test: transport encryption

lidel · lidel · commit 39047bcf6116 · 2022-04-28T15:50:03.000+02:00
Old tests were no longer working because go-libp2p 0.19 removed
the undocumented 'ls' pseudoprotocol.

This replaces these tests with handshake attempt (name is echoed back on
OK or 'na' is returned when protocol is not available) for tls and noise
variants + adds explicit test that safeguards us against enabling
plaintext by default by a mistake.
diff --git a/test/sharness/t0060-daemon.sh b/test/sharness/t0060-daemon.sh
@@ -125,11 +125,26 @@ test_expect_success "ipfs help output looks good" '
   test_fsh cat help.txt
 '
 
-# check transport is encrypted
-test_expect_success SOCAT "transport should be encrypted ( needs socat )" '
-  socat - tcp:localhost:$SWARM_PORT,connect-timeout=1 > swarmnc < ../t0060-data/mss-ls &&
+# check transport is encrypted by default and no plaintext is allowed
+
+test_expect_success SOCAT "default transport should support encryption (TLS, needs socat )" '
+  socat - tcp:localhost:$SWARM_PORT,connect-timeout=1 > swarmnc < ../t0060-data/mss-tls &&
   grep -q "/tls" swarmnc &&
-  test_must_fail grep -q "/plaintext/1.0.0" swarmnc ||
+  test_must_fail grep -q "na" swarmnc ||
+  test_fsh cat swarmnc
+'
+
+test_expect_success SOCAT "default transport should support encryption (Noise, needs socat )" '
+  socat - tcp:localhost:$SWARM_PORT,connect-timeout=1 > swarmnc < ../t0060-data/mss-noise &&
+  grep -q "/noise" swarmnc &&
+  test_must_fail grep -q "na" swarmnc ||
+  test_fsh cat swarmnc
+'
+
+test_expect_success SOCAT "default transport should not support plaintext (needs socat )" '
+  socat - tcp:localhost:$SWARM_PORT,connect-timeout=1 > swarmnc < ../t0060-data/mss-plaintext &&
+  grep -q "na" swarmnc &&
+  test_must_fail grep -q "/plaintext" swarmnc ||
   test_fsh cat swarmnc
 '
 
diff --git a/test/sharness/t0060-data/mss-noise b/test/sharness/t0060-data/mss-noise
@@ -1,2 +1,2 @@
 /multistream/1.0.0
-ls
+/noise
diff --git a/test/sharness/t0060-data/mss-plaintext b/test/sharness/t0060-data/mss-plaintext
@@ -0,0 +1,2 @@
+/multistream/1.0.0
+/plaintext/2.0.0
diff --git a/test/sharness/t0060-data/mss-tls b/test/sharness/t0060-data/mss-tls
@@ -0,0 +1,2 @@
+/multistream/1.0.0
+/tls/1.0.0
diff --git a/test/sharness/t0061-daemon-opts.sh b/test/sharness/t0061-daemon-opts.sh
@@ -18,8 +18,9 @@ apiaddr=$API_ADDR
 
 # Odd. this fails here, but the inverse works on t0060-daemon.
 test_expect_success SOCAT 'transport should be unencrypted ( needs socat )' '
-  socat - tcp:localhost:$SWARM_PORT,connect-timeout=1 > swarmnc < ../t0060-data/mss-ls &&
-  grep -q "/plaintext" swarmnc ||
+  socat - tcp:localhost:$SWARM_PORT,connect-timeout=1 > swarmnc < ../t0060-data/mss-plaintext &&
+  grep -q "/plaintext" swarmnc &&
+  test_must_fail grep -q "na" swarmnc ||
   test_fsh cat swarmnc
 '
 
diff --git a/test/sharness/t0280-plugin-dag-jose.sh b/test/sharness/t0280-plugin-dag-jose.sh

Original file line number	Diff line number	Diff line change
`@@ -1,2 +1,2 @@`
`1`	`1`	`/multistream/1.0.0`
`2`		`-ls`
	`2`	`+/noise`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+/multistream/1.0.0`
	`2`	`+/plaintext/2.0.0`