Replace network id with key (#46)

* Update network key management to utilize raw public keys

- Refactored the key management system to transition from using derived network IDs to raw public keys for network identification, enhancing consistency and security in encryption processes.
- Updated method signatures across the `runar-ffi` and `runar-keys` modules to accept and handle public key byte arrays instead of string identifiers.
- Modified the `EnvelopeEncryptedData` structure to store the network public key directly, improving clarity in data handling.
- Adjusted tests and examples to reflect the new public key approach, ensuring comprehensive coverage and validation of key management workflows.
- Introduced new dependencies for cryptographic operations, enhancing the overall functionality and performance of the key management system.

* Refactor FFI key management tests and remove unused functions

- Updated the `linux_keystore_end_to_end_mobile_node_flow` test to simplify the conversion of raw parts to a vector, enhancing code clarity.
- Removed the unused `cstr_to_string` function, streamlining the codebase and improving maintainability.
- Ensured that the remaining tests reflect the latest changes in key management functionalities, maintaining comprehensive coverage.

Author: pentateu

Cargo.lock

@@ -108,30 +108,33 @@ impl MobileSimulator {
     fn generate_network_data_key(&mut self) -> Result<String> {
         self.logger.info("📱 Mobile: Generating network data key");
 
-        let network_id = self
+        let network_public_key = self
             .key_manager
             .generate_network_data_key()
             .context("Failed to generate network data key")?;
+        let network_id = compact_id(&network_public_key);
 
         self.logger.info(format!(
-            "📱 Mobile: Network data key generated: {network_id}"
+            "📱 Mobile: Network data key generated: {} bytes",
+            network_public_key.len()
         ));
         Ok(network_id)
     }
 
     /// Create network key message for node
     fn create_network_key_message(
         &self,
-        network_id: &str,
+        network_public_key: &[u8],
         node_public_key: &[u8],
     ) -> Result<runar_keys::mobile::NetworkKeyMessage> {
         self.logger.info(format!(
-            "📱 Mobile: Creating network key message for network: {network_id}"
+            "📱 Mobile: Creating network key message for network: {} bytes",
+            network_public_key.len()
         ));
 
         let network_key_message = self
             .key_manager
-            .create_network_key_message(network_id, node_public_key)
+            .create_network_key_message(network_public_key, node_public_key)
             .context("Failed to create network key message")?;
 
         Ok(network_key_message)
@@ -326,8 +329,12 @@ async fn test_e2e_cli_initialization() -> Result<()> {
 
     // Generate network key for the node
     let network_id = mobile.generate_network_data_key()?;
+    // Get the network public key from the mobile key manager
+    let network_public_key = mobile
+        .key_manager
+        .get_network_public_key_by_id(&network_id)?;
     let network_key_message = mobile.create_network_key_message(
-        &network_id,
+        &network_public_key,
         &parsed_setup_token.setup_token.node_agreement_public_key,
     )?;
     println!("   ✅ Network key generated:");

runar-cli/tests/e2e_init_test.rs

@@ -168,18 +168,20 @@ int32_t rn_keys_mobile_install_network_public_key(void *keys,
                                                   struct RNAPIRnError *err);
 
 int32_t rn_keys_mobile_generate_network_data_key(void *keys,
-                                                 char **out_str,
+                                                 uint8_t **out_pk,
                                                  size_t *out_len,
                                                  struct RNAPIRnError *err);
 
 int32_t rn_keys_mobile_get_network_public_key(void *keys,
-                                              const char *network_id,
+                                              const uint8_t *network_public_key,
+                                              size_t network_public_key_len,
                                               uint8_t **out_pk,
                                               size_t *out_len,
                                               struct RNAPIRnError *err);
 
 int32_t rn_keys_mobile_create_network_key_message(void *keys,
-                                                  const char *network_id,
+                                                  const uint8_t *network_public_key,
+                                                  size_t network_public_key_len,
                                                   const uint8_t *node_agreement_pk,
                                                   size_t node_agreement_pk_len,
                                                   uint8_t **out_msg_cbor,
@@ -248,7 +250,8 @@ int32_t rn_keys_encrypt_for_public_key(void *keys,
 int32_t rn_keys_encrypt_for_network(void *keys,
                                     const uint8_t *data,
                                     size_t data_len,
-                                    const char *network_id,
+                                    const uint8_t *network_public_key,
+                                    size_t network_public_key_len,
                                     uint8_t **out_eed_cbor,
                                     size_t *out_len,
                                     struct RNAPIRnError *err);

runar-ffi/include/runar_ffi.h

@@ -1571,7 +1571,7 @@ pub unsafe extern "C" fn rn_keys_mobile_install_network_public_key(
 #[no_mangle]
 pub unsafe extern "C" fn rn_keys_mobile_generate_network_data_key(
     keys: *mut c_void,
-    out_str: *mut *mut c_char,
+    out_pk: *mut *mut u8,
     out_len: *mut usize,
     err: *mut RnError,
 ) -> i32 {
@@ -1580,8 +1580,12 @@ pub unsafe extern "C" fn rn_keys_mobile_generate_network_data_key(
         set_error(err, RN_ERROR_NULL_ARGUMENT, "keys handle is null");
         return RN_ERROR_NULL_ARGUMENT;
     }
-    if out_str.is_null() {
-        set_error(err, RN_ERROR_NULL_ARGUMENT, "output string pointer is null");
+    if out_pk.is_null() {
+        set_error(
+            err,
+            RN_ERROR_NULL_ARGUMENT,
+            "output public key pointer is null",
+        );
         return RN_ERROR_NULL_ARGUMENT;
     }
     if out_len.is_null() {
@@ -1610,8 +1614,8 @@ pub unsafe extern "C" fn rn_keys_mobile_generate_network_data_key(
     };
 
     match mobile_manager.generate_network_data_key() {
-        Ok(network_id) => {
-            if !alloc_string(out_str, out_len, &network_id) {
+        Ok(network_public_key) => {
+            if !alloc_bytes(out_pk, out_len, &network_public_key) {
                 set_error(err, RN_ERROR_MEMORY_ALLOCATION, "alloc failed");
                 RN_ERROR_MEMORY_ALLOCATION
             } else {
@@ -1632,7 +1636,8 @@ pub unsafe extern "C" fn rn_keys_mobile_generate_network_data_key(
 #[no_mangle]
 pub unsafe extern "C" fn rn_keys_mobile_get_network_public_key(
     keys: *mut c_void,
-    network_id: *const c_char,
+    network_public_key: *const u8,
+    network_public_key_len: usize,
     out_pk: *mut *mut u8,
     out_len: *mut usize,
     err: *mut RnError,
@@ -1642,8 +1647,12 @@ pub unsafe extern "C" fn rn_keys_mobile_get_network_public_key(
         set_error(err, RN_ERROR_NULL_ARGUMENT, "keys handle is null");
         return RN_ERROR_NULL_ARGUMENT;
     }
-    if network_id.is_null() {
-        set_error(err, RN_ERROR_NULL_ARGUMENT, "network_id pointer is null");
+    if network_public_key.is_null() {
+        set_error(
+            err,
+            RN_ERROR_NULL_ARGUMENT,
+            "network_public_key pointer is null",
+        );
         return RN_ERROR_NULL_ARGUMENT;
     }
     if out_pk.is_null() {
@@ -1679,15 +1688,9 @@ pub unsafe extern "C" fn rn_keys_mobile_get_network_public_key(
         }
     };
 
-    let nid = match std::ffi::CStr::from_ptr(network_id).to_str() {
-        Ok(s) => s,
-        Err(_) => {
-            set_error(err, RN_ERROR_INVALID_UTF8, "invalid utf8 network_id");
-            return RN_ERROR_INVALID_UTF8;
-        }
-    };
+    let network_pk = std::slice::from_raw_parts(network_public_key, network_public_key_len);
 
-    match mobile_manager.get_network_public_key(nid) {
+    match mobile_manager.get_network_public_key(network_pk) {
         Ok(pk) => {
             if !alloc_bytes(out_pk, out_len, &pk) {
                 set_error(err, RN_ERROR_MEMORY_ALLOCATION, "alloc failed");
@@ -1710,24 +1713,25 @@ pub unsafe extern "C" fn rn_keys_mobile_get_network_public_key(
 #[no_mangle]
 pub unsafe extern "C" fn rn_keys_mobile_create_network_key_message(
     keys: *mut c_void,
-    network_id: *const c_char,
+    network_public_key: *const u8,
+    network_public_key_len: usize,
     node_agreement_pk: *const u8,
     node_agreement_pk_len: usize,
     out_msg_cbor: *mut *mut u8,
     out_len: *mut usize,
     err: *mut RnError,
 ) -> i32 {
     let Some(inner) = with_keys_inner(keys) else {
-        set_error(err, 1, "keys handle is null");
-        return 1;
+        set_error(err, RN_ERROR_INVALID_HANDLE, "keys handle is null");
+        return RN_ERROR_INVALID_HANDLE;
     };
-    if network_id.is_null()
+    if network_public_key.is_null()
         || node_agreement_pk.is_null()
         || out_msg_cbor.is_null()
         || out_len.is_null()
     {
-        set_error(err, 1, "null argument");
-        return 1;
+        set_error(err, RN_ERROR_NULL_ARGUMENT, "null argument");
+        return RN_ERROR_NULL_ARGUMENT;
     }
     let manager = match validate_mobile_manager(inner) {
         Ok(mgr) => mgr,
@@ -1745,16 +1749,9 @@ pub unsafe extern "C" fn rn_keys_mobile_create_network_key_message(
         }
     };
 
-    let nid = match std::ffi::CStr::from_ptr(network_id).to_str() {
-        Ok(s) => s,
-        Err(_) => {
-            set_error(err, RN_ERROR_INVALID_UTF8, "invalid utf8 network_id");
-            return RN_ERROR_INVALID_UTF8;
-        }
-    };
-
-    let pk = std::slice::from_raw_parts(node_agreement_pk, node_agreement_pk_len);
-    let msg = match mobile_manager.create_network_key_message(nid, pk) {
+    let network_pk = std::slice::from_raw_parts(network_public_key, network_public_key_len);
+    let node_pk = std::slice::from_raw_parts(node_agreement_pk, node_agreement_pk_len);
+    let msg = match mobile_manager.create_network_key_message(network_pk, node_pk) {
         Ok(m) => m,
         Err(e) => {
             set_error(
@@ -1768,13 +1765,17 @@ pub unsafe extern "C" fn rn_keys_mobile_create_network_key_message(
     let cbor = match serde_cbor::to_vec(&msg) {
         Ok(v) => v,
         Err(e) => {
-            set_error(err, 2, &format!("encode NetworkKeyMessage failed: {e}"));
-            return 2;
+            set_error(
+                err,
+                RN_ERROR_SERIALIZATION_FAILED,
+                &format!("encode NetworkKeyMessage failed: {e}"),
+            );
+            return RN_ERROR_SERIALIZATION_FAILED;
         }
     };
     if !alloc_bytes(out_msg_cbor, out_len, &cbor) {
-        set_error(err, 3, "alloc failed");
-        return 3;
+        set_error(err, RN_ERROR_MEMORY_ALLOCATION, "alloc failed");
+        return RN_ERROR_MEMORY_ALLOCATION;
     }
     0
 }
@@ -2302,7 +2303,8 @@ pub unsafe extern "C" fn rn_keys_encrypt_for_network(
     keys: *mut c_void,
     data: *const u8,
     data_len: usize,
-    network_id: *const c_char,
+    network_public_key: *const u8,
+    network_public_key_len: usize,
     out_eed_cbor: *mut *mut u8,
     out_len: *mut usize,
     err: *mut RnError,
@@ -2316,8 +2318,12 @@ pub unsafe extern "C" fn rn_keys_encrypt_for_network(
         set_error(err, RN_ERROR_NULL_ARGUMENT, "data pointer is null");
         return RN_ERROR_NULL_ARGUMENT;
     }
-    if network_id.is_null() {
-        set_error(err, RN_ERROR_NULL_ARGUMENT, "network_id pointer is null");
+    if network_public_key.is_null() {
+        set_error(
+            err,
+            RN_ERROR_NULL_ARGUMENT,
+            "network_public_key pointer is null",
+        );
         return RN_ERROR_NULL_ARGUMENT;
     }
     if out_eed_cbor.is_null() {
@@ -2338,13 +2344,7 @@ pub unsafe extern "C" fn rn_keys_encrypt_for_network(
         return RN_ERROR_INVALID_HANDLE;
     };
     let data_slice = std::slice::from_raw_parts(data, data_len);
-    let nid = match std::ffi::CStr::from_ptr(network_id).to_str() {
-        Ok(s) => s,
-        Err(_) => {
-            set_error(err, RN_ERROR_INVALID_UTF8, "invalid utf8 network id");
-            return RN_ERROR_INVALID_UTF8;
-        }
-    };
+    let network_pk = std::slice::from_raw_parts(network_public_key, network_public_key_len);
     let manager = match validate_node_manager(inner) {
         Ok(mgr) => mgr,
         Err(e) => {
@@ -2361,7 +2361,7 @@ pub unsafe extern "C" fn rn_keys_encrypt_for_network(
         }
     };
 
-    let eed = match node_manager.encrypt_for_network(data_slice, nid) {
+    let eed = match node_manager.encrypt_for_network(data_slice, network_pk) {
         Ok(v) => v,
         Err(e) => {
             set_error(

runar-ffi/src/lib.rs

@@ -60,13 +60,13 @@ fn linux_keystore_minimal_network_key_crash_repro() {
         assert_eq!(rn_keys_mobile_initialize_user_root_key(keys, &mut err), 0);
 
         // 8) rn_keys_mobile_generate_network_data_key (crash repro point)
-        let mut nid_ptr: *mut c_char = std::ptr::null_mut();
+        let mut nid_ptr: *mut u8 = std::ptr::null_mut();
         let mut nid_len: usize = 0;
         let rc =
             rn_keys_mobile_generate_network_data_key(keys, &mut nid_ptr, &mut nid_len, &mut err);
         assert_eq!(rc, 0, "generate_network_data_key failed: {}", last_err());
         if !nid_ptr.is_null() {
-            rn_string_free(nid_ptr);
+            rn_free(nid_ptr, nid_len);
         }
 
         rn_keys_free(keys);

runar-ffi/tests/ffi_keys_state_step_test.rs

@@ -235,7 +235,7 @@ fn linux_keystore_end_to_end_mobile_node_flow() {
         rn_free(st_ptr, st_len);
 
         // Create a network and install on node
-        let mut nid_c: *mut c_char = std::ptr::null_mut();
+        let mut nid_c: *mut u8 = std::ptr::null_mut();
         let mut nid_len: usize = 0;
         assert_eq!(
             rn_keys_mobile_generate_network_data_key(
@@ -248,16 +248,16 @@ fn linux_keystore_end_to_end_mobile_node_flow() {
             "gen network key: {}",
             last_err()
         );
-        let nid = cstr_to_string(nid_c, nid_len);
-        rn_string_free(nid_c);
-        let nid_cs = CString::new(nid.clone()).unwrap();
+        let network_public_key = std::slice::from_raw_parts(nid_c as *const u8, nid_len).to_vec();
+        rn_free(nid_c, nid_len);
 
         let mut nkm_ptr: *mut u8 = std::ptr::null_mut();
         let mut nkm_len: usize = 0;
         assert_eq!(
             rn_keys_mobile_create_network_key_message(
                 mobile_keys,
-                nid_cs.as_ptr(),
+                network_public_key.as_ptr(),
+                network_public_key.len(),
                 st_val.node_agreement_public_key.as_ptr(),
                 st_val.node_agreement_public_key.len(),
                 &mut nkm_ptr as *mut _,
@@ -506,17 +506,6 @@ fn test_ensure_symmetric_key() {
     }
 }
 
-#[cfg(all(feature = "linux-keystore", target_os = "linux"))]
-fn cstr_to_string(ptr: *const c_char, len: usize) -> String {
-    if ptr.is_null() || len == 0 {
-        return String::new();
-    }
-    unsafe {
-        let bytes = std::slice::from_raw_parts(ptr as *const u8, len);
-        String::from_utf8_lossy(bytes).to_string()
-    }
-}
-
 #[cfg(all(feature = "linux-keystore", target_os = "linux"))]
 fn last_err() -> String {
     unsafe {