Struct MessageFull 

pub struct MessageFull {
    id: MessageId,
    signature: Signature,
    message: Box<Message>,
}

Complete signed message ready for transmission and storage.

Message Authentication and Integrity

MessageFull represents a complete, authenticated message that includes:

1. Content: The original Message (e.g., MessageV0)
2. Signature: Ed25519 digital signature over the serialized message
3. Identity: Blake3 hash-based unique identifier

This structure ensures non-repudiation and integrity - recipients can cryptographically verify that the message came from the claimed sender and hasn’t been tampered with.

Cryptographic Construction

The message construction follows a specific protocol:

1. Serialize: Convert Message to bytes using postcard
2. Sign: Create Ed25519 signature over the serialized bytes
3. Hash: Compute Blake3 hash of serialized_message || signature for the ID

This ensures that:

• The signature covers the entire message content
• The ID uniquely identifies this specific signed message
• Replay attacks are prevented through unique IDs

Wire Format and Storage

MessageFull is the canonical storage format used throughout the system:

• Network transmission: Serialized with postcard for efficiency
• Database storage: Stored as binary blobs in key-value stores
• Message indexing: ID used as primary key, sender/timestamp extracted for indexes

The postcard serialization format is:

[id: 32 bytes][message: variable][signature: 64 bytes]

Identity and Deduplication

The Blake3-based ID serves multiple purposes:

• Deduplication: Identical signed messages have identical IDs
• Content addressing: Messages can be retrieved by their cryptographic hash
• Integrity verification: ID changes if any part of the message is modified
• Ordering: IDs provide deterministic message ordering (with timestamp ties)

Security Properties

MessageFull provides the following security guarantees:

• Authentication: Ed25519 signature proves sender identity
• Integrity: Any modification invalidates the signature
• Non-repudiation: Sender cannot deny creating a valid signature
• Uniqueness: Blake3 ID prevents message duplication

Note: Confidentiality is provided by the Content encryption, not at this layer.

Example Usage

use zoe_wire_protocol::{MessageFull, Message, MessageV0, Content, Kind};
use ed25519_dalek::SigningKey;
use rand::rngs::OsRng;

// Create a signed message
let signing_key = SigningKey::generate(&mut OsRng);
let message = Message::MessageV0(MessageV0 {
    sender: signing_key.verifying_key(),
    when: 1640995200,
    kind: Kind::Regular,
    tags: vec![],
    content: Content::raw("Hello!".as_bytes().to_stdvec()),
});

let full_message = MessageFull::new(message, &signing_key)?;

// Verify the signature and ID
assert!(full_message.verify()?);

// The ID is deterministic for the same signed content
let id = full_message.id;

Storage Integration

This structure is optimized for the key-value storage architecture:

• Primary key: id field for O(1) message retrieval
• Indexed fields: sender and when extracted from embedded message for queries
• Tag tables: Separate tables for efficient tag-based filtering
• Blob storage: Entire MessageFull serialized as atomic unit

Fields

id: MessageId

Blake3 hash serving as the unique message identifier.

Computed as: Blake3(messsage.as_bytes()) Notice that the ID does not include the signature as that may contain random ness (ML-DSA does) and thus would create different hash IDs for the same content message.

That means that if there are two messages with the same contentn but valid signatures (verified against the sender) they are considered the same in terms of storage and retrieval and there is no guarantee you received the one with the same signature - just with a valid signature.

This ID is:

• Unique: Cryptographically improbable to collide
• Deterministic: Same content always produces same ID
• Tamper-evident: Changes to messagd change the ID
• Content-addressed: Can be used to retrieve the message

signature: Signature

Cryptographic signature over the serialized message.

Created by signing postcard::serialize(message) with the sender’s private key. Recipients verify this signature using the public key in message.sender.

Security note: The signature covers the entire serialized message, including all metadata, tags, and content. This prevents partial modification attacks.

message: Box<Message>

The original message content and metadata.

Boxed to minimize stack usage since messages can be large. Contains version-specific message data (e.g., MessageV0).

Implementations

impl MessageFull

pub fn new(message: Message, signer: &KeyPair) -> Result<Self, MessageFullError>

Create a new MessageFull with proper signature and ID

fn with_signature( signature: Signature, message: Box<Message>, message_bytes: &[u8], ) -> Result<Self, MessageFullError>

pub fn id(&self) -> &MessageId

pub fn message(&self) -> &Message

pub fn signature(&self) -> &Signature

pub fn ref_tag(&self) -> Tag

pub fn storage_value(&self) -> Result<Vec<u8>, MessageFullError>

The value this message is stored under in the storage

pub fn storage_timeout(&self) -> Option<u64>

The timeout for this message in the storage

pub fn store_key(&self) -> Option<StoreKey>

pub fn clear_key(&self) -> Option<StoreKey>

this is meant to clear a storage key

pub fn from_storage_value(value: &[u8]) -> Result<Self, MessageFullError>

Deserialize a message from its storage value

pub fn author(&self) -> &VerifyingKey

pub fn when(&self) -> &u64

pub fn kind(&self) -> &Kind

pub fn tags(&self) -> &Vec<Tag>

pub fn content(&self) -> &Content

pub fn raw_content(&self) -> Option<&Vec<u8>>

Get raw content bytes if this message contains raw content

pub fn encrypted_content(&self) -> Option<&ChaCha20Poly1305Content>

Get encrypted content if this message contains encrypted content

pub fn is_expired(&self, current_time: u64) -> bool

Check if this message is expired based on its timeout and current time

impl MessageFull

pub fn try_deserialize_content<C>(&self) -> Result<C, MessageFullError>

where C: for<'a> Deserialize<'a>,

Try to deserialize content if it’s raw (unencrypted)

Trait Implementations

impl Clone for MessageFull

fn clone(&self) -> MessageFull

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for MessageFull

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl<'de> Deserialize<'de> for MessageFull

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>

where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer.

impl From<&MessageFull> for Tag

fn from(message: &MessageFull) -> Self

Converts to this type from the input type.

impl From<MessageFull> for MessageFullWire

fn from(val: MessageFull) -> Self

Converts to this type from the input type.

impl PartialEq for MessageFull

Manual PartialEq implementation for MessageFull

fn eq(&self, other: &Self) -> bool

Tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl Serialize for MessageFull

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>

where __S: Serializer,

Serialize this value into the given Serde serializer.

impl TryFrom<MessageFullWire> for MessageFull

type Error = MessageFullError

The type returned in the event of a conversion error.

fn try_from(value: MessageFullWire) -> Result<Self, Self::Error>

Performs the conversion.

impl Eq for MessageFull

Manual Eq implementation for MessageFull