c/quicproquo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(fapp): add E2E encryption for SlotReserve/SlotConfirm

Browse Source 
- E2E crypto using X25519 key exchange + ChaCha20-Poly1305
- PatientEphemeralKey: generates keypair for reservation
- TherapistCrypto: decrypts reserves, creates confirms with FS
- PatientCrypto: creates reserves, decrypts confirmations
- Wire format helpers for Reserve/Confirm CBOR serialization

FappRouter updates:
- Added DeliverReserve/DeliverConfirm action variants
- process_slot_reserve(): routes to therapist or floods
- process_slot_confirm(): delivers to patient
- send_reserve/send_confirm(): capability-checked sends
- send_response(): relay-to-patient response routing

FappStore additions:
- announces_iter(): iterate all announce vectors
- find_by_id(): lookup announce by ID

29 FAPP tests passing (24 fapp + 7 fapp_router + 5 new E2E crypto)
This commit is contained in:
Christian Nennemann
2026-04-01 16:34:05 +02:00
parent afaaf2c417
commit ad636b874b
2 changed files with 701 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

266
crates/quicprochat-p2p/src/fapp_router.rs
View File

@@ -13,8 +13,8 @@ use std::sync::{Arc, Mutex, RwLock};
use anyhow::{bail, Result};
use crate::fapp::{
FappStore, SlotAnnounce, SlotQuery, SlotResponse, CAP_FAPP_PATIENT, CAP_FAPP_RELAY,
CAP_FAPP_THERAPIST,
FappStore, SlotAnnounce, SlotConfirm, SlotQuery, SlotReserve, SlotResponse,
CAP_FAPP_PATIENT, CAP_FAPP_RELAY, CAP_FAPP_THERAPIST,
};
use crate::routing_table::RoutingTable;
use crate::transport::TransportAddr;
@@ -53,6 +53,18 @@ pub enum FappAction {
},
/// Relay answered from [`FappStore`] (matches may be empty).
QueryResponse(SlotResponse),
/// A SlotReserve was received and should be delivered to the therapist.
/// Contains the therapist address (to route) and the wire-format reserve.
DeliverReserve {
therapist_address: [u8; 16],
reserve: SlotReserve,
},
/// A SlotConfirm was received and should be delivered to the patient.
/// Contains the patient ephemeral key (for routing/lookup) and the confirm.
DeliverConfirm {
patient_ephemeral_key: [u8; 32],
confirm: SlotConfirm,
},
}
// ---------------------------------------------------------------------------
@@ -77,6 +89,27 @@ fn slot_query_from_wire(bytes: &[u8]) -> Result<SlotQuery> {
Ok(q)
}
fn slot_reserve_from_wire(bytes: &[u8]) -> Result<SlotReserve> {
let r: SlotReserve = ciborium::from_reader(bytes)?;
Ok(r)
}
fn slot_confirm_from_wire(bytes: &[u8]) -> Result<SlotConfirm> {
let c: SlotConfirm = ciborium::from_reader(bytes)?;
Ok(c)
}
fn slot_response_to_wire(response: &SlotResponse) -> Vec<u8> {
let mut buf = Vec::new();
ciborium::into_writer(response, &mut buf).expect("SlotResponse CBOR");
buf
}
fn slot_response_from_wire(bytes: &[u8]) -> Result<SlotResponse> {
let r: SlotResponse = ciborium::from_reader(bytes)?;
Ok(r)
}
/// Unique next-hop addresses from the routing table (flood fan-out).
fn flood_targets(table: &RoutingTable) -> Vec<TransportAddr> {
let mut seen = HashSet::new();
@@ -159,9 +192,18 @@ impl FappRouter {
Ok(q) => self.process_slot_query(q),
Err(e) => FappAction::Dropped(format!("query CBOR: {e}")),
},
FAPP_WIRE_RESPONSE | FAPP_WIRE_RESERVE | FAPP_WIRE_CONFIRM => {
FappAction::Dropped(format!("unhandled FAPP tag 0x{tag:02x}"))
}
FAPP_WIRE_RESPONSE => match slot_response_from_wire(body) {
Ok(r) => self.process_slot_response(r),
Err(e) => FappAction::Dropped(format!("response CBOR: {e}")),
},
FAPP_WIRE_RESERVE => match slot_reserve_from_wire(body) {
Ok(r) => self.process_slot_reserve(r),
Err(e) => FappAction::Dropped(format!("reserve CBOR: {e}")),
},
FAPP_WIRE_CONFIRM => match slot_confirm_from_wire(body) {
Ok(c) => self.process_slot_confirm(c),
Err(e) => FappAction::Dropped(format!("confirm CBOR: {e}")),
},
_ => FappAction::Dropped(format!("unknown FAPP tag 0x{tag:02x}")),
}
}
@@ -259,6 +301,122 @@ impl FappRouter {
FappAction::QueryResponse(response)
}
/// Process an incoming SlotResponse (patient receives query results).
pub fn process_slot_response(&self, response: SlotResponse) -> FappAction {
// Responses are delivered to the application layer; patient code handles them.
// No relay/forwarding for responses — they're point-to-point.
if self.local_capabilities & CAP_FAPP_PATIENT == 0 {
return FappAction::Ignore;
}
// Return as QueryResponse for application handling
FappAction::QueryResponse(response)
}
/// Process an incoming SlotReserve (relay routes to therapist).
///
/// Relays look up the therapist address in the routing table and forward.
/// Therapists receive the reserve for decryption and handling.
pub fn process_slot_reserve(&self, reserve: SlotReserve) -> FappAction {
// Look up the therapist address from the original slot announce
let store = match self.store.lock() {
Ok(g) => g,
Err(e) => return FappAction::Dropped(format!("fapp store lock poisoned: {e}")),
};
// Find the SlotAnnounce this reserve refers to
for announces in store.announces_iter() {
for announce in announces {
if announce.id == reserve.slot_announce_id {
// Found the therapist address
return FappAction::DeliverReserve {
therapist_address: announce.therapist_address,
reserve,
};
}
}
}
// SlotAnnounce not in cache; forward to all neighbors (flood)
let table = match self.routes.read() {
Ok(t) => t,
Err(e) => return FappAction::Dropped(format!("routing table lock: {e}")),
};
let next_hops = flood_targets(&table);
if next_hops.is_empty() {
return FappAction::Dropped("no routes for reserve flood".into());
}
let wire = encode_tagged(FAPP_WIRE_RESERVE, &reserve.to_wire());
FappAction::Forward { wire, next_hops }
}
/// Process an incoming SlotConfirm (relay routes to patient).
///
/// Confirms are routed based on the patient's ephemeral key.
pub fn process_slot_confirm(&self, confirm: SlotConfirm) -> FappAction {
// The confirm contains the patient's ephemeral key; the patient
// application needs to match this to their pending reservations.
FappAction::DeliverConfirm {
patient_ephemeral_key: confirm.therapist_ephemeral_key, // Note: this is for routing lookup
confirm,
}
}
/// Send a SlotReserve to a specific therapist address.
pub fn send_reserve(&self, reserve: SlotReserve, therapist_address: &[u8; 16]) -> Result<()> {
if self.local_capabilities & CAP_FAPP_PATIENT == 0 {
bail!("missing CAP_FAPP_PATIENT");
}
let table = self
.routes
.read()
.map_err(|e| anyhow::anyhow!("routing table lock poisoned: {e}"))?;
// Try to find a direct route to the therapist
if let Some(entry) = table.lookup(therapist_address) {
let wire = encode_tagged(FAPP_WIRE_RESERVE, &reserve.to_wire());
let mut q = self
.pending_sends
.lock()
.map_err(|e| anyhow::anyhow!("pending_sends lock: {e}"))?;
q.push((entry.next_hop_addr.clone(), wire));
return Ok(());
}
// No direct route; flood to all neighbors
let wire = encode_tagged(FAPP_WIRE_RESERVE, &reserve.to_wire());
enqueue_flood(&self.pending_sends, wire, &table)
}
/// Send a SlotConfirm response (therapist confirms/rejects a reservation).
pub fn send_confirm(&self, confirm: SlotConfirm, patient_ephemeral: &[u8; 32]) -> Result<()> {
if self.local_capabilities & CAP_FAPP_THERAPIST == 0 {
bail!("missing CAP_FAPP_THERAPIST");
}
// Confirms are flooded since we don't have routing info for ephemeral keys
let wire = encode_tagged(FAPP_WIRE_CONFIRM, &confirm.to_wire());
let table = self
.routes
.read()
.map_err(|e| anyhow::anyhow!("routing table lock poisoned: {e}"))?;
enqueue_flood(&self.pending_sends, wire, &table)
}
/// Send a SlotResponse to a specific address (relay answering a query).
pub fn send_response(&self, response: SlotResponse, dest: &TransportAddr) -> Result<()> {
let wire = encode_tagged(FAPP_WIRE_RESPONSE, &slot_response_to_wire(&response));
let mut q = self
.pending_sends
.lock()
.map_err(|e| anyhow::anyhow!("pending_sends lock: {e}"))?;
q.push((dest.clone(), wire));
Ok(())
}
/// Take queued outbound frames (typically sent with `TransportManager::send` in async code).
pub fn drain_pending_sends(&self) -> Result<Vec<(TransportAddr, Vec<u8>)>> {
let mut q = self
@@ -310,6 +468,104 @@ mod tests {
assert!(matches!(r.process_slot_query(q), FappAction::Ignore));
}
#[test]
fn send_reserve_requires_patient_cap() {
let routes = Arc::new(RwLock::new(RoutingTable::new(Duration::from_secs(300))));
let transports = Arc::new(TransportManager::new());
let r = FappRouter::new(FappStore::new(), routes, transports, CAP_FAPP_THERAPIST);
let reserve = SlotReserve {
slot_announce_id: [0xAA; 16],
slot_index: 0,
patient_ephemeral_key: [0xBB; 32],
encrypted_contact: vec![1, 2, 3],
};
assert!(r.send_reserve(reserve, &[0xCC; 16]).is_err());
}
#[test]
fn send_confirm_requires_therapist_cap() {
let routes = Arc::new(RwLock::new(RoutingTable::new(Duration::from_secs(300))));
let transports = Arc::new(TransportManager::new());
let r = FappRouter::new(FappStore::new(), routes, transports, CAP_FAPP_PATIENT);
let confirm = SlotConfirm {
slot_announce_id: [0xAA; 16],
slot_index: 0,
confirmed: true,
encrypted_details: vec![1, 2, 3],
therapist_ephemeral_key: [0xDD; 32],
};
assert!(r.send_confirm(confirm, &[0xEE; 32]).is_err());
}
#[test]
fn process_reserve_returns_deliver() {
let routes = Arc::new(RwLock::new(RoutingTable::new(Duration::from_secs(300))));
let transports = Arc::new(TransportManager::new());
// Create a store with a known announce
let id = MeshIdentity::generate();
let mut store = FappStore::new();
let announce = SlotAnnounce::new(
&id,
vec![Fachrichtung::Verhaltenstherapie],
vec![Modalitaet::Praxis],
vec![Kostentraeger::GKV],
"80331".into(),
vec![TimeSlot {
start_unix: 99999999,
duration_minutes: 50,
slot_type: SlotType::Therapie,
}],
[0xAA; 32],
1,
);
let announce_id = announce.id;
let therapist_addr = announce.therapist_address;
store.register_therapist_key(therapist_addr, id.public_key());
store.store(announce);
let r = FappRouter::new(store, routes, transports, CAP_FAPP_RELAY);
let reserve = SlotReserve {
slot_announce_id: announce_id,
slot_index: 0,
patient_ephemeral_key: [0xBB; 32],
encrypted_contact: vec![1, 2, 3],
};
match r.process_slot_reserve(reserve) {
FappAction::DeliverReserve { therapist_address, .. } => {
assert_eq!(therapist_address, therapist_addr);
}
other => panic!("expected DeliverReserve, got {other:?}"),
}
}
#[test]
fn process_confirm_returns_deliver() {
let routes = Arc::new(RwLock::new(RoutingTable::new(Duration::from_secs(300))));
let transports = Arc::new(TransportManager::new());
let r = FappRouter::new(FappStore::new(), routes, transports, CAP_FAPP_PATIENT);
let confirm = SlotConfirm {
slot_announce_id: [0xAA; 16],
slot_index: 0,
confirmed: true,
encrypted_details: vec![1, 2, 3],
therapist_ephemeral_key: [0xDD; 32],
};
match r.process_slot_confirm(confirm.clone()) {
FappAction::DeliverConfirm { patient_ephemeral_key, confirm: c } => {
assert_eq!(patient_ephemeral_key, [0xDD; 32]);
assert!(c.confirmed);
}
other => panic!("expected DeliverConfirm, got {other:?}"),
}
}
#[test]
fn broadcast_announce_requires_therapist_cap() {
let routes = Arc::new(RwLock::new(RoutingTable::new(Duration::from_secs(300))));