WIP: add OPAQUE password-authenticated key exchange

Add opaque-ke (v4, ristretto255) for password-based registration and
login. Extend NodeService schema with opaqueRegisterStart/Finish and
opaqueLoginStart/Finish RPCs. Add Store trait methods for OPAQUE server
setup and user records. Initial e2e integration test scaffolding.

Note: FileBackedStore does not yet implement the new Store trait
methods — server compilation is temporarily broken.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

crates/quicnprotochat-core/Cargo.toml

@@ -18,6 +18,9 @@ rand                = { workspace = true }
 # Crypto — post-quantum hybrid KEM (M7)
 ml-kem              = { workspace = true }
 
+# Crypto — OPAQUE password-authenticated key exchange
+opaque-ke           = { workspace = true }
+
 # Crypto — MLS (M2)
 openmls             = { workspace = true }
 openmls_rust_crypto = { workspace = true }

crates/quicnprotochat-core/src/lib.rs

@@ -18,6 +18,7 @@ pub mod hybrid_kem;
 mod identity;
 mod keypackage;
 mod keystore;
+pub mod opaque_auth;
 
 // ── Public API ────────────────────────────────────────────────────────────────
 

crates/quicnprotochat-core/src/opaque_auth.rs

@@ -0,0 +1,22 @@
+//! Shared OPAQUE (RFC 9497) cipher suite configuration.
+//!
+//! Both client and server import this module to ensure they use exactly
+//! the same cryptographic parameters during registration and login.
+
+use opaque_ke::CipherSuite;
+
+/// OPAQUE cipher suite for quicnprotochat.
+///
+/// - **OPRF**: Ristretto255 (curve25519-based, ~128-bit security)
+/// - **Key exchange**: Triple-DH (3DH) over Ristretto255 with SHA-512
+/// - **KSF**: Identity (no key stretching; upgrade to Argon2 later)
+pub struct OpaqueSuite;
+
+impl CipherSuite for OpaqueSuite {
+    type OprfCs = opaque_ke::Ristretto255;
+    type KeyExchange = opaque_ke::key_exchange::tripledh::TripleDh<
+        opaque_ke::Ristretto255,
+        sha2::Sha512,
+    >;
+    type Ksf = opaque_ke::ksf::Identity;
+}