refactor(psk): replace free functions with HandshakeExt trait#40
Closed
maxholman wants to merge 7 commits intoblock65:mainfrom
Closed
refactor(psk): replace free functions with HandshakeExt trait#40maxholman wants to merge 7 commits intoblock65:mainfrom
maxholman wants to merge 7 commits intoblock65:mainfrom
Conversation
Phase 13 design documents covering capability handshake (13a), indeterminate mode (13b), auto-negotiation (13c), hints (13d), route announcement (13e), security posture (13f), and mode transitions (13g). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- ExitNodeHello → Handshake message with nested Capabilities struct - Add Ping/Pong messages for latency measurement - Add RoleHint and HintLevel for future role negotiation - Move NodeRole to data.proto (canonical location), remove DataNodeRole - Rename ROLE_UNKNOWN → ROLE_INDETERMINATE (phase 13b terminology) - control.proto references wallhack.data.NodeRole via import - management.proto: add tun_capable/listening/connecting to PeerInfo and StatusResponse, reserve removed capability field Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- hmac.rs: generic HMAC-SHA256 compute/verify using ring - psk.rs: PSK proof via TLS channel binding (RFC 9266 tls-exporter), serialization uses protobuf encode_to_vec for determinism - Rename bridge.rs → protocol.rs, add ControlChannels struct, bidirectional handshake support in control loop, ping/pong latency tracking, mandatory protocol tests - types.rs: NodeRole import moved from control to data module, ROLE_UNKNOWN → ROLE_INDETERMINATE Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- QUIC and WS clients send Handshake with PSK proof on connect - QUIC and WS servers read peer Handshake, send own back - AcceptResult carries peer_handshake, latency_rx, channel_binding - ConnectResult carries peer handshake via oneshot - PeerInfo and NodeStatus use Capabilities struct instead of 3 bools - update_capabilities() takes &Capabilities - Handler and IPC layer updated for Capabilities grouping - Add zeroize dep for PSK memory safety Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- All daemon modes (entry, exit, relay) populate local_handshake with Capabilities struct in ServerOptions - Entry mode validates PSK proof and updates peer capabilities - handle_connection refactored: ConnectionParams struct, validate_handshake(), spawn_data_tasks(), run_connection_loop() - Zeroizing<String> for PSK across daemon config pipeline - CLI and API handlers updated for Capabilities field access Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Move `serialize_handshake_fields` free function into `Handshake::serialize_for_proof()` method (better API locality). - Bump binary size thresholds to ~1% above current measured sizes after handshake/PSK/proto additions (+59KB). - Fix transport-modes copy (WebSocket RTT description). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
`compute_proof` / `verify_proof` free functions become `HandshakeExt::compute_psk_proof` / `verify_psk_proof` methods, keeping PSK logic co-located with the Handshake type.
4 tasks
maxholman
added a commit
that referenced
this pull request
May 6, 2026
Sweep of website/ deps to latest within ranges, plus a vite downgrade from 8 -> 7 to match astro's transitive vite (7.3.2) and avoid a rolldown regression with @tailwindcss/vite 4.2.4. Closes alerts #28 #29 #30 #31 #33 #34 #35 #36 #37 #38 #39 #40 #44 #48 covering vite, picomatch, postcss, yaml, astro, smol-toml. - vite ^8.0.1 -> ^7.3.2 (drops the now-redundant vite 8 lineage; astro pulls 7.3.2 transitively, which is the patched version) - astro 6.0.6 -> 6.2.2 (#44) - @tailwindcss/vite 4.2.2 -> 4.2.4 - smol-toml: lockfile bump to 1.6.1 (#28) - postcss: lockfile bump to 8.5.14 (#48) - picomatch: lockfile bumps to 2.3.2 + 4.0.4 (#29 #30 #39 #40) - yaml is now omitted entirely (it was an optional vite peer) Verified: pnpm build succeeds; no @tailwindcss/vite peer-dep warnings.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Replace
compute_proof/verify_prooffree functions withHandshakeExt::compute_psk_proof/verify_psk_proofmethods, keeping PSK logic co-located with the Handshake type.