fix: address 16 architecture design flaws across all crates
Phase 1 — Foundation: - Constant-time token comparison via subtle::ConstantTimeEq (Fix 11) - Structured error codes E001–E020 in new error_codes.rs (Fix 15) - Remove dead envelope.capnp code and related types (Fix 16) Phase 2 — Auth Hardening: - Registration collision check via has_user_record() (Fix 5) - Auth required on uploadHybridKey/fetchHybridKey RPCs (Fix 1) - Identity-token binding at registration and login (Fix 2) - Session token expiry with 24h TTL and background reaper (Fix 3) - Bounded pending logins with 5-minute timeout (Fix 4) Phase 3 — Resource Limits: - Rate limiting: 100 enqueues/60s per token (Fix 6) - Queue depth cap at 1000 + 7-day message TTL/GC (Fix 7) - Partial queue drain via limit param on fetch/fetchWait (Fix 8) Phase 4 — Crypto Fixes: - OPAQUE KSF switched from Identity to Argon2id (Fix 10) - Random AEAD nonce in hybrid KEM instead of HKDF-derived (Fix 12) - Zeroize secret fields in HybridKeypairBytes (Fix 13) - Encrypted client state files via QPCE format (Fix 9) Phase 5 — Protocol: - Commit fan-out to all existing members on invite (Fix 14) - Add member_identities() to GroupMember Breaking: existing OPAQUE registrations invalidated (Argon2 KSF). Schema: added auth to hybrid key ops, identityKey to OPAQUE finish RPCs, limit to fetch/fetchWait. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -1,52 +0,0 @@
|
||||
# envelope.capnp — top-level wire message for all quicnprotochat traffic.
|
||||
#
|
||||
# Every frame exchanged over the Noise channel is serialised as an Envelope.
|
||||
# The Delivery Service routes by (groupId, msgType) without inspecting payload.
|
||||
#
|
||||
# Field sizing rationale:
|
||||
# groupId / senderId : 32 bytes — SHA-256 digest
|
||||
# payload : opaque — MLS blob or control data; size bounded by
|
||||
# the Noise transport max message size (65535 B)
|
||||
# timestampMs : UInt64 — unix epoch milliseconds; sufficient until year 292M
|
||||
#
|
||||
# ID generated with: capnp id
|
||||
@0xe4a7f2c8b1d63509;
|
||||
|
||||
struct Envelope {
|
||||
# Message type discriminant — determines how payload is interpreted.
|
||||
msgType @0 :MsgType;
|
||||
|
||||
# 32-byte SHA-256 digest of the group name.
|
||||
# The Delivery Service uses this as its routing key.
|
||||
# Zero-filled for point-to-point control messages (ping, keyPackageUpload, etc.).
|
||||
groupId @1 :Data;
|
||||
|
||||
# 32-byte SHA-256 digest of the sender's Ed25519 identity public key.
|
||||
senderId @2 :Data;
|
||||
|
||||
# Opaque payload. Interpretation is determined by msgType:
|
||||
# ping / pong — empty
|
||||
# keyPackageUpload — openmls-serialised KeyPackage blob
|
||||
# keyPackageFetch — target identity key (32 bytes)
|
||||
# keyPackageResponse — openmls-serialised KeyPackage blob (or empty if none)
|
||||
# mlsWelcome — MLSMessage blob (Welcome variant)
|
||||
# mlsCommit — MLSMessage blob (PublicMessage / Commit variant)
|
||||
# mlsApplication — MLSMessage blob (PrivateMessage / Application variant)
|
||||
# error — UTF-8 error description
|
||||
payload @3 :Data;
|
||||
|
||||
# Unix timestamp in milliseconds at the time of send.
|
||||
timestampMs @4 :UInt64;
|
||||
|
||||
enum MsgType {
|
||||
ping @0;
|
||||
pong @1;
|
||||
keyPackageUpload @2;
|
||||
keyPackageFetch @3;
|
||||
keyPackageResponse @4;
|
||||
mlsWelcome @5;
|
||||
mlsCommit @6;
|
||||
mlsApplication @7;
|
||||
error @8;
|
||||
}
|
||||
}
|
||||
@@ -24,19 +24,21 @@ interface NodeService {
|
||||
enqueue @2 (recipientKey :Data, payload :Data, channelId :Data, version :UInt16, auth :Auth) -> ();
|
||||
|
||||
# Fetch and drain all queued payloads for the recipient.
|
||||
fetch @3 (recipientKey :Data, channelId :Data, version :UInt16, auth :Auth) -> (payloads :List(Data));
|
||||
# limit: max number of messages to return (0 = fetch all).
|
||||
fetch @3 (recipientKey :Data, channelId :Data, version :UInt16, auth :Auth, limit :UInt32) -> (payloads :List(Data));
|
||||
|
||||
# Long-poll: wait up to timeoutMs for new payloads, then drain queue.
|
||||
fetchWait @4 (recipientKey :Data, channelId :Data, version :UInt16, timeoutMs :UInt64, auth :Auth) -> (payloads :List(Data));
|
||||
# limit: max number of messages to return (0 = fetch all).
|
||||
fetchWait @4 (recipientKey :Data, channelId :Data, version :UInt16, timeoutMs :UInt64, auth :Auth, limit :UInt32) -> (payloads :List(Data));
|
||||
|
||||
# Health probe for readiness/liveness.
|
||||
health @5 () -> (status :Text);
|
||||
|
||||
# Upload the hybrid (X25519 + ML-KEM-768) public key for sealed envelope encryption.
|
||||
uploadHybridKey @6 (identityKey :Data, hybridPublicKey :Data) -> ();
|
||||
uploadHybridKey @6 (identityKey :Data, hybridPublicKey :Data, auth :Auth) -> ();
|
||||
|
||||
# Fetch a peer's hybrid public key (for post-quantum envelope encryption).
|
||||
fetchHybridKey @7 (identityKey :Data) -> (hybridPublicKey :Data);
|
||||
fetchHybridKey @7 (identityKey :Data, auth :Auth) -> (hybridPublicKey :Data);
|
||||
|
||||
# ── OPAQUE password-authenticated registration ──────────────────────────
|
||||
|
||||
@@ -44,7 +46,7 @@ interface NodeService {
|
||||
opaqueRegisterStart @8 (username :Text, request :Data) -> (response :Data);
|
||||
|
||||
# Finish OPAQUE registration: client uploads sealed credential envelope.
|
||||
opaqueRegisterFinish @9 (username :Text, upload :Data) -> (success :Bool);
|
||||
opaqueRegisterFinish @9 (username :Text, upload :Data, identityKey :Data) -> (success :Bool);
|
||||
|
||||
# ── OPAQUE password-authenticated login ─────────────────────────────────
|
||||
|
||||
@@ -52,7 +54,16 @@ interface NodeService {
|
||||
opaqueLoginStart @10 (username :Text, request :Data) -> (response :Data);
|
||||
|
||||
# Finish OPAQUE login: client sends credential finalization, receives session token.
|
||||
opaqueLoginFinish @11 (username :Text, finalization :Data) -> (sessionToken :Data);
|
||||
opaqueLoginFinish @11 (username :Text, finalization :Data, identityKey :Data) -> (sessionToken :Data);
|
||||
|
||||
# ── P2P endpoint discovery ────────────────────────────────────────────────
|
||||
|
||||
# Publish this node's iroh endpoint address for P2P connectivity.
|
||||
# nodeAddr is the serialized iroh NodeAddr (JSON or custom encoding).
|
||||
publishEndpoint @12 (identityKey :Data, nodeAddr :Data, auth :Auth) -> ();
|
||||
|
||||
# Resolve a peer's iroh endpoint for direct P2P connection.
|
||||
resolveEndpoint @13 (identityKey :Data, auth :Auth) -> (nodeAddr :Data);
|
||||
}
|
||||
|
||||
struct Auth {
|
||||
|
||||
Reference in New Issue
Block a user