AuraVPN

xah30/AuraVPN

Fork 0

Commit Graph

Author	SHA1	Message	Date
xah30	6c14c0d103	feat(proto,cli): v3.1 multi-hop scaffold — control kinds + config sections Foundation for v3.1 onion routing (client → entry-relay → exit-server). The relay/circuit runtime is implemented in a follow-up commit; this scaffold lands the wire-level control extensions and the config schema: - aura-proto: ControlKind gains ExtendBridge (client→relay), CircuitReady (relay→client), CircuitFailed (relay→client, with utf-8 reason); helpers encode_extend_bridge / decode_extend_bridge (1-byte family + 4/16 addr bytes + u16 port). Integration test in tests/control_extend.rs covers IPv4/IPv6 roundtrip + full magic-envelope wrap. - aura-cli config: [server.relay] {enabled, allow_extend_to} + [client.circuit] {enabled, hops} sections; relay_whitelist() helper parses IP:port literals. All new fields serde-default, back-compat. - crl_push.rs touched only to leave the new ControlKinds passing through the existing magic-envelope dispatcher unchanged. Workspace: 247 tests passed (+12), clippy/fmt clean. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-27 12:54:12 +03:00
xah30	35d94dee33	feat(proto,pki,cli): in-band CRL push (closes last v2 limitation) Server now pushes its signed CRL to each connecting client right after the handshake; the client verifies the signature against the CA and applies the revocation list to its verifier (and caches it on disk for restarts). Removes the v1 "CRL distributed out-of-band" honest limitation. Wire (multiplexed over existing PacketConnection, no trait change): control envelope = MAGIC[4]=[0xAA,0xAA,0xC0,0x01] \|\| kind(u8) \|\| u32_be(len) \|\| payload. IPv4/IPv6 start with 0x4X/0x6X, so 0xAA cannot collide; an old peer just drops it as a junk packet in the TUN — back-compat preserved. - aura-proto: ControlKind { CrlPush, CrlAck, Unknown }, encode/decode_control_ envelope, CONTROL_ENVELOPE_MAGIC; 7 frame tests. - aura-pki: CrlStore::{encode_signed, save_signed, decode_signed_verified, load_signed_verified} — ECDSA-P256/SHA-256 from the CA private key against a textual "CRL-Aura-v1" body + --SIGNATURE--; 7 signing tests. ring 0.17 added crate-local (already in lockfile via rustls-webpki). - aura-cli: crl_push module — server pushes via conn.send_packet on accept; client wraps the Arc<dyn PacketConnection> in AcceptPushedCrlConn which sniffs the magic in recv_packet, verifies the signature, updates the AuraCertVerifier, caches to disk. PkiSection gets ca_key, crl_push (default true), accept_pushed_crl (default true). - 5 in_band_crl integration tests via mock PacketConnection. Workspace: 235 tests passed (+28), clippy -D warnings clean, fmt clean. v2 COMPLETE — all 9 honest v1 limitations resolved (except sing-box, per user). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-27 12:35:16 +03:00

Author

SHA1

Message

Date

xah30

6c14c0d103

feat(proto,cli): v3.1 multi-hop scaffold — control kinds + config sections

Foundation for v3.1 onion routing (client → entry-relay → exit-server).
The relay/circuit runtime is implemented in a follow-up commit; this
scaffold lands the wire-level control extensions and the config schema:

- aura-proto: ControlKind gains ExtendBridge (client→relay), CircuitReady
  (relay→client), CircuitFailed (relay→client, with utf-8 reason); helpers
  encode_extend_bridge / decode_extend_bridge (1-byte family + 4/16 addr
  bytes + u16 port). Integration test in tests/control_extend.rs covers
  IPv4/IPv6 roundtrip + full magic-envelope wrap.
- aura-cli config: [server.relay] {enabled, allow_extend_to} +
  [client.circuit] {enabled, hops} sections; relay_whitelist() helper
  parses IP:port literals. All new fields serde-default, back-compat.
- crl_push.rs touched only to leave the new ControlKinds passing through
  the existing magic-envelope dispatcher unchanged.

Workspace: 247 tests passed (+12), clippy/fmt clean.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

2026-05-27 12:54:12 +03:00

xah30

35d94dee33

feat(proto,pki,cli): in-band CRL push (closes last v2 limitation)

Server now pushes its signed CRL to each connecting client right after the
handshake; the client verifies the signature against the CA and applies the
revocation list to its verifier (and caches it on disk for restarts).
Removes the v1 "CRL distributed out-of-band" honest limitation.

Wire (multiplexed over existing PacketConnection, no trait change):
control envelope = MAGIC[4]=[0xAA,0xAA,0xC0,0x01] || kind(u8) || u32_be(len)
  || payload. IPv4/IPv6 start with 0x4X/0x6X, so 0xAA cannot collide; an old
peer just drops it as a junk packet in the TUN — back-compat preserved.

- aura-proto: ControlKind { CrlPush, CrlAck, Unknown }, encode/decode_control_
  envelope, CONTROL_ENVELOPE_MAGIC; 7 frame tests.
- aura-pki: CrlStore::{encode_signed, save_signed, decode_signed_verified,
  load_signed_verified} — ECDSA-P256/SHA-256 from the CA private key against
  a textual "CRL-Aura-v1" body + --SIGNATURE--; 7 signing tests. ring 0.17
  added crate-local (already in lockfile via rustls-webpki).
- aura-cli: crl_push module — server pushes via conn.send_packet on accept;
  client wraps the Arc<dyn PacketConnection> in AcceptPushedCrlConn which
  sniffs the magic in recv_packet, verifies the signature, updates the
  AuraCertVerifier, caches to disk. PkiSection gets ca_key, crl_push (default
  true), accept_pushed_crl (default true).
- 5 in_band_crl integration tests via mock PacketConnection.

Workspace: 235 tests passed (+28), clippy -D warnings clean, fmt clean. v2
COMPLETE — all 9 honest v1 limitations resolved (except sing-box, per user).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

2026-05-27 12:35:16 +03:00

2 Commits