Now I have actually implemented Noise, revise the schema
This commit is contained in:
parent
40b4681a6e
commit
e8881f5980
|
@ -4,9 +4,14 @@ ByteString
|
||||||
QueryValue´³orµµ±string´³atom³String„„µ±file´³rec´³lit³file„´³tupleµ´³named³filename´³atom³String„„´³named³headers´³refµ„³Headers„„´³named³body´³atom³
|
QueryValue´³orµµ±string´³atom³String„„µ±file´³rec´³lit³file„´³tupleµ´³named³filename´³atom³String„„´³named³headers´³refµ„³Headers„„´³named³body´³atom³
|
||||||
ByteString„„„„„„„„³HostPattern´³orµµ±host´³atom³String„„µ±any´³lit€„„„„³HttpBinding´³rec´³lit³ http-bind„´³tupleµ´³named³host´³refµ„³HostPattern„„´³named³port´³atom³
SignedInteger„„´³named³method´³refµ„³
MethodPattern„„´³named³path´³refµ„³PathPattern„„´³named³handler´³embedded´³refµ„³HttpRequest„„„„„„³HttpContext´³rec´³lit³request„´³tupleµ´³named³req´³refµ„³HttpRequest„„´³named³res´³embedded´³refµ„³HttpResponse„„„„„„³HttpRequest´³rec´³lit³http-request„´³tupleµ´³named³sequenceNumber´³atom³
SignedInteger„„´³named³host´³atom³String„„´³named³port´³atom³
SignedInteger„„´³named³method´³atom³Symbol„„´³named³path´³seqof´³atom³String„„„´³named³headers´³refµ„³Headers„„´³named³query´³dictof´³atom³Symbol„´³seqof´³refµ„³
|
ByteString„„„„„„„„³HostPattern´³orµµ±host´³atom³String„„µ±any´³lit€„„„„³HttpBinding´³rec´³lit³ http-bind„´³tupleµ´³named³host´³refµ„³HostPattern„„´³named³port´³atom³
SignedInteger„„´³named³method´³refµ„³
MethodPattern„„´³named³path´³refµ„³PathPattern„„´³named³handler´³embedded´³refµ„³HttpRequest„„„„„„³HttpContext´³rec´³lit³request„´³tupleµ´³named³req´³refµ„³HttpRequest„„´³named³res´³embedded´³refµ„³HttpResponse„„„„„„³HttpRequest´³rec´³lit³http-request„´³tupleµ´³named³sequenceNumber´³atom³
SignedInteger„„´³named³host´³atom³String„„´³named³port´³atom³
SignedInteger„„´³named³method´³atom³Symbol„„´³named³path´³seqof´³atom³String„„„´³named³headers´³refµ„³Headers„„´³named³query´³dictof´³atom³Symbol„´³seqof´³refµ„³
|
||||||
QueryValue„„„„´³named³body´³refµ„³RequestBody„„„„„³HttpService´³rec´³lit³http-service„´³tupleµ´³named³host´³refµ„³HostPattern„„´³named³port´³atom³
SignedInteger„„´³named³method´³refµ„³
MethodPattern„„´³named³path´³refµ„³PathPattern„„„„„³PathPattern´³seqof´³refµ„³PathPatternElement„„³RequestBody´³orµµ±present´³atom³
|
QueryValue„„„„´³named³body´³refµ„³RequestBody„„„„„³HttpService´³rec´³lit³http-service„´³tupleµ´³named³host´³refµ„³HostPattern„„´³named³port´³atom³
SignedInteger„„´³named³method´³refµ„³
MethodPattern„„´³named³path´³refµ„³PathPattern„„„„„³PathPattern´³seqof´³refµ„³PathPatternElement„„³RequestBody´³orµµ±present´³atom³
|
||||||
ByteString„„µ±absent´³lit€„„„„³HttpListener´³rec´³lit³
http-listener„´³tupleµ´³named³port´³atom³
SignedInteger„„„„„³HttpResponse´³orµµ±status´³rec´³lit³status„´³tupleµ´³named³code´³atom³
SignedInteger„„´³named³message´³atom³String„„„„„„µ±header´³rec´³lit³header„´³tupleµ´³named³name´³atom³Symbol„„´³named³value´³atom³String„„„„„„µ±chunk´³rec´³lit³chunk„´³tupleµ´³named³chunk´³refµ„³Chunk„„„„„„µ±done´³rec´³lit³done„´³tupleµ´³named³chunk´³refµ„³Chunk„„„„„„„„³
MethodPattern´³orµµ±any´³lit€„„µ±specific´³atom³Symbol„„„„³PathPatternElement´³orµµ±label´³atom³String„„µ±wildcard´³lit³_„„µ±rest´³lit³...„„„„„³embeddedType€„„µ³noise„´³schema·³version‘³definitions·³Accept´³rec´³lit³accept„´³tupleµ´³named³ handshake´³atom³
|
ByteString„„µ±absent´³lit€„„„„³HttpListener´³rec´³lit³
http-listener„´³tupleµ´³named³port´³atom³
SignedInteger„„„„„³HttpResponse´³orµµ±status´³rec´³lit³status„´³tupleµ´³named³code´³atom³
SignedInteger„„´³named³message´³atom³String„„„„„„µ±header´³rec´³lit³header„´³tupleµ´³named³name´³atom³Symbol„„´³named³value´³atom³String„„„„„„µ±chunk´³rec´³lit³chunk„´³tupleµ´³named³chunk´³refµ„³Chunk„„„„„„µ±done´³rec´³lit³done„´³tupleµ´³named³chunk´³refµ„³Chunk„„„„„„„„³
MethodPattern´³orµµ±any´³lit€„„µ±specific´³atom³Symbol„„„„³PathPatternElement´³orµµ±label´³atom³String„„µ±wildcard´³lit³_„„µ±rest´³lit³...„„„„„³embeddedType€„„µ³noise„´³schema·³version‘³definitions·³Accept´³rec´³lit³accept„´³tupleµ´³named³responderSession´³embedded³any„„„„„³Packet´³orµµ±complete´³atom³
|
||||||
ByteString„„´³named³responderSession´³embedded³any„„„„„³Connect´³rec´³lit³connect„´³tupleµ´³named³ handshake´³atom³
|
ByteString„„µ±
|
||||||
ByteString„„´³named³initiatorSession´³embedded³any„„„„„„³embeddedType€„„µ³timer„´³schema·³version‘³definitions·³SetTimer´³rec´³lit³ set-timer„´³tupleµ´³named³label³any„´³named³msecs´³atom³Double„„´³named³kind´³refµ„³ TimerKind„„„„„³ LaterThan´³rec´³lit³
|
fragmented´³seqof´³atom³
|
||||||
|
ByteString„„„„„³Connect´³rec´³lit³connect„´³tupleµ´³named³serviceSelector³any„´³named³initiatorSession´³embedded³any„„„„„³Endpoint´³rec´³lit³noise„´³tupleµ´³named³spec´³refµ„³EndpointSpec„„„„„³EndpointRef´³orµµ±present´³dict·³ref´³named³ref´³refµ³sturdy„³ SturdyRef„„„„„µ±invalid´³dict·³ref´³named³ref³any„„„„µ±absent´³dict·„„„„„³EndpointSpec´³andµ´³dict·³key´³named³key´³atom³
|
||||||
|
ByteString„„³
|
||||||
|
transports´³named³
|
||||||
|
transports´³seqof³any„„„„´³named³protocol´³refµ„³EndpointProtocol„„´³named³ref´³refµ„³EndpointRef„„´³named³
preSharedKeys´³refµ„³EndpointPreSharedKeys„„„„³DefaultProtocol´³lit±!Noise_NK_25519_ChaChaPoly_BLAKE2s„³EndpointProtocol´³orµµ±present´³dict·³protocol´³named³protocol´³atom³String„„„„„µ±invalid´³dict·³protocol´³named³protocol³any„„„„µ±absent´³dict·„„„„„³EndpointPreSharedKeys´³orµµ±present´³dict·³
preSharedKeys´³named³
preSharedKeys´³seqof´³atom³
|
||||||
|
ByteString„„„„„„µ±invalid´³dict·³
preSharedKeys´³named³
preSharedKeys³any„„„„µ±absent´³dict·„„„„„„³embeddedType€„„µ³timer„´³schema·³version‘³definitions·³SetTimer´³rec´³lit³ set-timer„´³tupleµ´³named³label³any„´³named³msecs´³atom³Double„„´³named³kind´³refµ„³ TimerKind„„„„„³ LaterThan´³rec´³lit³
|
||||||
later-than„´³tupleµ´³named³msecs´³atom³Double„„„„„³ TimerKind´³orµµ±relative´³lit³relative„„µ±absolute´³lit³absolute„„µ±clear´³lit³clear„„„„³TimerExpired´³rec´³lit³
timer-expired„´³tupleµ´³named³label³any„´³named³msecs´³atom³Double„„„„„„³embeddedType€„„µ³trace„´³schema·³version‘³definitions·³Oid³any³Name´³orµµ± anonymous´³rec´³lit³ anonymous„´³tupleµ„„„„µ±named´³rec´³lit³named„´³tupleµ´³named³name³any„„„„„„„³Target´³rec´³lit³entity„´³tupleµ´³named³actor´³refµ„³ActorId„„´³named³facet´³refµ„³FacetId„„´³named³oid´³refµ„³Oid„„„„„³TaskId³any³TurnId³any³ActorId³any³FacetId³any³ TurnCause´³orµµ±turn´³rec´³lit³ caused-by„´³tupleµ´³named³id´³refµ„³TurnId„„„„„„µ±cleanup´³rec´³lit³cleanup„´³tupleµ„„„„µ±linkedTaskRelease´³rec´³lit³linked-task-release„´³tupleµ´³named³id´³refµ„³TaskId„„´³named³reason´³refµ„³LinkedTaskReleaseReason„„„„„„µ±periodicActivation´³rec´³lit³periodic-activation„´³tupleµ´³named³period´³atom³Double„„„„„„µ±delay´³rec´³lit³delay„´³tupleµ´³named³causingTurn´³refµ„³TurnId„„´³named³amount´³atom³Double„„„„„„µ±external´³rec´³lit³external„´³tupleµ´³named³description³any„„„„„„„³ TurnEvent´³orµµ±assert´³rec´³lit³assert„´³tupleµ´³named³ assertion´³refµ„³AssertionDescription„„´³named³handle´³refµ³protocol„³Handle„„„„„„µ±retract´³rec´³lit³retract„´³tupleµ´³named³handle´³refµ³protocol„³Handle„„„„„„µ±message´³rec´³lit³message„´³tupleµ´³named³body´³refµ„³AssertionDescription„„„„„„µ±sync´³rec´³lit³sync„´³tupleµ´³named³peer´³refµ„³Target„„„„„„µ± breakLink´³rec´³lit³
|
later-than„´³tupleµ´³named³msecs´³atom³Double„„„„„³ TimerKind´³orµµ±relative´³lit³relative„„µ±absolute´³lit³absolute„„µ±clear´³lit³clear„„„„³TimerExpired´³rec´³lit³
timer-expired„´³tupleµ´³named³label³any„´³named³msecs´³atom³Double„„„„„„³embeddedType€„„µ³trace„´³schema·³version‘³definitions·³Oid³any³Name´³orµµ± anonymous´³rec´³lit³ anonymous„´³tupleµ„„„„µ±named´³rec´³lit³named„´³tupleµ´³named³name³any„„„„„„„³Target´³rec´³lit³entity„´³tupleµ´³named³actor´³refµ„³ActorId„„´³named³facet´³refµ„³FacetId„„´³named³oid´³refµ„³Oid„„„„„³TaskId³any³TurnId³any³ActorId³any³FacetId³any³ TurnCause´³orµµ±turn´³rec´³lit³ caused-by„´³tupleµ´³named³id´³refµ„³TurnId„„„„„„µ±cleanup´³rec´³lit³cleanup„´³tupleµ„„„„µ±linkedTaskRelease´³rec´³lit³linked-task-release„´³tupleµ´³named³id´³refµ„³TaskId„„´³named³reason´³refµ„³LinkedTaskReleaseReason„„„„„„µ±periodicActivation´³rec´³lit³periodic-activation„´³tupleµ´³named³period´³atom³Double„„„„„„µ±delay´³rec´³lit³delay„´³tupleµ´³named³causingTurn´³refµ„³TurnId„„´³named³amount´³atom³Double„„„„„„µ±external´³rec´³lit³external„´³tupleµ´³named³description³any„„„„„„„³ TurnEvent´³orµµ±assert´³rec´³lit³assert„´³tupleµ´³named³ assertion´³refµ„³AssertionDescription„„´³named³handle´³refµ³protocol„³Handle„„„„„„µ±retract´³rec´³lit³retract„´³tupleµ´³named³handle´³refµ³protocol„³Handle„„„„„„µ±message´³rec´³lit³message„´³tupleµ´³named³body´³refµ„³AssertionDescription„„„„„„µ±sync´³rec´³lit³sync„´³tupleµ´³named³peer´³refµ„³Target„„„„„„µ± breakLink´³rec´³lit³
|
||||||
break-link„´³tupleµ´³named³source´³refµ„³ActorId„„´³named³handle´³refµ³protocol„³Handle„„„„„„„„³
|
break-link„´³tupleµ´³named³source´³refµ„³ActorId„„´³named³handle´³refµ³protocol„³Handle„„„„„„„„³
|
||||||
ExitStatus´³orµµ±ok´³lit³ok„„µ±Error´³refµ³protocol„³Error„„„„³
|
ExitStatus´³orµµ±ok´³lit³ok„„µ±Error´³refµ³protocol„³Error„„„„³
|
||||||
|
|
|
@ -1,28 +1,55 @@
|
||||||
version 1 .
|
version 1 .
|
||||||
|
|
||||||
; Noise_IKpsk2_25519_ChaChaPoly_BLAKE2s, just like Wireguard
|
; https://noiseprotocol.org/
|
||||||
; Noise_NKpsk2_25519_ChaChaPoly_BLAKE2s
|
|
||||||
|
|
||||||
; - ephemeral public keys are 32 bytes
|
; Assertion.
|
||||||
; - pre-shared-keys (PSKs) are 32 bytes
|
Connect = <connect @serviceSelector any @initiatorSession #!any> .
|
||||||
; - authentication tags (on each AEAD encrypted payload) are 16 bytes each
|
|
||||||
|
|
||||||
; IKpsk2:
|
; Assertion (to initiatorSession).
|
||||||
; <- s (for us, the object's static key is in the cap ref)
|
Accept = <accept @responderSession #!any> .
|
||||||
; ...
|
|
||||||
; -> e, es, s, ss
|
; Sessions proceed by sending Packets to the initiatorSession and responderSession according to
|
||||||
; <- e, ee, se, psk
|
; the Noise protocol definition. Each Packet represents a complete logical unit of
|
||||||
|
; communication; for example, a complete Turn when layering the Syndicate protocol over Noise.
|
||||||
|
; Note well the restriction on Noise messages: no individual complete packet or packet fragment
|
||||||
|
; may exceed 65535 bytes (N.B. not 65536!). When `fragmented`, each portion of a Packet is a
|
||||||
|
; complete Noise "transport message"; when `complete`, the whole thing is likewise a complete
|
||||||
|
; "transport message".
|
||||||
|
Packet = @complete bytes / @fragmented [bytes ...] .
|
||||||
|
|
||||||
|
; When layering Syndicate protocol over noise,
|
||||||
;
|
;
|
||||||
; NKpsk2:
|
; - protocol.Packets MUST be encoded using the machine-oriented Preserves syntax
|
||||||
; <- s (for us, the object's static key is in the cap ref)
|
; - zero or more Turns are permitted per noise.Packet
|
||||||
; ...
|
; - each Turn must fit inside a single noise.Packet (fragment if needed)
|
||||||
; -> e, es
|
; - payloads inside a noise.Packet may be padded at the end with byte 0x80 (128), which
|
||||||
; <- e, ee, psk
|
; encodes `#f` in the machine-oriented Preserves syntax.
|
||||||
|
;
|
||||||
|
; In summary, each noise.Packet, once (reassembled and) decrypted, will be a sequence of zero
|
||||||
|
; or more machine-encoded protocol.Packets, followed by zero or more 0x80 bytes.
|
||||||
|
|
||||||
; Assertion. Handshake is an ephemeral public key followed by either an encrypted public-key
|
Endpoint = <noise @spec EndpointSpec> .
|
||||||
; (IK) or an encrypted empty payload (NK).
|
EndpointSpec = {
|
||||||
Connect = <connect @handshake bytes @initiatorSession #!any> .
|
; Possible transports, in preference order. Could contain e.g. transportAddress.Tcp values or
|
||||||
|
; similar. These are just suggestions; it's quite possible the endpoint is reachable by some
|
||||||
|
; means not listed.
|
||||||
|
transports: [any ...]
|
||||||
|
; The responder's static public key. If not required (uncommon!), supply the empty ByteString.
|
||||||
|
key: bytes
|
||||||
|
}
|
||||||
|
& @protocol EndpointProtocol
|
||||||
|
& @ref EndpointRef
|
||||||
|
& @preSharedKeys EndpointPreSharedKeys
|
||||||
|
.
|
||||||
|
|
||||||
; Assertion (to initiatorSession). Handshake is an encrypted ephemeral public key followed by a
|
; If absent, a default of DefaultProtocol is used. Most endpoints will speak the default.
|
||||||
; (differently-)encrypted PSK (which may be all zeros when no PSK is relevant).
|
EndpointProtocol = @present { protocol: string } / @invalid { protocol: any } / @absent {} .
|
||||||
Accept = <accept @handshake bytes @responderSession #!any> .
|
DefaultProtocol = "Noise_NK_25519_ChaChaPoly_BLAKE2s" .
|
||||||
|
|
||||||
|
; If present, OID 0 at the responder end is a Gatekeeper, and the named ref should be resolvable.
|
||||||
|
; If absent, OID 0 at the responder directly denotes the entity of interest.
|
||||||
|
EndpointRef = @present { ref: sturdy.SturdyRef } / @invalid { ref: any } / @absent {} .
|
||||||
|
|
||||||
|
; If present, Noise pre-shared-keys (PSKs) are drawn from the sequence as required; if the
|
||||||
|
; sequence is exhausted or not supplied, an all-zeros key is used each time a PSK is needed.
|
||||||
|
EndpointPreSharedKeys = @present { preSharedKeys: [bytes ...] } / @invalid { preSharedKeys: any } / @absent {} .
|
||||||
|
|
Loading…
Reference in New Issue