From 50c62f7235eacd3b88c59ead983e8be719fb7604 Mon Sep 17 00:00:00 2001
From: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri, 1 Apr 2022 16:00:09 +0200
Subject: [PATCH] Speed up the authentication protocol security tests.

The security test took 70 seconds, mainly because it consisted of
several subtests that each had to wait for a timeout to pass. Split it
into three tests; two for testing a MITM splicing connections between
tinc daemons using the legacy and SPTPS protocols, the remaining tests
are in a single shell script but now run in parallel.
---
 test/integration/meson.build          |  2 +
 test/integration/security-legacy.test | 88 +++++++++++++++++++++++++++
 test/integration/security-sptps.test  | 86 ++++++++++++++++++++++++++
 test/integration/security.test        | 77 +++--------------------
 4 files changed, 184 insertions(+), 69 deletions(-)
 create mode 100755 test/integration/security-legacy.test
 create mode 100755 test/integration/security-sptps.test

diff --git a/test/integration/meson.build b/test/integration/meson.build
index ef33b085..b32ea82e 100644
--- a/test/integration/meson.build
+++ b/test/integration/meson.build
@@ -7,6 +7,8 @@ tests = [
   'invite-offline.test',
   'invite-tinc-up.test',
   'security.test',
+  'security-legacy.test',
+  'security-sptps.test',
   'variables.test',
 ]
 
diff --git a/test/integration/security-legacy.test b/test/integration/security-legacy.test
new file mode 100755
index 00000000..7f036d35
--- /dev/null
+++ b/test/integration/security-legacy.test
@@ -0,0 +1,88 @@
+#!/bin/sh
+
+# shellcheck disable=SC1090
+. "$TESTLIB_PATH"
+
+echo [STEP] Skip this test if tools are missing
+
+command -v nc >/dev/null || exit "$EXIT_SKIP_TEST"
+command -v timeout >/dev/null || exit "$EXIT_SKIP_TEST"
+
+foo_port=30110
+bar_port=30111
+
+# usage: splice protocol_version
+splice() {
+  "$SPLICE_PATH" foo localhost $foo_port bar localhost $bar_port "$1" &
+  sleep 10
+}
+
+# usage: send_with_timeout "data to send" "data expected to receive"
+send_with_timeout() {
+  data=$1
+  expected=$3
+
+  result=$(
+    (
+      sleep 6
+      printf "%s\n" "$data"
+    ) | timeout 10 nc localhost $foo_port
+  ) && exit 1
+
+  test $? = "$EXIT_TIMEOUT"
+
+  if [ -z "$expected" ]; then
+    test -z "$result"
+  else
+    echo "$result" | grep -q "^$expected"
+  fi
+}
+
+echo [STEP] Initialize two nodes
+
+tinc foo <<EOF
+init foo
+set DeviceType dummy
+set Port $foo_port
+set Address localhost
+set PingTimeout 3
+set ExperimentalProtocol no
+set AutoConnect no
+set Subnet 10.96.96.1
+EOF
+
+tinc bar <<EOF
+init bar
+set DeviceType dummy
+set Port $bar_port
+set PingTimeout 3
+set MaxTimeout 3
+set ExperimentalProtocol no
+set AutoConnect no
+set Subnet 10.96.96.2
+EOF
+
+echo [STEP] Exchange host config files
+
+tinc foo export | tinc bar exchange | tinc foo import
+
+create_script foo subnet-up
+start_tinc foo
+wait_script foo subnet-up
+
+create_script bar subnet-up
+start_tinc bar
+wait_script bar subnet-up
+
+echo [STEP] No splicing allowed, legacy protocol
+
+splice 17.7
+pid=$!
+
+require_nodes foo 1
+require_nodes bar 1
+
+kill $pid
+
+tinc bar stop
+tinc foo stop
diff --git a/test/integration/security-sptps.test b/test/integration/security-sptps.test
new file mode 100755
index 00000000..b4b05432
--- /dev/null
+++ b/test/integration/security-sptps.test
@@ -0,0 +1,86 @@
+#!/bin/sh
+
+# shellcheck disable=SC1090
+. "$TESTLIB_PATH"
+
+echo [STEP] Skip this test if tools are missing
+
+command -v nc >/dev/null || exit "$EXIT_SKIP_TEST"
+command -v timeout >/dev/null || exit "$EXIT_SKIP_TEST"
+
+foo_port=30120
+bar_port=30121
+
+# usage: splice protocol_version
+splice() {
+  "$SPLICE_PATH" foo localhost $foo_port bar localhost $bar_port "$1" &
+  sleep 10
+}
+
+# usage: send_with_timeout "data to send" "data expected to receive"
+send_with_timeout() {
+  data=$1
+  expected=$3
+
+  result=$(
+    (
+      sleep 6
+      printf "%s\n" "$data"
+    ) | timeout 10 nc localhost $foo_port
+  ) && exit 1
+
+  test $? = "$EXIT_TIMEOUT"
+
+  if [ -z "$expected" ]; then
+    test -z "$result"
+  else
+    echo "$result" | grep -q "^$expected"
+  fi
+}
+
+echo [STEP] Initialize two nodes
+
+tinc foo <<EOF
+init foo
+set DeviceType dummy
+set Port $foo_port
+set Address localhost
+set PingTimeout 3
+set AutoConnect no
+set Subnet 10.96.96.1
+EOF
+
+tinc bar <<EOF
+init bar
+set DeviceType dummy
+set Port $bar_port
+set PingTimeout 3
+set MaxTimeout 3
+set AutoConnect no
+set Subnet 10.96.96.2
+EOF
+
+echo [STEP] Exchange host config files
+
+tinc foo export | tinc bar exchange | tinc foo import
+
+create_script foo subnet-up
+start_tinc foo
+wait_script foo subnet-up
+
+create_script bar subnet-up
+start_tinc bar
+wait_script bar subnet-up
+
+echo [STEP] No splicing allowed, SPTPS
+
+splice 17.7
+pid=$!
+
+require_nodes foo 1
+require_nodes bar 1
+
+kill $pid
+
+tinc bar stop
+tinc foo stop
diff --git a/test/integration/security.test b/test/integration/security.test
index fb783b06..a7efe7f0 100755
--- a/test/integration/security.test
+++ b/test/integration/security.test
@@ -9,13 +9,6 @@ command -v nc >/dev/null || exit "$EXIT_SKIP_TEST"
 command -v timeout >/dev/null || exit "$EXIT_SKIP_TEST"
 
 foo_port=30050
-bar_port=30051
-
-# usage: splice protocol_version
-splice() {
-  "$SPLICE_PATH" foo localhost $foo_port bar localhost $bar_port "$1" &
-  sleep 10
-}
 
 # usage: send_with_timeout "data to send" "data expected to receive"
 send_with_timeout() {
@@ -50,80 +43,26 @@ set AutoConnect no
 set Subnet 10.96.96.1
 EOF
 
-tinc bar <<EOF
-init bar
-set DeviceType dummy
-set Port $bar_port
-set PingTimeout 3
-set MaxTimeout 3
-set ExperimentalProtocol no
-set AutoConnect no
-set Subnet 10.96.96.2
-EOF
-
-echo [STEP] Exchange host config files
-
-tinc foo export | tinc bar exchange | tinc foo import
-
 create_script foo subnet-up
 start_tinc foo
 wait_script foo subnet-up
 
-create_script bar subnet-up
-start_tinc bar
-wait_script bar subnet-up
-
 echo "[STEP] No ID sent by responding node if we don't send an ID first, before the timeout"
-send_with_timeout "0 bar 17.7" ""
+send_with_timeout "0 bar 17.7" "" & job1=$!
 
 echo [STEP] ID sent if initiator sends first, but still tarpitted
-send_with_timeout "0 bar 17.7" "0 foo 17.7"
+send_with_timeout "0 bar 17.7" "0 foo 17.7" & job2=$!
 
 echo [STEP] No invalid IDs allowed
-send_with_timeout "0 foo 17.7" ""
-send_with_timeout "0 baz 17.7" ""
+send_with_timeout "0 foo 17.7" "" & job3=$!
+send_with_timeout "0 baz 17.7" "" & job4=$!
 
 echo [STEP] No NULL METAKEYs allowed
 data="0 foo 17.0\n1 0 672 0 0 834188619F4D943FD0F4B1336F428BD4AC06171FEABA66BD2356BC9593F0ECD643F0E4B748C670D7750DFDE75DC9F1D8F65AB1026F5ED2A176466FBA4167CC567A2085ABD070C1545B180BDA86020E275EA9335F509C57786F4ED2378EFFF331869B856DDE1C05C461E4EECAF0E2FB97AF77B7BC2AD1B34C12992E45F5D1254BBF0C3FB224ABB3E8859594A83B6CA393ED81ECAC9221CE6BC71A727BCAD87DD80FC0834B87BADB5CB8FD3F08BEF90115A8DF1923D7CD9529729F27E1B8ABD83C4CF8818AE10257162E0057A658E265610B71F9BA4B365A20C70578FAC65B51B91100392171BA12A440A5E93C4AA62E0C9B6FC9B68F953514AAA7831B4B2C31C4\n"
-send_with_timeout "$data" "" # Not even the ID should be sent when the first packet contains illegal data
-
-echo [STEP] No splicing allowed
-
-tinc bar stop
-tinc bar del ExperimentalProtocol
-
-create_script bar subnet-up
-start_tinc bar
-wait_script bar subnet-up
+send_with_timeout "$data" "" & job5=$! # Not even the ID should be sent when the first packet contains illegal data
 
-splice 17.7
-pid=$!
+for pid in $job1 $job2 $job3 $job4 $job5; do
+  wait $pid
+done
 
-require_nodes foo 1
-require_nodes bar 1
-
-kill $pid
-
-tinc bar stop
 tinc foo stop
-
-echo [STEP] Test splicing again with legacy protocol
-
-tinc foo set ExperimentalProtocol no
-tinc bar set ExperimentalProtocol no
-
-create_script foo subnet-up
-start_tinc foo
-wait_script foo subnet-up
-
-create_script bar subnet-up
-start_tinc bar
-wait_script bar subnet-up
-
-splice 17.0
-pid=$!
-
-require_nodes foo 1
-require_nodes bar 1
-
-kill $pid
-- 
2.20.1