Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use Redpoint.LibHydrogen for optional encryption of traffic in Redpoint.GrpcPipes.Transport.Tcp #26

Open
hach-que opened this issue Oct 31, 2024 · 0 comments
Labels
migrated from gitlab Migrated from GitLab

Comments

@hach-que
Copy link
Member

We need to:

  • Create a derived class of ChannelCredentials called HydrogenPublicCredentials which accepts a public key that we expect to get from INetworkAutoDiscovery.
  • Add a parameter to CreateNetworkServer that allows passing in some kind of transport security value (maybe just ChannelCredentials which can be HydrogenPrivateCredentials?)
  • Actually pass the gRPC options into the TcpGrpcClientCall and TcpGrpcServerCall instances, which then need to pass the credential into TcpGrpcTransportConnection.
  • Likely have TcpGrpcTransportConnection handle the libhydrogen negotiation and encryption directly (rather than wrapping it), since it's dependent on NetworkStream underneath and accepts an endpoint for connection. Probably just make a private method that wraps the _networkStream.WriteAsync and _networkStream.ReadExactlyAsync calls to encrypt/decrypt when needed.

This solves the encryption layer.

We also want to then support basic password authentication for clients to authenticate to servers. We'd want to be able to specify this by using CallCredentials.Compose(new HydrogenPublicCredentials(...), new PasswordCredentials(...)). To get the composed credentials out, we need to have a class that implements CallCredentialsConfiguratorBase and call InternalPopulateConfiguration to get the composite credentials out when we're setting up the server and client.

While the encryption negotiation won't go through Protobuf serialization, we probably do want to add AuthPasswordProvide = 7;, AuthAccept = 8; and AuthReject = 9; as message types and have the password negotiation done after encryption is established. It should be an exception to only provide PasswordCredentials as the call credentials without Hydrogen...Credentials also being provided.

@hach-que hach-que added the migrated from gitlab Migrated from GitLab label Oct 31, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
migrated from gitlab Migrated from GitLab
Projects
None yet
Development

No branches or pull requests

1 participant