feat: M2 + M3 — AuthService, MLS group lifecycle, Delivery Service

M2: - schemas/auth.capnp: AuthenticationService (upload/fetch KeyPackage) - noiseml-core: IdentityKeypair (Ed25519), generate_key_package, NoiseTransport with send_envelope/recv_envelope, Noise_XX handshake (initiator + responder) - noiseml-proto: auth_capnp module, ParsedEnvelope helpers - noiseml-server: AuthServiceImpl backed by DashMap queue (single-use KPs) - noiseml-client: register + fetch-key subcommands, ping over Noise_XX - tests: auth_service integration test (upload → fetch round-trip) M3: - schemas/delivery.capnp: DeliveryService (enqueue/fetch opaque payloads) - noiseml-core/group.rs: GroupMember — MLS group lifecycle create_group, add_member (→ Commit+Welcome), join_group, send_message, receive_message; uses openmls 0.5 public API (extract() not into_welcome, KeyPackageIn::validate() not From<KeyPackageIn>) - noiseml-server: DeliveryServiceImpl on port 7001 alongside AS on 7000 - noiseml-proto: delivery_capnp module TODO (see M3_STATUS.md): - noiseml-client: group subcommands (create-group, invite, join, send, recv) - noiseml-client/tests/mls_group.rs: full MLS round-trip integration test
2026-02-19 23:39:49 +01:00
parent 9fa3873bd7
commit 9a0b02a012
19 changed files with 2664 additions and 209 deletions
--- a/schemas/auth.capnp
+++ b/schemas/auth.capnp
@@ -0,0 +1,31 @@
+# auth.capnp — Authentication Service RPC interface.
+#
+# Clients call uploadKeyPackage before joining any group so that peers can
+# fetch their key material to add them. Each KeyPackage is single-use (MLS
+# requirement): fetchKeyPackage removes and returns one package atomically.
+#
+# The server indexes packages by the raw Ed25519 public key bytes (32 bytes),
+# not a fingerprint, so callers must know the target's identity public key
+# out-of-band (e.g. from a directory or QR code scan).
+#
+# ID generated with: capnp id
+@0xb3a8f1c2e4d97650;
+
+interface AuthenticationService {
+  # Upload a single-use KeyPackage for later retrieval by peers.
+  #
+  # identityKey : Ed25519 public key bytes (exactly 32 bytes).
+  # package     : openmls-serialised KeyPackage blob (TLS encoding).
+  #
+  # Returns the SHA-256 fingerprint of `package`. Clients should record this
+  # and compare it against the fingerprint returned by a peer's fetchKeyPackage
+  # to detect tampering.
+  uploadKeyPackage @0 (identityKey :Data, package :Data) -> (fingerprint :Data);
+
+  # Fetch and atomically remove one KeyPackage for a given identity key.
+  #
+  # Returns empty Data if no KeyPackage is currently stored for this identity.
+  # Callers should handle the empty case by asking the target to upload more
+  # packages before retrying.
+  fetchKeyPackage  @1 (identityKey :Data) -> (package :Data);
+}
--- a/schemas/delivery.capnp
+++ b/schemas/delivery.capnp
@@ -0,0 +1,35 @@
+# delivery.capnp — Delivery Service RPC interface.
+#
+# The Delivery Service is a simple store-and-forward relay. It does not parse
+# MLS messages — all payloads are opaque byte strings routed by recipient key.
+#
+# Callers are responsible for:
+#   - Routing Welcome messages to the correct new member after add_members().
+#   - Routing Commit messages to any existing group members (other than self).
+#   - Routing Application messages to the intended recipient(s).
+#
+# The DS indexes queues by the recipient's raw Ed25519 public key (32 bytes),
+# matching the indexing scheme used by the Authentication Service.
+#
+# ID generated with: capnp id
+@0xc5d9e2b4f1a83076;
+
+interface DeliveryService {
+  # Enqueue an opaque payload for delivery to a recipient.
+  #
+  # recipientKey : Ed25519 public key of the intended recipient (exactly 32 bytes).
+  # payload      : Opaque byte string — a TLS-encoded MlsMessageOut blob or any
+  #                other framed data the application layer wants to deliver.
+  #
+  # The payload is appended to the recipient's FIFO queue. Returns immediately;
+  # the recipient retrieves it via `fetch`.
+  enqueue @0 (recipientKey :Data, payload :Data) -> ();
+
+  # Fetch and atomically drain all queued payloads for a given recipient.
+  #
+  # recipientKey : Ed25519 public key of the caller (exactly 32 bytes).
+  #
+  # Returns the complete queue in FIFO order and clears it. Returns an empty
+  # list if there are no pending messages.
+  fetch @1 (recipientKey :Data) -> (payloads :List(Data));
+}