xah30/AuraVPN
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1f82bc41c03d2acb2cd3ebcbbca0385c0f8ee15d
AuraVPN/crates/aura-proto/tests/handshake_loopback.rs
T
xah30 bb835e4ca7 feat(proto): implement Wave 2 — hybrid PKI handshake + session 
aura-proto: 5-byte wire header + Frame codec (§6.1/§6.3); transport-agnostic
handshake state machine (§6.2) over split tokio AsyncRead/AsyncWrite —
hybrid X25519+ML-KEM-768 KEM, SHA-256 transcript, mutual X.509 auth with
ECDSA-P256 transcript signatures (ring), constant-time HMAC Finished;
Session with sliding-window replay protection. 13 tests green, clippy clean.

Handshake message order pinned (resolves spec diagram ambiguity); reader/writer
taken by value since Session owns both halves.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-25 18:05:11 +03:00

44 lines
1.6 KiB
Rust
Raw Blame History

//! `test_full_handshake_loopback` — a full client+server handshake over an in-memory duplex.
mod common;
use aura_proto::{client_handshake, server_handshake};
use tokio::io::split;
#[tokio::test]
async fn test_full_handshake_loopback() {
let pki = common::mint_pki("vpn.aura.example", "client-alpha");
let client_cfg = pki.client_config();
let server_cfg = pki.server_config();
// Connected in-memory transport; split each end into independent read/write halves so the
// handshake can use separate reader + writer (matching quinn's split streams).
let (client_end, server_end) = tokio::io::duplex(64 * 1024);
let (c_read, c_write) = split(client_end);
let (s_read, s_write) = split(server_end);
let client = tokio::spawn(async move {
client_handshake(c_read, c_write, &client_cfg)
.await
.map(|s| s.peer_id().map(str::to_string))
});
let server = tokio::spawn(async move {
server_handshake(s_read, s_write, &server_cfg)
.await
.map(|s| s.peer_id().map(str::to_string))
});
let (client_res, server_res) = tokio::join!(client, server);
let client_peer = client_res
.expect("client task")
.expect("client handshake ok");
let server_peer = server_res
.expect("server task")
.expect("server handshake ok");
// Server learned the client id from the verified client certificate.
assert_eq!(server_peer.as_deref(), Some("client-alpha"));
// Client recorded the server name it authenticated.
assert_eq!(client_peer.as_deref(), Some("vpn.aura.example"));
}
Reference in New Issue View Git Blame Copy Permalink