From 39047bcf61163096d1c965283d671c7c487c9173 Mon Sep 17 00:00:00 2001 From: Marcin Rataj Date: Wed, 27 Apr 2022 00:46:11 +0200 Subject: [PATCH] test: transport encryption Old tests were no longer working because go-libp2p 0.19 removed the undocumented 'ls' pseudoprotocol. This replaces these tests with handshake attempt (name is echoed back on OK or 'na' is returned when protocol is not available) for tls and noise variants + adds explicit test that safeguards us against enabling plaintext by default by a mistake. --- test/sharness/t0060-daemon.sh | 23 +++++++++++++++---- .../sharness/t0060-data/{mss-ls => mss-noise} | 2 +- test/sharness/t0060-data/mss-plaintext | 2 ++ test/sharness/t0060-data/mss-tls | 2 ++ test/sharness/t0061-daemon-opts.sh | 5 ++-- test/sharness/t0280-plugin-dag-jose.sh | 0 6 files changed, 27 insertions(+), 7 deletions(-) rename test/sharness/t0060-data/{mss-ls => mss-noise} (71%) create mode 100644 test/sharness/t0060-data/mss-plaintext create mode 100644 test/sharness/t0060-data/mss-tls mode change 100644 => 100755 test/sharness/t0280-plugin-dag-jose.sh diff --git a/test/sharness/t0060-daemon.sh b/test/sharness/t0060-daemon.sh index e04060e45c8..d448e035b46 100755 --- a/test/sharness/t0060-daemon.sh +++ b/test/sharness/t0060-daemon.sh @@ -125,11 +125,26 @@ test_expect_success "ipfs help output looks good" ' test_fsh cat help.txt ' -# check transport is encrypted -test_expect_success SOCAT "transport should be encrypted ( needs socat )" ' - socat - tcp:localhost:$SWARM_PORT,connect-timeout=1 > swarmnc < ../t0060-data/mss-ls && +# check transport is encrypted by default and no plaintext is allowed + +test_expect_success SOCAT "default transport should support encryption (TLS, needs socat )" ' + socat - tcp:localhost:$SWARM_PORT,connect-timeout=1 > swarmnc < ../t0060-data/mss-tls && grep -q "/tls" swarmnc && - test_must_fail grep -q "/plaintext/1.0.0" swarmnc || + test_must_fail grep -q "na" swarmnc || + test_fsh cat swarmnc +' + +test_expect_success SOCAT "default transport should support encryption (Noise, needs socat )" ' + socat - tcp:localhost:$SWARM_PORT,connect-timeout=1 > swarmnc < ../t0060-data/mss-noise && + grep -q "/noise" swarmnc && + test_must_fail grep -q "na" swarmnc || + test_fsh cat swarmnc +' + +test_expect_success SOCAT "default transport should not support plaintext (needs socat )" ' + socat - tcp:localhost:$SWARM_PORT,connect-timeout=1 > swarmnc < ../t0060-data/mss-plaintext && + grep -q "na" swarmnc && + test_must_fail grep -q "/plaintext" swarmnc || test_fsh cat swarmnc ' diff --git a/test/sharness/t0060-data/mss-ls b/test/sharness/t0060-data/mss-noise similarity index 71% rename from test/sharness/t0060-data/mss-ls rename to test/sharness/t0060-data/mss-noise index ce39aa9990a..f9d349802e6 100644 --- a/test/sharness/t0060-data/mss-ls +++ b/test/sharness/t0060-data/mss-noise @@ -1,2 +1,2 @@ /multistream/1.0.0 -ls +/noise diff --git a/test/sharness/t0060-data/mss-plaintext b/test/sharness/t0060-data/mss-plaintext new file mode 100644 index 00000000000..e6057b493ef --- /dev/null +++ b/test/sharness/t0060-data/mss-plaintext @@ -0,0 +1,2 @@ +/multistream/1.0.0 +/plaintext/2.0.0 diff --git a/test/sharness/t0060-data/mss-tls b/test/sharness/t0060-data/mss-tls new file mode 100644 index 00000000000..92294bb5b01 --- /dev/null +++ b/test/sharness/t0060-data/mss-tls @@ -0,0 +1,2 @@ +/multistream/1.0.0 + /tls/1.0.0 diff --git a/test/sharness/t0061-daemon-opts.sh b/test/sharness/t0061-daemon-opts.sh index 108fe75abce..531d2d247a5 100755 --- a/test/sharness/t0061-daemon-opts.sh +++ b/test/sharness/t0061-daemon-opts.sh @@ -18,8 +18,9 @@ apiaddr=$API_ADDR # Odd. this fails here, but the inverse works on t0060-daemon. test_expect_success SOCAT 'transport should be unencrypted ( needs socat )' ' - socat - tcp:localhost:$SWARM_PORT,connect-timeout=1 > swarmnc < ../t0060-data/mss-ls && - grep -q "/plaintext" swarmnc || + socat - tcp:localhost:$SWARM_PORT,connect-timeout=1 > swarmnc < ../t0060-data/mss-plaintext && + grep -q "/plaintext" swarmnc && + test_must_fail grep -q "na" swarmnc || test_fsh cat swarmnc ' diff --git a/test/sharness/t0280-plugin-dag-jose.sh b/test/sharness/t0280-plugin-dag-jose.sh old mode 100644 new mode 100755