Author: claddy

Introduction

Hi everyone! I’m thrilled to share that I’ve successfully completed my Google Summer of Code 2025 project with Freifunk and qaul!

I’ve spent the past few months working on implementing a comprehensive RPC user authentication layer for qaul. This journey has been both challenging and incredibly rewarding, and I’m excited to share the final results of my work.

A huge thank you to my mentor MathJud for his continuous guidance and support throughout this project, and to Andibraeu and the entire Freifunk community for this amazing opportunity!

Project Overview

qaul enables peer-to-peer communication without any internet or communication infrastructure, using local wifi networks or shared phone wifi networks. My project focused on creating a robust authentication and encryption system that would lay the foundation for multi user support per node and future web interface.

Progress after mid term

Session Management System

I developed a token-based session management system. The tokens for each user are stored in their configuration file, which ensures session persistence.

Protobuf updates

Extended qaul’s RPC communication structure with new authentication modules:

message LoginRequest {
    string username = 1;
    bytes password = 2;
}

message LoginResponse {
    string status = 1;
    bytes token = 2;
    string message = 3;
}

Impact and Benefits

This project brings significant benefits to the qaul ecosystem and its users:

For Users:

• Enhanced security through proper authentication.
• Ability to use multiple identities on the same node
• Session persistence across application restarts
• Foundation for web-based access without app installation

For Developers:

• Extensible authentication framework for future features
• Modular design enabling easy maintenance and updates

For the Community:

• Improved scalability
• Foundation for building web interfaces
• Support for shared node resources in community networks

Challenges and Learning

This project presented several technical challenges that deepened my understanding:

RPC System Integration: Extending qaul’s existing RPC infrastructure required careful study of the codebase and multiple iterations to achieve integration.

Cryptographic Implementation: Implementing secure authentication without exposing passwords required the dual-hash approach with nonces, ensuring each authentication is unique.

The tradeoffs we made

We have one active session per user right now instead of multiple concurrent sessions.

We’ve tokens in the config.yaml, but we also have private keys. So, that works!

The challenge-response flow adds complexity, but ensures passwords are never shared over the network, and the whole mechanism also prevents rainbow attacks.

The known inefficiencies

• Nonce is a simple counter instead of random number.
• No prevension of duplicate usernames, this is the reason that causes authentication failures when multiple users share names.

Scopes of improvement

• Multiple sessions per user that would enable multiple devices for a user.
• Security layer for authenticated user containment in libqaul. For that a user can only execute functions it is entitled to.
• Additional protobuf message to ask the system for all available users to login.
• This function delivers different results, whether a user is local or a user is trying to remotely login.

Conclusion

Completing this GSoC project has been an incredible journey of growth and learning.

This isn’t goodbye 🙂 I’m excited to continue contributing to qaul and the broader freedom tech ecosystem. The future of decentralized, censorship-resistant communication is bright, and I’m honored to be part of building it!

Introduction:

Hi everyone! As we reach the midpoint of Google Summer of Code 2025, I’m excited to share the progress no my project: qaul RPC User Authentication Layer. Working on the project has been challenging as well as rewarding for me, and I’m very excited to share what I’ve accomplished so far and what is still left.

Where are we

Core Password Management Implementation

I have built the foundational password management system within libqaul. This involves several key components.

• Secure Password Hashing:
  I initally implemented hashing using bcrypt but after careful consideration, I migrated to Argon2.
• Protobuf Integrations:
  Extend qaul’s existing RPC communication structure by adding new auth modules.
• Updated the configuration framework to secure handle password hashes and auth settings, so that sensititve data is properly stored while maintaing compatibility with existing systems.

Authentication Module Development

The auth system is now integrated into libqaul’s arhitecture.

RPC Message Handling: Implemented comprehensive message processing for authentication requests and responses, including proper error handling and status reporting.

Challenge response: developed a secure authentication flow that uses cryptographic challenges rather than direct password transmission. This approach ensures that passwords neer traverse the network, and no two hash (that node use to verify password) are same due to different nonce for each authentication request.
The structure for messages are below:

message LoginRequest {
    string username = 1;
    bytes password = 2;
}

message LoginResponse {
    string status = 1;
   // bytes token = 2;
    string message = 3;
}

What we’re looking forward to

The larger picture for us is to create an infrastructure where we could enable multi-user per ndoe support, and web-based interface. Therefore we would be working on Session token management system that would validate the authenticated operatings and enable stateful user sessions while maintaining security.

Challenges

RPC system extension. Integrating authentication into qaul’s existing rpc infrastructure was a bit challenging for me initially, but a few wrong attempts gave me a clear picture. Also, the existing code helped me understand how things were working.

We wanted the user password to be actually very secure, so instead of simply hashing it, we now hash the user password with salt, let’s say hash1 and then libqaul send you a nonce, and using hash1 and nonce we calculate the hash2. This ensures that the hash2 is never the same for any existing passwords.

Next Steps

For the remainder of the project, I plan to focus on:

• Session Management Completion
• CLI Integration
• Encryption Implementation

Conclusion

The midterm point helped me reflect on my journey, and I’m glad to say that the project is shaping up excellent. Wit the core authentication infrastructure completion and properly integration into libqaul. we have a solid foundation for secure multi-user support and future interface development. Thank you to my mentor Mathjud and the entire qaul community!