# auth.capnp — Authentication Service RPC interface.
#
# Clients call uploadKeyPackage before joining any group so that peers can
# fetch their key material to add them. Each KeyPackage is single-use (MLS
# requirement): fetchKeyPackage removes and returns one package atomically.
#
# The server indexes packages by the raw Ed25519 public key bytes (32 bytes),
# not a fingerprint, so callers must know the target's identity public key
# out-of-band (e.g. from a directory or QR code scan).
#
# ID generated with: capnp id
@0xb3a8f1c2e4d97650;

interface AuthenticationService {
  # Upload a single-use KeyPackage for later retrieval by peers.
  #
  # identityKey : Ed25519 public key bytes (exactly 32 bytes).
  # package     : openmls-serialised KeyPackage blob (TLS encoding).
  #
  # Returns the SHA-256 fingerprint of `package`. Clients should record this
  # and compare it against the fingerprint returned by a peer's fetchKeyPackage
  # to detect tampering.
  uploadKeyPackage @0 (identityKey :Data, package :Data) -> (fingerprint :Data);

  # Fetch and atomically remove one KeyPackage for a given identity key.
  #
  # Returns empty Data if no KeyPackage is currently stored for this identity.
  # Callers should handle the empty case by asking the target to upload more
  # packages before retrying.
  fetchKeyPackage  @1 (identityKey :Data) -> (package :Data);
}