feat: add post-quantum hybrid KEM + SQLCipher persistence
Feature 1 — Post-Quantum Hybrid KEM (X25519 + ML-KEM-768): - Create hybrid_kem.rs with keygen, encrypt, decrypt + 11 unit tests - Wire format: version(1) | x25519_eph_pk(32) | mlkem_ct(1088) | nonce(12) | ct - Add uploadHybridKey/fetchHybridKey RPCs to node.capnp schema - Server: hybrid key storage in FileBackedStore + RPC handlers - Client: hybrid keypair in StoredState, auto-wrap/unwrap in send/recv/invite/join - demo-group runs full hybrid PQ envelope round-trip Feature 2 — SQLCipher Persistence: - Extract Store trait from FileBackedStore API - Create SqlStore (rusqlite + bundled-sqlcipher) with encrypted-at-rest SQLite - Schema: key_packages, deliveries, hybrid_keys tables with indexes - Server CLI: --store-backend=sql, --db-path, --db-key flags - 5 unit tests for SqlStore (FIFO, round-trip, upsert, channel isolation) Also includes: client lib.rs refactor, auth config, TOML config file support, mdBook documentation, and various cleanups by user. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
106
docs/src/SUMMARY.md
Normal file
106
docs/src/SUMMARY.md
Normal file
@@ -0,0 +1,106 @@
|
||||
# Summary
|
||||
|
||||
[Introduction](introduction.md)
|
||||
|
||||
---
|
||||
|
||||
# Getting Started
|
||||
|
||||
- [Prerequisites](getting-started/prerequisites.md)
|
||||
- [Building from Source](getting-started/building.md)
|
||||
- [Running the Server](getting-started/running-the-server.md)
|
||||
- [Running the Client](getting-started/running-the-client.md)
|
||||
- [Docker Deployment](getting-started/docker.md)
|
||||
- [Demo Walkthrough: Alice and Bob](getting-started/demo-walkthrough.md)
|
||||
|
||||
---
|
||||
|
||||
# Architecture
|
||||
|
||||
- [Architecture Overview](architecture/overview.md)
|
||||
- [Protocol Stack](architecture/protocol-stack.md)
|
||||
- [Crate Responsibilities](architecture/crate-responsibilities.md)
|
||||
- [Service Architecture](architecture/service-architecture.md)
|
||||
- [End-to-End Data Flow](architecture/data-flow.md)
|
||||
|
||||
---
|
||||
|
||||
# Protocol Deep Dives
|
||||
|
||||
- [Protocol Layers Overview](protocol-layers/overview.md)
|
||||
- [QUIC + TLS 1.3](protocol-layers/quic-tls.md)
|
||||
- [Noise\_XX Handshake](protocol-layers/noise-xx.md)
|
||||
- [Cap'n Proto Serialisation and RPC](protocol-layers/capn-proto.md)
|
||||
- [MLS (RFC 9420)](protocol-layers/mls.md)
|
||||
- [Hybrid KEM: X25519 + ML-KEM-768](protocol-layers/hybrid-kem.md)
|
||||
|
||||
---
|
||||
|
||||
# Cryptographic Properties
|
||||
|
||||
- [Cryptography Overview](cryptography/overview.md)
|
||||
- [Ed25519 Identity Keys](cryptography/identity-keys.md)
|
||||
- [X25519 Transport Keys](cryptography/transport-keys.md)
|
||||
- [Key Lifecycle and Zeroization](cryptography/key-lifecycle.md)
|
||||
- [Forward Secrecy](cryptography/forward-secrecy.md)
|
||||
- [Post-Compromise Security](cryptography/post-compromise-security.md)
|
||||
- [Post-Quantum Readiness](cryptography/post-quantum-readiness.md)
|
||||
- [Threat Model](cryptography/threat-model.md)
|
||||
|
||||
---
|
||||
|
||||
# Wire Format Reference
|
||||
|
||||
- [Wire Format Overview](wire-format/overview.md)
|
||||
- [Envelope Schema](wire-format/envelope-schema.md)
|
||||
- [Auth Schema](wire-format/auth-schema.md)
|
||||
- [Delivery Schema](wire-format/delivery-schema.md)
|
||||
- [NodeService Schema](wire-format/node-service-schema.md)
|
||||
- [Length-Prefixed Framing Codec](wire-format/framing-codec.md)
|
||||
|
||||
---
|
||||
|
||||
# Design Rationale
|
||||
|
||||
- [Design Decisions Overview](design-rationale/overview.md)
|
||||
- [Why This Design, Not Signal/Matrix/...](design-rationale/why-not-signal.md)
|
||||
- [ADR-001: Noise\_XX for Transport Auth](design-rationale/adr-001-noise-xx.md)
|
||||
- [ADR-002: Cap'n Proto over MessagePack](design-rationale/adr-002-capnproto.md)
|
||||
- [ADR-003: RPC Inside the Noise Tunnel](design-rationale/adr-003-rpc-inside-noise.md)
|
||||
- [ADR-004: MLS-Unaware Delivery Service](design-rationale/adr-004-mls-unaware-ds.md)
|
||||
- [ADR-005: Single-Use KeyPackages](design-rationale/adr-005-single-use-keypackages.md)
|
||||
- [ADR-006: PQ Gap in Noise Transport](design-rationale/adr-006-pq-gap.md)
|
||||
|
||||
---
|
||||
|
||||
# Implementation Internals
|
||||
|
||||
- [GroupMember Lifecycle](internals/group-member-lifecycle.md)
|
||||
- [KeyPackage Exchange Flow](internals/keypackage-exchange.md)
|
||||
- [Delivery Service Internals](internals/delivery-service.md)
|
||||
- [Authentication Service Internals](internals/authentication-service.md)
|
||||
- [Storage Backend](internals/storage-backend.md)
|
||||
|
||||
---
|
||||
|
||||
# Roadmap and Research
|
||||
|
||||
- [Milestone Tracker](roadmap/milestones.md)
|
||||
- [Production Readiness WBS](roadmap/production-readiness.md)
|
||||
- [Auth, Devices, and Tokens](roadmap/authz-plan.md)
|
||||
- [1:1 Channel Design](roadmap/dm-channels.md)
|
||||
- [Future Research Directions](roadmap/future-research.md)
|
||||
|
||||
---
|
||||
|
||||
# Contributing
|
||||
|
||||
- [Coding Standards](contributing/coding-standards.md)
|
||||
- [Testing Strategy](contributing/testing.md)
|
||||
|
||||
---
|
||||
|
||||
# Appendix
|
||||
|
||||
- [Glossary](appendix/glossary.md)
|
||||
- [References and Further Reading](appendix/references.md)
|
||||
Reference in New Issue
Block a user