Add mbedtls wrapper, custom crypto lib path, test files (#803)

* add mbedtls crypto wrapper.
add tests files for new aead ciphers
add custom lib path support
fix some typo

* fix forbidden ip list

* rm crypto lib build files

* remove crypto source

* add xchacha20 test config

* convert dos new line format to unix format

* Fix help msg

tests/aes-cfb1.json

@@ -1,10 +1,10 @@
-{
-    "server":"127.0.0.1",
-    "server_port":8388,
-    "local_port":1081,
-    "password":"aes_password",
-    "timeout":60,
-    "method":"aes-256-cfb1",
-    "local_address":"127.0.0.1",
-    "fast_open":false
-}
+{
+    "server":"127.0.0.1",
+    "server_port":8388,
+    "local_port":1081,
+    "password":"aes_password",
+    "timeout":60,
+    "method":"aes-256-cfb1",
+    "local_address":"127.0.0.1",
+    "fast_open":false
+}

tests/aes-cfb8.json

@@ -1,10 +1,10 @@
-{
-    "server":"127.0.0.1",
-    "server_port":8388,
-    "local_port":1081,
-    "password":"aes_password",
-    "timeout":60,
-    "method":"aes-256-cfb8",
-    "local_address":"127.0.0.1",
-    "fast_open":false
-}
+{
+    "server":"127.0.0.1",
+    "server_port":8388,
+    "local_port":1081,
+    "password":"aes_password",
+    "timeout":60,
+    "method":"aes-256-cfb8",
+    "local_address":"127.0.0.1",
+    "fast_open":false
+}

tests/aes-ctr.json

@@ -1,10 +1,10 @@
-{
-    "server":"127.0.0.1",
-    "server_port":8388,
-    "local_port":1081,
-    "password":"aes_password",
-    "timeout":60,
-    "method":"aes-256-ctr",
-    "local_address":"127.0.0.1",
-    "fast_open":false
-}
+{
+    "server":"127.0.0.1",
+    "server_port":8388,
+    "local_port":1081,
+    "password":"aes_password",
+    "timeout":60,
+    "method":"aes-256-ctr",
+    "local_address":"127.0.0.1",
+    "fast_open":false
+}

tests/aes-gcm.json

@@ -0,0 +1,10 @@
+{
+    "server":"127.0.0.1",
+    "server_port":8388,
+    "local_port":1081,
+    "password":"aes_password",
+    "timeout":60,
+    "method":"aes-256-gcm",
+    "local_address":"127.0.0.1",
+    "fast_open":false
+}

tests/aes-ocb.json

@@ -0,0 +1,11 @@
+{
+    "server":"127.0.0.1",
+    "server_port":8388,
+    "local_port":1081,
+    "password":"aes_password",
+    "timeout":60,
+    "method":"aes-256-ocb",
+    "local_address":"127.0.0.1",
+    "fast_open":false,
+    "libopenssl":"/usr/local/lib/libcrypto.so.1.1"
+}

tests/aes-ofb.json

@@ -0,0 +1,10 @@
+{
+    "server":"127.0.0.1",
+    "server_port":8388,
+    "local_port":1081,
+    "password":"aes_password",
+    "timeout":60,
+    "method":"aes-256-ofb",
+    "local_address":"127.0.0.1",
+    "fast_open":false
+}

tests/aes.json

@@ -1,10 +1,10 @@
-{
-    "server":"127.0.0.1",
-    "server_port":8388,
-    "local_port":1081,
-    "password":"aes_password",
-    "timeout":60,
-    "method":"aes-256-cfb",
-    "local_address":"127.0.0.1",
-    "fast_open":false
-}
+{
+    "server":"127.0.0.1",
+    "server_port":8388,
+    "local_port":1081,
+    "password":"aes_password",
+    "timeout":60,
+    "method":"aes-256-cfb",
+    "local_address":"127.0.0.1",
+    "fast_open":false
+}

tests/camellia.json

@@ -0,0 +1,10 @@
+{
+    "server":"127.0.0.1",
+    "server_port":8388,
+    "local_port":1081,
+    "password":"camellia_password",
+    "timeout":60,
+    "method":"camellia-256-cfb",
+    "local_address":"127.0.0.1",
+    "fast_open":false
+}

tests/chacha20-ietf-poly1305.json

@@ -0,0 +1,10 @@
+{
+    "server":"127.0.0.1",
+    "server_port":8388,
+    "local_port":1081,
+    "password":"salsa20_password",
+    "timeout":60,
+    "method":"chacha20-ietf-poly1305",
+    "local_address":"127.0.0.1",
+    "fast_open":false
+}

tests/chacha20-ietf.json

@@ -1,10 +1,10 @@
-{
-    "server":"127.0.0.1",
-    "server_port":8388,
-    "local_port":1081,
-    "password":"salsa20_password",
-    "timeout":60,
-    "method":"chacha20-ietf",
-    "local_address":"127.0.0.1",
-    "fast_open":false
-}
+{
+    "server":"127.0.0.1",
+    "server_port":8388,
+    "local_port":1081,
+    "password":"salsa20_password",
+    "timeout":60,
+    "method":"chacha20-ietf",
+    "local_address":"127.0.0.1",
+    "fast_open":false
+}

tests/chacha20-poly1305.json

@@ -0,0 +1,10 @@
+{
+    "server":"127.0.0.1",
+    "server_port":8388,
+    "local_port":1081,
+    "password":"salsa20_password",
+    "timeout":60,
+    "method":"chacha20-poly1305",
+    "local_address":"127.0.0.1",
+    "fast_open":false
+}

tests/chacha20.json

@@ -1,10 +1,10 @@
-{
-    "server":"127.0.0.1",
-    "server_port":8388,
-    "local_port":1081,
-    "password":"salsa20_password",
-    "timeout":60,
-    "method":"chacha20",
-    "local_address":"127.0.0.1",
-    "fast_open":false
-}
+{
+    "server":"127.0.0.1",
+    "server_port":8388,
+    "local_port":1081,
+    "password":"chacha20_password",
+    "timeout":60,
+    "method":"chacha20",
+    "local_address":"127.0.0.1",
+    "fast_open":false
+}

tests/client-multi-server-ip.json

@@ -1,10 +1,10 @@
-{
-    "server":["127.0.0.1", "127.0.0.1"],
-    "server_port":8388,
-    "local_port":1081,
-    "password":"aes_password",
-    "timeout":60,
-    "method":"aes-256-cfb",
-    "local_address":"127.0.0.1",
-    "fast_open":false
-}
+{
+    "server":["127.0.0.1", "127.0.0.1"],
+    "server_port":8388,
+    "local_port":1081,
+    "password":"aes_password",
+    "timeout":60,
+    "method":"aes-256-cfb",
+    "local_address":"127.0.0.1",
+    "fast_open":false
+}

tests/fastopen.json

@@ -1,10 +1,10 @@
-{
-    "server":"127.0.0.1",
-    "server_port":8388,
-    "local_port":1081,
-    "password":"fastopen_password",
-    "timeout":60,
-    "method":"aes-256-cfb",
-    "local_address":"127.0.0.1",
-    "fast_open":true
-}
+{
+    "server":"127.0.0.1",
+    "server_port":8388,
+    "local_port":1081,
+    "password":"fastopen_password",
+    "timeout":60,
+    "method":"aes-256-cfb",
+    "local_address":"127.0.0.1",
+    "fast_open":true
+}

tests/graceful.json

@@ -1,10 +1,10 @@
-{
-    "server":"127.0.0.1",
-    "server_port":8388,
-    "local_port":1081,
-    "password":"aes_password",
-    "timeout":15,
-    "method":"aes-256-cfb",
-    "local_address":"127.0.0.1",
-    "fast_open":false
-}
+{
+    "server":"127.0.0.1",
+    "server_port":8388,
+    "local_port":1081,
+    "password":"aes_password",
+    "timeout":15,
+    "method":"aes-256-cfb",
+    "local_address":"127.0.0.1",
+    "fast_open":false
+}

tests/ipv6-client-side.json

@@ -1,10 +1,10 @@
-{
-    "server":"::1",
-    "server_port":8388,
-    "local_port":1081,
-    "password":"aes_password",
-    "timeout":60,
-    "method":"aes-256-cfb",
-    "local_address":"127.0.0.1",
-    "fast_open":false
-}
+{
+    "server":"::1",
+    "server_port":8388,
+    "local_port":1081,
+    "password":"aes_password",
+    "timeout":60,
+    "method":"aes-256-cfb",
+    "local_address":"127.0.0.1",
+    "fast_open":false
+}

tests/ipv6.json

@@ -1,10 +1,10 @@
-{
-    "server":"::",
-    "server_port":8388,
-    "local_port":1081,
-    "password":"aes_password",
-    "timeout":60,
-    "method":"aes-256-cfb",
-    "local_address":"127.0.0.1",
-    "fast_open":false
-}
+{
+    "server":"::",
+    "server_port":8388,
+    "local_port":1081,
+    "password":"aes_password",
+    "timeout":60,
+    "method":"aes-256-cfb",
+    "local_address":"127.0.0.1",
+    "fast_open":false
+}

tests/jenkins.sh

@@ -33,12 +33,25 @@ run_test coverage run tests/nose_plugin.py -v
 run_test python setup.py sdist
 run_test tests/test_daemon.sh
 run_test python tests/test.py --with-coverage -c tests/aes.json
+run_test python tests/test.py --with-coverage -c tests/mbedtls-aes.json
+run_test python tests/test.py --with-coverage -c tests/aes-gcm.json
+run_test python tests/test.py --with-coverage -c tests/aes-ocb.json
+run_test python tests/test.py --with-coverage -c tests/mbedtls-aes-gcm.json
 run_test python tests/test.py --with-coverage -c tests/aes-ctr.json
+run_test python tests/test.py --with-coverage -c tests/mbedtls-aes-ctr.json
 run_test python tests/test.py --with-coverage -c tests/aes-cfb1.json
 run_test python tests/test.py --with-coverage -c tests/aes-cfb8.json
+run_test python tests/test.py --with-coverage -c tests/aes-ofb.json
+run_test python tests/test.py --with-coverage -c tests/camellia.json
+run_test python tests/test.py --with-coverage -c tests/mbedtls-camellia.json
 run_test python tests/test.py --with-coverage -c tests/rc4-md5.json
 run_test python tests/test.py --with-coverage -c tests/salsa20.json
 run_test python tests/test.py --with-coverage -c tests/chacha20.json
+run_test python tests/test.py --with-coverage -c tests/xchacha20.json
+run_test python tests/test.py --with-coverage -c tests/chacha20-ietf.json
+run_test python tests/test.py --with-coverage -c tests/chacha20-poly1305.json
+run_test python tests/test.py --with-coverage -c tests/xchacha20-ietf-poly1305.json
+run_test python tests/test.py --with-coverage -c tests/chacha20-ietf-poly1305.json
 run_test python tests/test.py --with-coverage -c tests/table.json
 run_test python tests/test.py --with-coverage -c tests/server-multi-ports.json
 run_test python tests/test.py --with-coverage -s tests/aes.json -c tests/client-multi-server-ip.json
@@ -52,6 +65,15 @@ run_test python tests/test.py --with-coverage -b "-m rc4-md5 -k testrc4 -s 127.0
 run_test python tests/test.py --with-coverage -b "-m aes-256-cfb -k testrc4 -s 127.0.0.1 -p 8388 --workers 1" -a "-m aes-256-cfb -k testrc4 -s 127.0.0.1 -p 8388 -l 1081 -t 30 -qq -b 127.0.0.1"
 run_test python tests/test.py --with-coverage --should-fail --url="http://127.0.0.1/" -b "-m aes-256-cfb -k testrc4 -s 127.0.0.1 -p 8388 --forbidden-ip=127.0.0.1,::1,8.8.8.8" -a "-m aes-256-cfb -k testrc4 -s 127.0.0.1 -p 8388 -l 1081 -t 30 -b 127.0.0.1"
 
+# test custom lib path
+
+run_test python tests/test.py --with-coverage --url="http://127.0.0.1/" -b "-m aes-256-cfb -k testrc4 -s 127.0.0.1 -p 8388 --forbidden-ip= --libopenssl=/usr/local/lib/libcrypto.so" -a "-m aes-256-cfb -k testrc4 -s 127.0.0.1 -p 8388 -l 1081 -t 30 -b 127.0.0.1 --libopenssl=/usr/local/lib/libcrypto.so"
+run_test python tests/test.py --with-coverage --url="http://127.0.0.1/" -b "-m mbedtls:aes-256-cfb128 -k testrc4 -s 127.0.0.1 -p 8388 --forbidden-ip= --libmbedtls=/usr/local/lib/libmbedcrypto.so" -a "-m mbedtls:aes-256-cfb128 -k testrc4 -s 127.0.0.1 -p 8388 -l 1081 -t 30 -b 127.0.0.1 --libmbedtls=/usr/local/lib/libmbedcrypto.so"
+run_test python tests/test.py --with-coverage --url="http://127.0.0.1/" -b "-m chacha20-ietf -k testrc4 -s 127.0.0.1 -p 8388 --forbidden-ip= --libsodium=/usr/local/lib/libsodium.so" -a "-m chacha20-ietf -k testrc4 -s 127.0.0.1 -p 8388 -l 1081 -t 30 -b 127.0.0.1 --libsodium=/usr/local/lib/libsodium.so"
+run_test python tests/test.py --with-coverage --should-fail --url="http://127.0.0.1/" -b "-m aes-256-cfb -k testrc4 -s 127.0.0.1 -p 8388 --forbidden-ip= --libopenssl=invalid_path" -a "-m aes-256-cfb -k testrc4 -s 127.0.0.1 -p 8388 -l 1081 -t 30 -b 127.0.0.1 --libopenssl=invalid_path"
+run_test python tests/test.py --with-coverage --should-fail --url="http://127.0.0.1/" -b "-m chacha20-ietf -k testrc4 -s 127.0.0.1 -p 8388 --forbidden-ip= --libsodium=invalid_path" -a "-m chacha20-ietf -k testrc4 -s 127.0.0.1 -p 8388 -l 1081 -t 30 -b 127.0.0.1 --libsodium=invalid_path"
+run_test python tests/test.py --with-coverage --should-fail --url="http://127.0.0.1/" -b "-m mbedtls:aes-256-cfb -k testrc4 -s 127.0.0.1 -p 8388 --forbidden-ip= --libmbedtls=invalid_path" -a "-m mbedtls:aes-256-cfb -k testrc4 -s 127.0.0.1 -p 8388 -l 1081 -t 30 -b 127.0.0.1 --libmbedtls=invalid_path"
+
 # test if DNS works
 run_test python tests/test.py --with-coverage -c tests/aes.json --url="https://clients1.google.com/generate_204"
 

tests/libmbedtls/install.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+MBEDTLS_VER=2.4.2
+if [ ! -d mbedtls-$MBEDTLS_VER ]; then
+    wget https://tls.mbed.org/download/mbedtls-$MBEDTLS_VER-gpl.tgz || exit 1
+    tar xf mbedtls-$MBEDTLS_VER-gpl.tgz || exit 1
+fi
+pushd mbedtls-$MBEDTLS_VER
+make SHARED=1 CFLAGS=-fPIC && sudo make install || exit 1
+sudo ldconfig
+popd
+rm -rf mbedtls-$MBEDTLS_VER || exit 1

tests/libopenssl/install.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+OPENSSL_VER=1.1.0e
+if [ ! -d openssl-$OPENSSL_VER ]; then
+    wget https://www.openssl.org/source/openssl-$OPENSSL_VER.tar.gz || exit 1
+    tar xf openssl-$OPENSSL_VER.tar.gz || exit 1
+fi
+pushd openssl-$OPENSSL_VER
+./config && make && sudo make install || exit 1
+# sudo ldconfig  # test multiple libcrypto
+popd
+rm -rf openssl-$OPENSSL_VER || exit 1

tests/libsodium/install.sh

@@ -1,10 +1,11 @@
 #!/bin/bash
 
-if [ ! -d libsodium-1.0.11 ]; then
-    wget https://github.com/jedisct1/libsodium/releases/download/1.0.11/libsodium-1.0.11.tar.gz || exit 1
-    tar xf libsodium-1.0.11.tar.gz || exit 1
+if [ ! -d libsodium-1.0.12 ]; then
+    wget https://github.com/jedisct1/libsodium/releases/download/1.0.12/libsodium-1.0.12.tar.gz || exit 1
+    tar xf libsodium-1.0.12.tar.gz || exit 1
 fi
-pushd libsodium-1.0.11
+pushd libsodium-1.0.12
 ./configure && make -j2 && make install || exit 1
 sudo ldconfig
 popd
+rm -rf libsodium-1.0.12 || exit 1

tests/mbedtls-aes-ctr.json

@@ -0,0 +1,10 @@
+{
+    "server":"127.0.0.1",
+    "server_port":8388,
+    "local_port":1081,
+    "password":"aes_password",
+    "timeout":60,
+    "method":"mbedtls:aes-256-ctr",
+    "local_address":"127.0.0.1",
+    "fast_open":false
+}

tests/mbedtls-aes-gcm.json

@@ -0,0 +1,10 @@
+{
+    "server":"127.0.0.1",
+    "server_port":8388,
+    "local_port":1081,
+    "password":"aes_password",
+    "timeout":60,
+    "method":"mbedtls:aes-256-gcm",
+    "local_address":"127.0.0.1",
+    "fast_open":false
+}

tests/mbedtls-aes.json

@@ -0,0 +1,10 @@
+{
+    "server":"127.0.0.1",
+    "server_port":8388,
+    "local_port":1081,
+    "password":"aes_password",
+    "timeout":60,
+    "method":"mbedtls:aes-256-cfb128",
+    "local_address":"127.0.0.1",
+    "fast_open":false
+}

tests/mbedtls-camellia.json

@@ -0,0 +1,10 @@
+{
+    "server":"127.0.0.1",
+    "server_port":8388,
+    "local_port":1081,
+    "password":"camellia_password",
+    "timeout":60,
+    "method":"mbedtls:camellia-256-cfb128",
+    "local_address":"127.0.0.1",
+    "fast_open":false
+}

tests/rc4-md5-ota.json

@@ -1,11 +1,11 @@
-{
-    "server":"127.0.0.1",
-    "server_port":8388,
-    "local_port":1081,
-    "password":"aes_password",
-    "timeout":60,
-    "method":"rc4-md5",
-    "local_address":"127.0.0.1",
-    "fast_open":false,
-    "one_time_auth":true
-}
+{
+    "server":"127.0.0.1",
+    "server_port":8388,
+    "local_port":1081,
+    "password":"aes_password",
+    "timeout":60,
+    "method":"rc4-md5",
+    "local_address":"127.0.0.1",
+    "fast_open":false,
+    "one_time_auth":true
+}

tests/rc4-md5.json

@@ -1,10 +1,10 @@
-{
-    "server":"127.0.0.1",
-    "server_port":8388,
-    "local_port":1081,
-    "password":"aes_password",
-    "timeout":60,
-    "method":"rc4-md5",
-    "local_address":"127.0.0.1",
-    "fast_open":false
-}
+{
+    "server":"127.0.0.1",
+    "server_port":8388,
+    "local_port":1081,
+    "password":"aes_password",
+    "timeout":60,
+    "method":"rc4-md5",
+    "local_address":"127.0.0.1",
+    "fast_open":false
+}

tests/salsa20-ctr.json

@@ -1,10 +1,10 @@
-{
-    "server":"127.0.0.1",
-    "server_port":8388,
-    "local_port":1081,
-    "password":"salsa20_password",
-    "timeout":60,
-    "method":"salsa20-ctr",
-    "local_address":"127.0.0.1",
-    "fast_open":false
-}
+{
+    "server":"127.0.0.1",
+    "server_port":8388,
+    "local_port":1081,
+    "password":"salsa20_password",
+    "timeout":60,
+    "method":"salsa20-ctr",
+    "local_address":"127.0.0.1",
+    "fast_open":false
+}

tests/salsa20.json

@@ -1,10 +1,10 @@
-{
-    "server":"127.0.0.1",
-    "server_port":8388,
-    "local_port":1081,
-    "password":"salsa20_password",
-    "timeout":60,
-    "method":"salsa20",
-    "local_address":"127.0.0.1",
-    "fast_open":false
-}
+{
+    "server":"127.0.0.1",
+    "server_port":8388,
+    "local_port":1081,
+    "password":"salsa20_password",
+    "timeout":60,
+    "method":"salsa20",
+    "local_address":"127.0.0.1",
+    "fast_open":false
+}

tests/server-dnsserver.json

@@ -1,11 +1,11 @@
-{
-    "server":"127.0.0.1",
-    "server_port":8388,
-    "local_port":1081,
-    "password":"aes_password",
-    "timeout":60,
-    "method":"aes-256-cfb",
-    "local_address":"127.0.0.1",
-    "fast_open":false,
-    "dns_server": ["8.8.8.8","8.8.4.4"]
-}
+{
+    "server":"127.0.0.1",
+    "server_port":8388,
+    "local_port":1081,
+    "password":"aes_password",
+    "timeout":60,
+    "method":"aes-256-cfb",
+    "local_address":"127.0.0.1",
+    "fast_open":false,
+    "dns_server": ["8.8.8.8","8.8.4.4"]
+}

tests/table.json

@@ -1,10 +1,10 @@
-{
-    "server":"127.0.0.1",
-    "server_port":8388,
-    "local_port":1081,
-    "password":"table_password",
-    "timeout":60,
-    "method":"table",
-    "local_address":"127.0.0.1",
-    "fast_open":false
-}
+{
+    "server":"127.0.0.1",
+    "server_port":8388,
+    "local_port":1081,
+    "password":"table_password",
+    "timeout":60,
+    "method":"table",
+    "local_address":"127.0.0.1",
+    "fast_open":false
+}

tests/workers.json

@@ -1,10 +1,10 @@
-{
-    "server":"127.0.0.1",
-    "server_port":8388,
-    "local_port":1081,
-    "password":"workers_password",
-    "timeout":60,
-    "method":"aes-256-cfb",
-    "local_address":"127.0.0.1",
-    "workers": 4
-}
+{
+    "server":"127.0.0.1",
+    "server_port":8388,
+    "local_port":1081,
+    "password":"workers_password",
+    "timeout":60,
+    "method":"aes-256-cfb",
+    "local_address":"127.0.0.1",
+    "workers": 4
+}

tests/xchacha20-ietf-poly1305.json

@@ -0,0 +1,10 @@
+{
+    "server":"127.0.0.1",
+    "server_port":8388,
+    "local_port":1081,
+    "password":"salsa20_password",
+    "timeout":60,
+    "method":"xchacha20-ietf-poly1305",
+    "local_address":"127.0.0.1",
+    "fast_open":false
+}

tests/xchacha20.json

@@ -0,0 +1,10 @@
+{
+    "server":"127.0.0.1",
+    "server_port":8388,
+    "local_port":1081,
+    "password":"xchacha20_password",
+    "timeout":60,
+    "method":"xchacha20",
+    "local_address":"127.0.0.1",
+    "fast_open":false
+}