Christian Nennemann
6b8b61c6ae
Delivery sequence numbers (MLS epoch ordering fix):
- schemas/node.capnp: add Envelope{seq,data} struct; enqueue returns seq:UInt64;
fetch/fetchWait return List(Envelope) instead of List(Data)
- storage.rs: Store trait enqueue returns u64; fetch/fetch_limited return
Vec<(u64, Vec<u8>)>; FileBackedStore gains QueueMapV3 with per-inbox seq
counters and V2→V3 on-disk migration
- migrations/002_add_seq.sql: seq column, delivery_seq_counters table, index
- sql_store.rs: atomic UPSERT counter via RETURNING, ORDER BY seq, SCHEMA_VERSION→3
- node_service/delivery.rs: builds Envelope list; returns seq from enqueue
- client/rpc.rs: enqueue→u64, fetch_all/fetch_wait→Vec<(u64,Vec<u8>)>
- client/commands.rs: sort-by-seq before MLS processing; retry loop in cmd_recv
and receive_pending_plaintexts for correct epoch ordering
Server refactor:
- Split monolithic main.rs into node_service/{mod,delivery,auth_ops,key_ops,p2p_ops}
- Add auth.rs (token validation, rate limiting), config.rs, metrics.rs, tls.rs
- Add SQL migrations runner (001_initial.sql, 002_add_seq.sql)
- OPAQUE PAKE login/registration, sealed-sender mode, queue depth limit (1000)
Client refactor:
- Split lib.rs into client/{commands,rpc,state,retry,hex,mod}
- Add cmd_whoami, cmd_health, cmd_check_key, cmd_ping subcommands
- Add cmd_register_user, cmd_login (OPAQUE), cmd_refresh_keypackage
- Hybrid PQ envelope (X25519 + ML-KEM-768) on all send/recv paths
- E2E test suite expanded
Other:
- quicnprotochat-gui: Tauri 2 desktop GUI skeleton (backend + HTML UI)
- quicnprotochat-p2p: iroh-based P2P transport stub
- quicnprotochat-core: app_message, hybrid_crypto modules; GroupMember API updates
- .github/workflows/size-lint.yml: binary size regression check
- docs: protocol comparison, roadmap updates, fully-operational checklist
83 lines
4.2 KiB
Cap'n Proto
83 lines
4.2 KiB
Cap'n Proto
# node.capnp — Unified quicnprotochat node RPC interface.
|
|
#
|
|
# Combines Authentication and Delivery operations into a single service.
|
|
#
|
|
# ID generated with: capnp id
|
|
@0xd5ca5648a9cc1c28;
|
|
|
|
interface NodeService {
|
|
# Upload a single-use KeyPackage for later retrieval by peers.
|
|
# identityKey : Ed25519 public key bytes (32 bytes)
|
|
# package : TLS-encoded openmls KeyPackage
|
|
# auth : Auth context (version=1, non-empty accessToken required).
|
|
uploadKeyPackage @0 (identityKey :Data, package :Data, auth :Auth) -> (fingerprint :Data);
|
|
|
|
# Fetch and atomically remove one KeyPackage for a given identity key.
|
|
# Returns empty Data if none are stored.
|
|
fetchKeyPackage @1 (identityKey :Data, auth :Auth) -> (package :Data);
|
|
|
|
# Enqueue an opaque payload for delivery to a recipient.
|
|
# channelId : Optional channel identifier (empty for default). A 16-byte UUID
|
|
# is recommended for 1:1 channels.
|
|
# version : Schema/wire version. Must be 1.
|
|
# Returns the monotonically increasing per-inbox sequence number assigned to this message.
|
|
enqueue @2 (recipientKey :Data, payload :Data, channelId :Data, version :UInt16, auth :Auth) -> (seq :UInt64);
|
|
|
|
# Fetch and drain all queued payloads for the recipient.
|
|
# limit: max number of messages to return (0 = fetch all).
|
|
# Returns envelopes with per-inbox sequence numbers for ordered MLS processing.
|
|
fetch @3 (recipientKey :Data, channelId :Data, version :UInt16, auth :Auth, limit :UInt32) -> (payloads :List(Envelope));
|
|
|
|
# Long-poll: wait up to timeoutMs for new payloads, then drain queue.
|
|
# limit: max number of messages to return (0 = fetch all).
|
|
# Returns envelopes with per-inbox sequence numbers for ordered MLS processing.
|
|
fetchWait @4 (recipientKey :Data, channelId :Data, version :UInt16, timeoutMs :UInt64, auth :Auth, limit :UInt32) -> (payloads :List(Envelope));
|
|
|
|
# Health probe for readiness/liveness.
|
|
health @5 () -> (status :Text);
|
|
|
|
# Upload the hybrid (X25519 + ML-KEM-768) public key for sealed envelope encryption.
|
|
uploadHybridKey @6 (identityKey :Data, hybridPublicKey :Data, auth :Auth) -> ();
|
|
|
|
# Fetch a peer's hybrid public key (for post-quantum envelope encryption).
|
|
fetchHybridKey @7 (identityKey :Data, auth :Auth) -> (hybridPublicKey :Data);
|
|
|
|
# ── OPAQUE password-authenticated registration ──────────────────────────
|
|
|
|
# Start OPAQUE registration: client sends blinded password element.
|
|
opaqueRegisterStart @8 (username :Text, request :Data) -> (response :Data);
|
|
|
|
# Finish OPAQUE registration: client uploads sealed credential envelope.
|
|
opaqueRegisterFinish @9 (username :Text, upload :Data, identityKey :Data) -> (success :Bool);
|
|
|
|
# ── OPAQUE password-authenticated login ─────────────────────────────────
|
|
|
|
# Start OPAQUE login: client sends credential request.
|
|
opaqueLoginStart @10 (username :Text, request :Data) -> (response :Data);
|
|
|
|
# Finish OPAQUE login: client sends credential finalization, receives session token.
|
|
opaqueLoginFinish @11 (username :Text, finalization :Data, identityKey :Data) -> (sessionToken :Data);
|
|
|
|
# ── P2P endpoint discovery ────────────────────────────────────────────────
|
|
|
|
# Publish this node's iroh endpoint address for P2P connectivity.
|
|
# nodeAddr is the serialized iroh NodeAddr (JSON or custom encoding).
|
|
publishEndpoint @12 (identityKey :Data, nodeAddr :Data, auth :Auth) -> ();
|
|
|
|
# Resolve a peer's iroh endpoint for direct P2P connection.
|
|
resolveEndpoint @13 (identityKey :Data, auth :Auth) -> (nodeAddr :Data);
|
|
}
|
|
|
|
struct Auth {
|
|
version @0 :UInt16; # 1 = token-based auth (required)
|
|
accessToken @1 :Data; # opaque bearer token issued at login
|
|
deviceId @2 :Data; # optional UUID bytes for auditing/rate limiting
|
|
}
|
|
|
|
# A delivery envelope pairing a per-inbox sequence number with an opaque payload.
|
|
# Clients sort by `seq` before processing to guarantee MLS commit ordering.
|
|
struct Envelope {
|
|
seq @0 :UInt64; # monotonically increasing per-inbox counter (assigned by server)
|
|
data @1 :Data; # opaque payload (hybrid-encrypted MLS message)
|
|
}
|