test: transport encryption

Old tests were no longer working because go-libp2p 0.19 removed the undocumented 'ls' pseudoprotocol. This replaces these tests with handshake attempt (name is echoed back on OK or 'na' is returned when protocol is not available) for tls and noise variants + adds explicit test that safeguards us against enabling plaintext by default by a mistake.
ipfs · Apr 28, 2022 · 39047bc · 39047bc
1 parent e49e30d
commit 39047bc
Show file tree

Hide file tree

Showing 6 changed files with 27 additions and 7 deletions.
diff --git a/test/sharness/t0060-daemon.sh b/test/sharness/t0060-daemon.sh
@@ -125,11 +125,26 @@ test_expect_success "ipfs help output looks good" '
   test_fsh cat help.txt
 '
 
-# check transport is encrypted
-test_expect_success SOCAT "transport should be encrypted ( needs socat )" '
-  socat - tcp:localhost:$SWARM_PORT,connect-timeout=1 > swarmnc < ../t0060-data/mss-ls &&
+# check transport is encrypted by default and no plaintext is allowed
+
+test_expect_success SOCAT "default transport should support encryption (TLS, needs socat )" '
+  socat - tcp:localhost:$SWARM_PORT,connect-timeout=1 > swarmnc < ../t0060-data/mss-tls &&
   grep -q "/tls" swarmnc &&
-  test_must_fail grep -q "/plaintext/1.0.0" swarmnc ||
+  test_must_fail grep -q "na" swarmnc ||
+  test_fsh cat swarmnc
+'
+
+test_expect_success SOCAT "default transport should support encryption (Noise, needs socat )" '
+  socat - tcp:localhost:$SWARM_PORT,connect-timeout=1 > swarmnc < ../t0060-data/mss-noise &&
+  grep -q "/noise" swarmnc &&
+  test_must_fail grep -q "na" swarmnc ||
+  test_fsh cat swarmnc
+'
+
+test_expect_success SOCAT "default transport should not support plaintext (needs socat )" '
+  socat - tcp:localhost:$SWARM_PORT,connect-timeout=1 > swarmnc < ../t0060-data/mss-plaintext &&
+  grep -q "na" swarmnc &&
+  test_must_fail grep -q "/plaintext" swarmnc ||
   test_fsh cat swarmnc
 '
 

diff --git a/test/sharness/t0060-data/mss-ls → test/sharness/t0060-data/mss-noise b/test/sharness/t0060-data/mss-ls → test/sharness/t0060-data/mss-noise
@@ -1,2 +1,2 @@
 /multistream/1.0.0
-ls
+/noise
diff --git a/test/sharness/t0060-data/mss-plaintext b/test/sharness/t0060-data/mss-plaintext
@@ -0,0 +1,2 @@
+/multistream/1.0.0
+/plaintext/2.0.0
diff --git a/test/sharness/t0060-data/mss-tls b/test/sharness/t0060-data/mss-tls
@@ -0,0 +1,2 @@
+/multistream/1.0.0
+/tls/1.0.0
diff --git a/test/sharness/t0061-daemon-opts.sh b/test/sharness/t0061-daemon-opts.sh
@@ -18,8 +18,9 @@ apiaddr=$API_ADDR
 
 # Odd. this fails here, but the inverse works on t0060-daemon.
 test_expect_success SOCAT 'transport should be unencrypted ( needs socat )' '
-  socat - tcp:localhost:$SWARM_PORT,connect-timeout=1 > swarmnc < ../t0060-data/mss-ls &&
-  grep -q "/plaintext" swarmnc ||
+  socat - tcp:localhost:$SWARM_PORT,connect-timeout=1 > swarmnc < ../t0060-data/mss-plaintext &&
+  grep -q "/plaintext" swarmnc &&
+  test_must_fail grep -q "na" swarmnc ||
   test_fsh cat swarmnc
 '
 

diff --git a/test/sharness/t0280-plugin-dag-jose.sh b/test/sharness/t0280-plugin-dag-jose.sh