xah30/AuraVPN
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11 Commits 1 Branch 0 Tags
866b9f427a848088dea9b4204375e03d09319698
Commit Graph

5 Commits

Author SHA1 Message Date
xah30 866b9f427a feat(transport): custom UDP post-quantum transport (own tunneling, no QUIC) 
Aura's own data path over plain UDP, authenticated solely by the existing Aura
PQ handshake (hybrid X25519+ML-KEM-768 + mutual X.509) — no QUIC, no outer TLS.

- One UDP socket, two phases by type byte: 0x01 HS (reliable handshake), 0x02
  DATA (datagram records). HS = DTLS-flight reliability over UDP: per-message
  seq, cumulative acks, retransmit (RTO), reorder/dedup, post-handshake linger;
  message boundaries parsed from the 5-byte Aura header. DATA = one explicit-
  nonce AEAD record per datagram (seq||AEAD), replay-checked, optional padding to
  HTTPS size buckets (obfuscation).
- UdpServer/UdpClient/UdpConnection (impl PacketConnection, concurrent send/recv).
  v1: single peer per accept (multi-client demux is a follow-up).
- 5 adapter unit tests + udp loopback end-to-end (obfuscation on, 1300B/empty/
  duplex) + handshake-survives-30%-loss-and-reorder. No new deps. QUIC tests
  preserved. Whole workspace builds; clippy/fmt clean.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-25 19:10:43 +03:00
xah30 c19a6c5586 feat(transport,tunnel): implement Wave 3 — QUIC transport + split-tunnel router 
aura-transport: quinn 0.11 endpoint with HTTP/3 mimicry (ALPN h3/h3-29,
Chrome-like transport params), outer-TLS accept-any (real auth is the inner
Aura handshake), packet padding to HTTPS sizes; AuraServer/AuraClient drive the
proto handshake over a QUIC bidi stream; AuraConnection impls
aura_proto::PacketConnection (full-duplex via Session::split + per-half mutex).
14 tests incl. a real-QUIC loopback end-to-end (crypto+pki+proto+transport).

aura-tunnel: RouteTable (longest-prefix split-tunnel classify), AuraDns
(hickory) host-route registration, AuraRouter over a PacketIo TUN seam +
Arc<dyn PacketConnection>, AuraTun (tun 0.8 unix; wintun cfg-gated Windows).
10 tests (route classify/priority, dst-IP parse, mock router). send_direct is a
v1 stub. Whole workspace: tests green, clippy clean.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-25 18:26:39 +03:00
xah30 0a045c248d refactor: move PacketConnection trait to aura-proto; decouple tunnel from transport 
Worktree isolation is unavailable in this environment, so make Wave 3 safe for
same-tree parallel work instead: the PacketConnection contract now lives in
aura-proto (stable) and aura-tunnel no longer depends on aura-transport. With
transport and tunnel both depending only on proto (and not each other), the two
crates are independent leaves and can be built/edited concurrently without one
breaking the other's build. proto: 13 tests still green.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-25 18:13:37 +03:00
xah30 cb78de4f37 feat(transport): pin PacketConnection contract for the router seam 
Define the async PacketConnection trait (send_packet/recv_packet over &self)
that aura-tunnel's router consumes and the QUIC connection will implement.
Committed before Wave 3 so the transport and tunnel agents build against a
stable cross-crate contract from isolated worktrees.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-25 18:10:17 +03:00
xah30 f78633e04f chore: scaffold Aura workspace skeleton (Stage 0) 
- 6-crate Cargo workspace, dependency tree frozen (cargo check green in ~1m)
- ml-kem 0.3 (FIPS 203) replaces spec's pqcrypto-kyber for ML-KEM-768
- fix invalid target-gated workspace.dependencies: Windows deps (wintun/windows)
  declared untargeted, cfg-gated per-crate in aura-tunnel
- version bumps vs spec: tun 0.8, rcgen 0.14, wintun 0.5
- stub lib/main per crate; real implementations land wave by wave

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-25 17:42:40 +03:00