Midterm: qaul RPC User Authentication Layer

Introduction:


Hi everyone! As we reach the midpoint of Google Summer of Code 2025, I’m excited to share the progress no my project: qaul RPC User Authentication Layer. Working on the project has been challenging as well as rewarding for me, and I’m very excited to share what I’ve accomplished so far and what is still left.

Where are we

Core Password Management Implementation


I have built the foundational password management system within libqaul. This involves several key components.

  • Secure Password Hashing:
    I initally implemented hashing using bcrypt but after careful consideration, I migrated to Argon2.
  • Protobuf Integrations:
    Extend qaul’s existing RPC communication structure by adding new auth modules.
  • Updated the configuration framework to secure handle password hashes and auth settings, so that sensititve data is properly stored while maintaing compatibility with existing systems.

Authentication Module Development


The auth system is now integrated into libqaul’s arhitecture.

RPC Message Handling: Implemented comprehensive message processing for authentication requests and responses, including proper error handling and status reporting.

Challenge response: developed a secure authentication flow that uses cryptographic challenges rather than direct password transmission. This approach ensures that passwords neer traverse the network, and no two hash (that node use to verify password) are same due to different nonce for each authentication request.
The structure for messages are below:

message LoginRequest {
    string username = 1;
    bytes password = 2;
}

message LoginResponse {
    string status = 1;
   // bytes token = 2;
    string message = 3;
}

What we’re looking forward to


The larger picture for us is to create an infrastructure where we could enable multi-user per ndoe support, and web-based interface. Therefore we would be working on Session token management system that would validate the authenticated operatings and enable stateful user sessions while maintaining security.

Challenges


RPC system extension. Integrating authentication into qaul’s existing rpc infrastructure was a bit challenging for me initially, but a few wrong attempts gave me a clear picture. Also, the existing code helped me understand how things were working.

We wanted the user password to be actually very secure, so instead of simply hashing it, we now hash the user password with salt, let’s say hash1 and then libqaul send you a nonce, and using hash1 and nonce we calculate the hash2. This ensures that the hash2 is never the same for any existing passwords.

Next Steps


For the remainder of the project, I plan to focus on:

  • Session Management Completion
  • CLI Integration
  • Encryption Implementation

Conclusion


The midterm point helped me reflect on my journey, and I’m glad to say that the project is shaping up excellent. Wit the core authentication infrastructure completion and properly integration into libqaul. we have a solid foundation for secure multi-user support and future interface development. Thank you to my mentor Mathjud and the entire qaul community!

GSoC 2025: qaul RPC user authentication layer

Introduction

Hi everyone!
I’m Mohit Kumar from Gurgaon, India. I pursued my bachelors in Electronics and Communication Engineering from Indian Institute of Information Technology, Nagpur. I’m very interested in the future of freedom tech which aligns very well with qaul and freifunk projects. Interestingly, I also had a course on Wireless Communication, and that got me hooked on the projects related to freifunk community as well.

In past I’ve contributed to a few open source projects, such as coinswap, eclair-cli, health claims exchange, etc.

About project

qaul is an internet independent wireless mesh communication app. qaul enables you to communicate P2P with people around you without any internet or communication infrastructure, using your local wifi network or via the shared wifi network of your phone. My project focuses on implementing the user authentication layer between libqual and UI, and end to end encryption.

Key features

  • Developing the authentication system.
  • Introduce session management.
  • Implementing End to End Encryption.

In this initial phase, I’m learning more about qaul codebase and discussing design choices for the authentication system with my mentor.

Who would gain from this project?

This would bring several benefits to community networks and various stakeholders.
Users:

  • With improved scalability, the network grows organically without compromising the security or the performance.
  • Communication between node(libqaul) and UI would be secure and authenticated.
  • Users would have the possibility of using several identities on the same node. 
  • A node could be a shared communication resource for all users not having the app installed but communicating via a web-interface, being connected to a central node.

Developers and Contributors: The project lays the foundation for a web interface. The authentication system and session management systems create a more extensible architecture, allowing developers to build additional features and functionalities.

Looking Ahead

I’m excited to collaborate with the qaul team and the wideeer freifunk community. Through this project, I hope to grow as a developer, contribute meaningful code, and support decentralized communication efforts.

I’m very grateful to Mathjud for his mentorship, which made my initial hurdles(of exploring new project) a bit smooth. And a huge thanks to the Andibraeu, and the whole community.