Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

init gnutls from ed keypair #39

Merged
merged 5 commits into from
Sep 12, 2023
Merged

init gnutls from ed keypair #39

merged 5 commits into from
Sep 12, 2023

Commits on Sep 12, 2023

  1. init gnutls from ed keypair 

    A GNUTLSCreds can now be initialized from a pair of Ed25519 seed/pubkey.

This enables using libquic in "raw public key" TLS mode, which is
useful/needed for Lokinet.

GNUTLS says it checks that the keys given match one another, but
it does not appear to do so.

This commit includes lokinet-specific ALPN code, as testing it in this
codebase is easier at the moment.  The ALPN specifics and Lokinet
specifics should be separated and the Lokinet specifics should move into
Lokinet.

GNUTLSCreds in raw pubkey mode accepts a verify callback which, given the
other side's public key and requested ALPN will determine whether the
connection should be allowed.

Use case for Lokinet:
  clients send the client ALPN during negotiation,
  relays send the relay ALPN on outbound, and
  relays set both for inbound.
  This is used to determine whether we are being connected to by
  a relay or a client, and check keys / setup lokinet accordingly.

if we need gnutls debug logs, we can set
GNUTLS_DEBUG_LEVEL=level (0-99, >10 is full verbosity it seems)
and gnutls will log to stderr
    @tewinget
    tewinget committed Sep 12, 2023
    Configuration menu
    Copy the full SHA
    11f4e4b View commit details
    Browse the repository at this point in the history

  2. genericize waiting on future with timeout in test suite

    @tewinget
    tewinget committed Sep 12, 2023
    Configuration menu
    Copy the full SHA
    9b239d8 View commit details
    Browse the repository at this point in the history

  3. cpp-casts, clang-format, test name fixup

    @tewinget
    tewinget committed Sep 12, 2023
    Configuration menu
    Copy the full SHA
    6a44db4 View commit details
    Browse the repository at this point in the history

  4. verify remote is correctly identified as client or relay 

    the lokinet-specific ALPN logic should be divorced from libquic, but for now
it is working; that can be changed later.
    @tewinget
    tewinget committed Sep 12, 2023
    Configuration menu
    Copy the full SHA
    f04a7b1 View commit details
    Browse the repository at this point in the history

  5. genericize ALPN handling 

    ALPN handling in raw public key mode is now handled generically,
rather than having Lokinet-specific concepts.  In future, it will be
easy to have ALPN handling for any mode, not just raw pubkey, but for
now that is not necessary as we do not use ALPNs with normal certs.
    @tewinget
    tewinget committed Sep 12, 2023
    Configuration menu
    Copy the full SHA
    c5190aa View commit details
    Browse the repository at this point in the history