feat(iroh): Pluggable crypto backends

[matheus23]

Description

• Introduces a ring feature flag that enables turning off the ring dependency
• Introduces a aws-lc-rs feature flag that enables using aws-lc-rs as the crypto provider for rustls for everything TLS in iroh
• Adds iroh::endpoint::Builder::crypto_provider allowing anyone to configure custom crypto providers beyond ring and aws-lc-rs. This is a required call when neither ring nor aws-lc-rs are enabled, but will default to either (preferring ring) if the features are enabled.
• Adds presets::Empty and presets::Minimal. The latter sets the minimal set of required options on the builder, but is only available on the ring or aws-lc-rs feature flags.
• Removes Endpoint::empty_builder in favor of Endpoint::builder together with either the presets::Empty or presets::Minimal.

Depends on n0-computer/noq#496

Breaking Changes

• Added iroh::endpoint::Builder::crypto_provider for configuring the crypto provider. After having built the Endpoint, you can get back the crypto provider via endpoint.tls_config().crypto_provider().
• Removed Endpoint::empty_builder. Use Endpoint::builder(presets::Empty) or Endpoint::builder(presets::Minimal) instead.
• Behavioral: If you don't call iroh::endpoint::Builder::crypto_provider, you will get an error when building in the call Builder::bind().

Notes & Open Questions

It's probably worth asking ourselves if we want to change the way we run CI now.
Most of our tests are cfg-ed out when you disable both the ring and aws-lc-rs features.
However, maybe we should add another test category that's like --no-default-features --feature ring/aws-lc-rs?
We could call it minimal (and I guess we'd have to decide to use either ring or aws-lc-rs).

[github-actions]

Netsim report & logs for this PR have been generated and is available at: LOGS
This report will remain available for 3 days.

Last updated for commit: c22f035

[rklaehn]

Probably not for this PR, but we could have another feature where we enable a rust-only crypto provider. It is the only major non-feature change I have to make to get esp32 to work.

See https://github.com/n0-computer/iroh/pull/3999/changes#diff-07f36e33249ac4a7e40c2b4d58f304a80f63acccfc825f27451533a8cbdde72b

[rklaehn]

We should also extend the deps test that I added in #4011 to make sure ring and aws-lc-rs are truly gone when running with default-features = false.

[rklaehn]

Hiding the preset sounds good. Perhaps we can also expose a presets::n0(CryptoProvider) so it's easy to enable a preset with a different crypto provider, which we won't have to hide?

PresetsBuilderFactoryProvider

[rklaehn]

Another thing I was thinking of for solving this was making the endpoint builder have a typestate pattern and failing compilation if crypto_provider is not set, but I don't particularly like this option due to its complexity.
Other than that I'm out of ideas.

Happened to me a few times. First try to "make invalid states unrepresentable" in builders, then scrap it all because the API surface area is just so large.

I think if you just don't have the preset at all if you don't have the features, starting from scratch with .builder(presets::Empty) and having to set everything manually is unsurprising. This is only an issue for a small fraction of our users, and most of them will just copy and paste an example. So I think it's fine.

By the way: isn't the crypto provider a global? So would it even work if you had 2 endpoints with different cryptoproviders? Is the setter on the builder just a fancy decoration for a global, or is it for real?

[matheus23]

By the way: isn't the crypto provider a global? So would it even work if you had 2 endpoints with different cryptoproviders? Is the setter on the builder just a fancy decoration for a global, or is it for real?

It... does have this annoying API to make it globally available, but it doesn't have to be.

For all of iroh's uses of CryptoProvider it is passed in - never using the global.

The only places where I use the global are some edge-cases where constructing an axum-server without using the global is a lot more cumbersome than just setting the global (and that's inside some doctests).

Other than that, it's always passed around.

So yes, you can have two iroh endpoints with different crypto providers in the same process.