9 .TP -.I kx-param +.B kx-param Options to pass to .B "key add" when generating the parameters key. Default depends on @@ -214,7 +214,7 @@ _ .TE .ne 9 .TP -.I kx-attrs +.B kx-attrs Additional attributes to set on the parameters (and therefore copied to peer keys), as @@ -237,21 +237,21 @@ x448 \fIempty _ .TE .TP -.I kx-expire +.B kx-expire Expiry time for generated keys. Default is -.BR "now + 1 year" . +.RB ` "now + 1 year" '. .TP -.I hash +.B hash Hashing algorithm to use. Default is -.BR sha256 . +.RB ` sha256 '. .TP -.I bulk +.B bulk The bulk crypto transform to use. Default is -.BR iiv . +.RB ` iiv '. .ne 8 .TP -.I mac +.B mac Message authentication algorithm to use. Default depends on .I bulk @@ -264,7 +264,7 @@ _ bulk mac _ v0 \fIhash\fB-hmac/\fIhalfhashlen -iiv \fIhash\fB-hmac/\fIhalfhashlenrijndael-cbc +iiv \fIhash\fB-hmac/\fIhalfhashlen naclbox poly1305/128 _ .TE @@ -275,13 +275,13 @@ is half of .IR hash 's output length.) .TP -.I mgf +.B mgf Mask-generation algorithm to use. Default is -.IB hash -mgf \fR. +.BI \fR` hash -mgf \fR'. This is probably a good choice. .ne 7 .TP -.I cipher +.B cipher Symmetric encryption scheme to use. Default depends on .I bulk @@ -300,7 +300,7 @@ _ .TE .ne 8 .TP -.I sig +.B sig Signature scheme to use. Must be one of those recognized by .BR catsign (1). Default depends on @@ -321,7 +321,7 @@ _ .TE .ne 12 .TP -.I sig-genalg +.B sig-genalg Key-generation algorithm for signing key. Default depends on .I sig as follows. @@ -344,7 +344,7 @@ _ .TE .ne 10 .TP -.I sig-param +.B sig-param Signature-key generation parameters. Default depends on .I sig-genalg as follows. @@ -364,49 +364,49 @@ ed448 \fInone _ .TE .TP -.I sig-hash +.B sig-hash Hash function to use for making signatures. Default is .IR hash . .TP -.I sig-fresh +.B sig-fresh Oldest time we should consider a signed archive to be fresh. Default is -.BR always , +.RB ` always ', meaning that all signatures are fresh. .TP -.I sig-expire +.B sig-expire Expiry time for master signing key. Default is -.BR forever . +.RB ` forever '. .TP -.I fingerprint-hash +.B fingerprint-hash Hash function to use for key fingerprinting. Default is .IR hash . .SS "Master maintenance parameters" .TP -.I base-dir +.B base-dir Local base directory for the repository files. This probably ought to end in a .RB ` / ' character. Unexpected files in this directory will be removed by the -.B tripe-keys upload +.RB ` "tripe-keys upload" ' command. No default. .TP -.I repos-file +.B repos-file Filename for local repository tarball. Default is the concatenation of .I base-dir and .IB repos-base . .TP -.I sig-file +.B sig-file Template for repository signatures. Default is the concatenation of .I base-dir and .IR sig-base . .TP -.I conf-file +.B conf-file Filename for local repository configuration file. Default is -.IB basedir /tripe-keys.conf \fR. +.BI \fR` basedir /tripe-keys.conf \fR'. .TP -.I kx-warn-days +.B kx-warn-days The .B "tripe-keys check" command will warn about keys which will in less than diff --git a/peerdb/peers.in.5.in b/peerdb/peers.in.5.in index d638b078..c128a4ed 100644 --- a/peerdb/peers.in.5.in +++ b/peerdb/peers.in.5.in @@ -326,7 +326,7 @@ Firstly, if there is a key .B auto in the section (or in its parent, etc.), and the value is .BR y , -.BR yes . +.BR yes , .BR t , .BR true , .BR 1 , diff --git a/peerdb/tripe-newpeers.in b/peerdb/tripe-newpeers.in index f3aed823..39529531 100644 --- a/peerdb/tripe-newpeers.in +++ b/peerdb/tripe-newpeers.in @@ -460,9 +460,9 @@ class ConfigSection (object): path.append(me.name) try: - ## If we've been this way before on another pass through then return the - ## value we found then. If we're still thinking about it then we've - ## found a cycle. + ## If we've been this way before on another pass through then return + ## the value we found then. If we're still thinking about it then + ## we've found a cycle. try: v, p = me._cache[key] except KeyError: pass else: diff --git a/server/admin.c b/server/admin.c index b661e62e..221b249e 100644 --- a/server/admin.c +++ b/server/admin.c @@ -1593,7 +1593,7 @@ static void a_ping(admin *a, unsigned ac, char *av[], return; bad_syntax: - a_fail(a, "bad-syntax", "%s", cmd, "[OPTIONS] PEER", cmd, A_END); + a_fail(a, "bad-syntax", "%s", cmd, "[OPTIONS] PEER", A_END); fail: if (pg) xfree(pg); return; diff --git a/server/tests.at b/server/tests.at index 5f8377a0..ef2039ae 100644 --- a/server/tests.at +++ b/server/tests.at @@ -112,7 +112,7 @@ $3 ## End of the test, now run the server. ) && :; } | { cd $1 - echo TRIPE $2 >&2 + echo "TRIPE $2" >&2 WITH_STRACE([tripe], [TRIPE $2 >server-output.full 2>server-errors.full]) stat=$? echo $stat >server-status @@ -242,7 +242,7 @@ m4_define([AWAIT_KXDONE], [ ## Watch for the key-exchange completion announcement in the background. COPROCESSES([wait-$1], [ - echo WATCH +n + echo "WATCH +n" while read line; do set x $line; shift echo >&2 ">>> $line" @@ -320,7 +320,7 @@ m4_define([TRIPECTL_COMMAND], [ AT_SETUP([server basics]) SETUPDIR([alpha]) -AT_CHECK([echo port | TRIPE -p54321],, [INFO 54321[]nl[]OK[]nl]) +AT_CHECK([echo "port" | TRIPE -p54321],, [INFO 54321[]nl[]OK[]nl]) AT_CLEANUP ###-------------------------------------------------------------------------- @@ -338,7 +338,7 @@ WITH_TRIPE(, [ ## server chose the same key is negligible.) AT_CHECK([TRIPECTL checkchal AAAAAHyoOL+HMaE0Y9B3ivuszt0], [1],, [tripectl: invalid-challenge[]nl]) - echo WARN CHAL incorrect-tag >>expected-server-output + echo "WARN CHAL incorrect-tag" >>expected-server-output ## A duplicated challenge. AT_CHECK([ @@ -346,7 +346,7 @@ WITH_TRIPE(, [ TRIPECTL CHECKCHAL $chal TRIPECTL CHECKCHAL $chal ], [1],, [tripectl: invalid-challenge[]nl]) - echo WARN CHAL replay duplicated-sequence >>expected-server-output + echo "WARN CHAL replay duplicated-sequence" >>expected-server-output ## Out-of-order reception. There should be a window of 32 challenges; we ## make 33 and check them in a strange order. @@ -672,7 +672,7 @@ WITH_TRIPE(, [ ## Run a simple service. rm -f svc-test-running tripectl-status COPROCESSES([svc], [ - echo SVCCLAIM test 1.0.0 + echo "SVCCLAIM test 1.0.0" read line case "$line" in OK) @@ -682,19 +682,19 @@ WITH_TRIPE(, [ exit 1 ;; esac - echo ok >svc-test-running + echo "ok" >svc-test-running while read line; do set -- $line case "$[]1,$[]3,$[]4" in SVCJOB,test,HELP) - echo SVCINFO try not to use this service for anything useful - echo SVCOK $[]2 + echo "SVCINFO try not to use this service for anything useful" + echo "SVCOK $[]2" ;; SVCJOB,test,GOOD) - echo SVCOK $[]2 + echo "SVCOK $[]2" ;; SVCJOB,test,BAD) - echo SVCFAIL $[]2 this-command-always-fails + echo "SVCFAIL $[]2 this-command-always-fails" ;; SVCJOB,test,UGLY) tag=$2 @@ -713,11 +713,11 @@ WITH_TRIPE(, [ firsttag=$[]2 ;; SVCJOB,test,SECOND) - echo SVCOK $firsttag - echo SVCOK $[]2 + echo "SVCOK $firsttag" + echo "SVCOK $[]2" ;; SVCJOB,*) - echo SVCFAIL $[]2 unknown-svc-command $[]4 + echo "SVCFAIL $[]2 unknown-svc-command $[]4" ;; SVCCLAIM,*) break diff --git a/server/tripe-admin.5.in b/server/tripe-admin.5.in index e212b758..e637650a 100644 --- a/server/tripe-admin.5.in +++ b/server/tripe-admin.5.in @@ -614,9 +614,13 @@ line giving the tag for each outstanding background job. .BI "KILL " peer Causes the server to forget all about .IR peer . -All keys are destroyed, and no more packets are sent. No notification -is sent to the peer: if it's important that the peer be notified, you -must think of a way to do that yourself. +All keys are destroyed, and no more packets are sent. A +.B bye +message is sent to the peer if it's marked as +.B "\-ephemeral" +\(en see the +.B "ADD" +command. .SP .B "LIST" For each currently-known peer, an diff --git a/server/tripe.8.in b/server/tripe.8.in index 96d8896b..f65bb3f0 100644 --- a/server/tripe.8.in +++ b/server/tripe.8.in @@ -286,7 +286,11 @@ is a terrible idea. .TP .BI "\-T, \-\-trace=" trace-opts Allows the enabling or disabling of various internal diagnostics. See -below for the list of options. +the +.B TRACE +command in +.BR trace-admin (5) +for the list of options. .SS "Key exchange group types" The .B tripe diff --git a/svc/connect.in b/svc/connect.in index 268ad5fc..9dda65b3 100644 --- a/svc/connect.in +++ b/svc/connect.in @@ -451,7 +451,7 @@ class PingPeer (object): me._sabotage = False else: S.kill(me._peer) - except TripeError, e: + except T.TripeError, e: if e.args[0] == 'unknown-peer': me._pinger.kill(me._peer) def event(me, code, stuff): @@ -510,23 +510,26 @@ class PingPeer (object): def info(me): if not me._nping: - mean = sd = '-' + mean = sd = min = max = '-' else: - mean = me._sigma_t/me._nping - sd = sqrt(me._sigma_t2/me._nping - mean*mean) + meanval = me._sigma_t/me._nping + mean = '%.1fms' % meanval + sd = '%.1fms' % sqrt(me._sigma_t2/me._nping - meanval*meanval) + min = '%.1fms' % me._min + max = '%.1fms' % me._max n = me._nping + me._nlost if not n: pclost = '-' else: pclost = '%d' % ((100*me._nlost + n//2)//n) return { 'last-ping': me._last, - 'mean-ping': '%.1fms' % mean, - 'sd-ping': '%.1fms' % sd, + 'mean-ping': mean, + 'sd-ping': sd, 'n-ping': '%d' % me._nping, 'n-lost': '%d' % me._nlost, 'percent-lost': pclost, - 'min-ping': '%.1fms' % me._min, - 'max-ping': '%.1fms' % me._max, + 'min-ping': min, + 'max-ping': max, 'state': me._timer and 'idle' or 'check', - 'failures': me._failures } + 'failures': str(me._failures) } @T._callback def _time(me): @@ -966,7 +969,7 @@ def parse_options(): return opts ## Service table, for running manually. -service_info = [('connect', T.VERSION, { +service_info = [('connect', VERSION, { 'adopted': (0, 0, '', cmd_adopted), 'kick': (1, 1, 'PEER', cmd_kick), 'passive': (1, None, '[OPTIONS] USER', cmd_passive),