Previously, the Arti key store would store x25519 secret keys as ed25519
OpenSSH keys, which it would convert to x25519 upon loading (using the
conversion function added in !1297 (merged)). This approach isn't good
enough though: most people will probably want to bring their existing
x25519 keys, and in order to store those in OpenSSH format, we'd need
convert them to ed25519, which is impossible (because the secret part of
an x25519 key contains a SHA512'd secret, whereas the corresponding,
"un-expanded", ed25519 secret key contains the secret itself rather than
the SHA).
Now that `ssh-key` has support for ssh keys with [custom algorithm
names], we can store x25519 in OpenSSH format directly. This commit
changes the storage format used by the keymgr for x25519 client auth
keys (from ed25519-ssh to our own custom key type with an algorithm name
of `"x25519@torproject.org"`).
Closes#936
[custom algorithm names]: https://github.com/RustCrypto/SSH/pull/136
This commit changes the shebang in all shell scripts from absolute
paths (such as `/bin/bash` or `/usr/bin/python3`) to the `/usr/bin/env`
binary with the accompanying interpreter as it's argument.
The reason for this are as follows:
- NixOS cannot work with absolute paths
- BSD systems install their packages in /usr/local/bin
It turns out that the clone-and-hack in tests/chutney/arti-bench
was not identical to the original in tests/chutney/setup.
I diffed the two and preferred the version from arti-bench.
Formerly, the "launch a chutney network" code was duplicated in
"setup" and "arti-bench", since "setup" always launched an arti
proxy, while "arti-bench" didn't want that functionality.
Now the "setup" script launches an arti proxy conditionally,
depending on whether the "proxy" argument is given.
As per #309
Update all references. There is one remaining hit for
git-grep '\.sh\b'
namely "build.sh" in maint/reproducible_build, which I think is
the build script for osxcross - ie, an external project.
The new `arti-bench` crate does a simple end-to-end benchmark test
embedding Arti: it generates some random data (of configurable amount,
depending on command-line parameters), and then sends said data back and
forth via Arti (which should be configured to use a local Chutney
network).
Additionally, the benchmark can also be run via a local SOCKS5 server
(in order to benchmark the performance via a local Chutney node, for
comparison).
The `tests/chutney/arti-bench.sh` sets up and tears down Chutney as
required to make this work.
This is very much a first cut; there are many things that should
eventually get added, such as support for multiple connections, JSON
output capabilities, running multiple tests, ...
If the user has CHUTNEY_PATH set, respect that value, rather than
cloning a local chutney.
Also, if we have a local chutney, then update it in case there have
been changes.
Gabriela Moldovan
trinity-1686a
Jim Newsome
Emil Engler
Dimitris Apostolou
Nick Mathewson
Ian Jackson
eta
Trinity Pointard