all: rewrite the entire tor network to eventual consistency #25
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR is a complete rewrite of the
tornet
overlay P2P networking layer:ecdsa
, the new code usesed25519
curves. This permits us to use deterministic signatures, so TLS certificates can be regenerated on the fly and don't have to be shuffled around. This in its turn permits us to reduce the pairing secret from 200 something bytes to 64.bine
package. At the end of the day we still convert it to abine
key due to a limitation in it (Go'sed25519
package was only recently included in the stdlib). Need to upstream support for proper ed crypto.tornet.Node
was split into individual components that are each surfaced through the APIs, permitting a much more orthogonal design.Server
represents the onion listener part;PeerSet
the connection handling; andNode
a combination featuring address rotation.tornet
to cater for battery operated scenarios, instead the application needs to explicitly request connections (all other functionality are still automagic). In a similar vein, the new tornet includes a connection breaker that an tear down idle streams to avoid the Tor maintenance burden.The entire corona network application was reworked to operate on top of the new
tornet
:Server
andPeerSet
directly, without address rotation or bi-directional trust. This new scheme permits us to only share the public onion address, not the private key, removing one potential MitM attack vector.Fixes #24
Fixes #22