Commit Graph

1445 Commits

Author SHA1 Message Date
Jean-Paul Calderone
336b35d513 Here is a stab. 2017-05-01 11:10:48 -04:00
Brian Warner
2d9763e013 travis: tolerate failures on python-nightly
I'm seeing "coverage xml" fail, which indicates some internal problems in the
"coverage" module that aren't our responsibility.
2017-04-23 16:53:12 -04:00
Brian Warner
c84939744f oops, fix it properly 2017-04-23 16:33:42 -04:00
Brian Warner
876dea8297 transit: ignore new data in "hung up" state
Apparently there's an intermittent condition in tests that follows this path.
We used to ignore unrecognized states, but to improve test coverage I added a
clause to catch them, and now that clause is happening where I didn't expect
it.
2017-04-23 16:31:26 -04:00
Brian Warner
ebe9df312e signal errors to w.when_code() waiters too
This fixes the case where "wormhole send" would wait forever (upon network
error) instead of terminating with a useful error message.

Testing this will have to wait until we land the branch that abandons the
wormhole if the first connection fails, since that's the easiest way to
provoke a network error before when_code() has fired.
2017-04-23 16:07:07 -04:00
Brian Warner
d6d6669b23 cli._dispatch_command: improve test coverage 2017-04-23 16:01:05 -04:00
Brian Warner
82b4327f23 machines.dot: remove missing message (stopped) 2017-04-23 15:29:31 -04:00
Brian Warner
77bb7f5be7 test_wormhole: improve tests of derive_key() 2017-04-19 10:50:52 -04:00
Brian Warner
654bba4d3e test_wormhole: use assertRaises as context manager 2017-04-19 10:50:46 -04:00
Brian Warner
d0fb7a834d tests: exercise DelegatedWormhole 2017-04-19 10:50:31 -04:00
Brian Warner
ef56336eab fix DelegatedWormhole 2017-04-19 10:50:24 -04:00
Brian Warner
323d5a896f debug_set_trace: include _SortedKey 2017-04-19 10:50:18 -04:00
Brian Warner
f541930110 tests: exercise set_trace 2017-04-19 10:49:12 -04:00
Brian Warner
5a3f389bd3 improve debug timeline data and visualization 2017-04-18 14:05:46 -04:00
Brian Warner
0774ac8c36 test_wormhole: more coverage 2017-04-18 14:05:46 -04:00
Brian Warner
16c47de61b test_util.py: fully cover util.py 2017-04-18 14:05:46 -04:00
Brian Warner
556ae663cb test_transit: fully cover transit.py 2017-04-18 14:05:46 -04:00
Brian Warner
afe9f7152d test_transit: improve coverage
and fix py2/py3-isms in ipaddr tests
2017-04-18 14:05:39 -04:00
Brian Warner
478405cb6a test_cli: exercise -0 mode 2017-04-18 13:43:07 -04:00
Brian Warner
1bb4e9278a CLI: remove log.err(), remove flushLoggedErrors from tests
I think we're better off without this: the CLI commands propagate the Failure
up to their callers (rather than eating it silently), the callers are using
task.react (which reacts to Failures by exiting with rc!=0), so nothing
should get lost. And doing an extra log.err() just creates more cleanup work
for test cases to flush, and makes the CLI commands double-print the any
errors (maybe task.react also points logging at stderr?).
2017-04-16 16:45:09 -04:00
Brian Warner
b4e39edb3f cmd_receive: rename TwistedReceiver to just Receiver 2017-04-16 16:28:46 -04:00
Brian Warner
9dde091f2b test_wormhole.py: remove dead code 2017-04-16 10:56:17 -04:00
Brian Warner
e6b9cf18be update to match new (private) Automat tracing API 2017-04-13 16:51:04 -04:00
Brian Warner
c2a71e7240 delete leftover/unused/unimportable codes.py
refs #146
2017-04-10 11:33:46 -07:00
Brian Warner
5fde1eb5b9 appveyor: turn on py3.6, remove old workaround
All of py27,py33,py34,py35,py36 should pass now, both 32-bit and 64-bit.
2017-04-07 19:50:45 -07:00
Brian Warner
469c94dc4e test_cli: on win32, force en_US.UTF-8 rather than running locale -e 2017-04-07 11:18:32 -07:00
Brian Warner
781d791e03 test server-reconnection: it worked already
Cool, it actually worked without changes. Closes #42
2017-04-07 09:48:48 -07:00
Brian Warner
3d89d78ea5 Merge branch '42-overhaul'
This completely rewrites the client, splitting everything into many (13!)
small-ish state machines, merging about 5 months of work. This will enable
the following new features (none of which are fully implemented yet):

* survive the rendezvous server connection being lost, if we can reconnect
* learn the wordlist from the server, after claiming the nameplate, to enable
  i18n wordlists (sender chooses language, receiver tab-completes on the
  matching wordlist)
* likewise we can learn the code-length (number of words) from the server,
  although this needs more thought before we can make it safe
* new "Delegated Mode" API, with callbacks instead of Deferreds
* properly serializable Wormhole state
* "journaled mode": synchronzing outbound messages with application state
  checkpoints to provide robust behavior in the face of frequent and
  uncoordinated shutdown
* making progress even when neither side is connected at the same time
* code-completion with non-readline frontends (e.g. GUI wordlist-dropdown)

User-visible changes from this rewrite:

* wormhole receive: if you use tab-completion, you can only set the nameplate
  once, after which we've claimed that channel and are stuck with it until
  the process exits. This means you can't type "5-<TAB><DEL><DEL>3-", because
  we've already committed to a nameplate of "5". So initial typos are more of
  a problem now. The client will show you an exception, but then you must
  Control-C the process to exit.
* the "you should upgrade to a newer version" message now overlaps with the
  code-input prompt, which is annoying (I hope to fix this before a release)
* networking problems that prevent a connection to the rendezvous server will
  cause silent hangs (until I fix this too)

New docs:

* the docs/ directory now contains descriptions of the various
  client-to-server and client-to-client protocols we use (none of which
  changed)
* docs/api.md now has a comprehensive description of the API (which is still
  subject to change)
* docs/state-machines/ contains DOT-format descriptions of each new state
  machine, although running "automat-visualize wormhole" will build
  more-accurate (but less-informative) diagrams of the actual
  implementations

refs #42
2017-04-06 20:13:54 -07:00
Brian Warner
992db1846c minor TODO comments 2017-04-06 19:44:27 -07:00
Brian Warner
6aa7fe7c82 Welcome: handle local dev versions (with +, not -) correctly
The Welcome class prints a message if the server recommends a CLI version
that's newer than what the client is currently using, but only if the client
is running a "release" version, not a "local" development one. "local"
versions have a "+" in them (at least when Versioneer creates it), but
Welcome was looking for "-" as an indicator. So it was printing the warning
when it shouldn't be.
2017-04-06 19:32:05 -07:00
Brian Warner
1a7b3baaf2 rewrite waiting-for-sender pacifier messages
re-enable the test, and add an extra one

The comments in cmd_send/cmd_receive now enumerate the four cases where we
might notice that things are taking too long, the three cases where we say
something about it, and the two cases where it might be appropriate to give
up automatically (although we don't do that anywhere yet).
2017-04-06 19:17:11 -07:00
Brian Warner
83e55f1f3e add w.when_key(), fix w.when_verified() to fire later
Previously, w.when_verified() was documented to fire only after a valid
encrypted message was received, but in fact it fired as soon as the shared
key was derived (before any encrypted messages are seen, so no actual
"verification" could occur yet).

This fixes that, and also adds a new w.when_key() API call which fires at the
earlier point. Having something which fires early is useful for the CLI
commands that want to print a pacifier message when the peer is responding
slowly. In particular it helps detect the case where 'wormhole send' has quit
early (after depositing the PAKE message on the server, but before the
receiver has started). In this case, the receiver will compute the shared
key, but then wait forever hoping for a VERSION that will never come. By
starting a timer when w.when_key() fires, and cancelling it when
w.when_verified() fires, we have a good place to tell the user that something
is taking longer than it should have.

This shifts responsibility for notifying Boss.got_verifier, out of Key and
into Receive, since Receive is what notices the first valid encrypted
message. It also shifts the Boss's ordering expectations: it now receives
B.happy() before B.got_verifier(), and consequently got_verifier ought to
arrive in the S2_happy state rather than S1_lonely.
2017-04-06 18:27:41 -07:00
Brian Warner
67d53f1388 wordlist: fix "1-word- TAB" case 2017-04-06 15:05:37 -07:00
Brian Warner
ddc6319bf6 protocol docs fixups 2017-04-06 13:52:26 -07:00
Brian Warner
af3bb0095d docs: expand section on close() 2017-04-06 13:22:15 -07:00
Brian Warner
ba36562482 docs: move Dilation up next to Serialization, as both are speculative 2017-04-06 13:02:27 -07:00
Brian Warner
194f0be471 api.md: fix some typos 2017-04-06 12:49:33 -07:00
Brian Warner
3f878fb981 rename test_scripts to test_cli 2017-04-06 12:30:56 -07:00
Brian Warner
e787d0ffc5 move Welcome into test_scripts, remove test_cli 2017-04-06 12:29:58 -07:00
Brian Warner
9717b67d1b comment out serialize() for now
until it's implemented fully
2017-04-06 12:27:06 -07:00
Brian Warner
f957e9b2fb test_wormhole: check when_verified() being called late 2017-04-06 12:26:52 -07:00
Brian Warner
a063ed2b3b remove unused wordlist.py (now lives in _wordlist.py) 2017-04-06 12:23:25 -07:00
Brian Warner
7c6332b770 wormhole: comments 2017-04-06 12:22:45 -07:00
Brian Warner
3cd4d31c0b journal: add test coverage 2017-04-06 12:22:45 -07:00
Brian Warner
df1b2338b1 tests: exercise Key receiving PAKE before set_code 2017-04-06 12:22:45 -07:00
Brian Warner
0da9cbdeeb remove unused code 2017-04-06 12:22:45 -07:00
Brian Warner
d331c51c03 change completion API
* InputHelper returns full words, not just suffixes. I liked the fact that
  suffixes made it impossible to violate the "all matches will start with
  your prefix" invariant, but in practice it was fiddly to work with.
* add ih.when_wordlist_is_available(), so the frontend can block (after
  claiming the nameplate) until it can return a complete wordlist to
  readline. This helps the user experience, because readline wasn't really
  built to work with completions that change over time
* make the Wordlist responsible for appending hyphens to all non-final word
  completions. InputHelper remains responsible for hyphens on nameplates.
  This makes the frontend simpler, but I may change it again in the future if
  it helps non-readline GUI frontends.
* CodeInputter: after claiming, wait for the wordlist rather than returning
  an empty list
* PGPWordList: change to match

This has the unfortunate side-effect that e.g. typing "3-yucatan-tu TAB"
shows you completions that include the entire phrase: "3-yucatan-tumor
3-yucatan-tunnel", rather than only mentioning the final word. I'd like to
fix this eventually.
2017-04-06 12:22:45 -07:00
Brian Warner
04926d0be8 minor test improvement 2017-04-06 12:22:45 -07:00
Brian Warner
4c7b908024 _rlcompleter: improve debug messages and comments 2017-04-06 12:22:45 -07:00
Brian Warner
7699ed2291 tell wordlist how many words to expect, add hyphens to matches
I'm still undecided about whether to add this to the mailbox
properties (revealing it to attackers) or continue to require non-default
wordcounts to be provided as a --code-length= argument to the receiver. So
for now the only place that says count=2 is in the default argument on
get_completions().
2017-04-06 12:22:45 -07:00