Enhance mobile decryption functionality (#47)

* Enhance mobile decryption functionality and add comprehensive tests

- Updated the `Keys` class to replace the `decrypt_with_network` method with `decrypt_envelope_data`, improving clarity and functionality in mobile decryption processes.
- Introduced a new test case for mobile decryption with profile keys, validating the decryption path for user mobile keystores and ensuring compatibility with profile-based encryption.
- Enhanced existing tests to cover various scenarios, including multiple valid profile keys and network key fallbacks, ensuring robust validation of the decryption workflows.
- Improved logging in tests to provide better insights during execution and confirm successful decryption paths.

* Refactor network key management to check for private keys

- Renamed the `get_network_public_key` function to `has_network_private_key` across multiple modules, enhancing clarity in the API by explicitly indicating the function's purpose.
- Updated method signatures and implementations in `runar-ffi`, `runar-keys`, and `runar-nodejs-api` to reflect the new naming convention, ensuring consistency across the codebase.
- Adjusted related tests to validate the new functionality, confirming that the checks for private keys are correctly implemented and functioning as expected.
- Improved documentation and comments to clarify the changes and their implications for users of the API.

Author: pentateu

runar-ffi/include/runar_ffi.h

@@ -172,12 +172,12 @@ int32_t rn_keys_mobile_generate_network_data_key(void *keys,
                                                  size_t *out_len,
                                                  struct RNAPIRnError *err);
 
-int32_t rn_keys_mobile_get_network_public_key(void *keys,
-                                              const uint8_t *network_public_key,
-                                              size_t network_public_key_len,
-                                              uint8_t **out_pk,
-                                              size_t *out_len,
-                                              struct RNAPIRnError *err);
+int32_t rn_keys_mobile_has_network_private_key(void *keys,
+                                               const uint8_t *network_public_key,
+                                               size_t network_public_key_len,
+                                               uint8_t **out_pk,
+                                               size_t *out_len,
+                                               struct RNAPIRnError *err);
 
 int32_t rn_keys_mobile_create_network_key_message(void *keys,
                                                   const uint8_t *network_public_key,

runar-ffi/src/lib.rs

@@ -1634,7 +1634,7 @@ pub unsafe extern "C" fn rn_keys_mobile_generate_network_data_key(
 }
 
 #[no_mangle]
-pub unsafe extern "C" fn rn_keys_mobile_get_network_public_key(
+pub unsafe extern "C" fn rn_keys_mobile_has_network_private_key(
     keys: *mut c_void,
     network_public_key: *const u8,
     network_public_key_len: usize,
@@ -1690,7 +1690,7 @@ pub unsafe extern "C" fn rn_keys_mobile_get_network_public_key(
 
     let network_pk = std::slice::from_raw_parts(network_public_key, network_public_key_len);
 
-    match mobile_manager.get_network_public_key(network_pk) {
+    match mobile_manager.has_network_private_key(network_pk) {
         Ok(pk) => {
             if !alloc_bytes(out_pk, out_len, &pk) {
                 set_error(err, RN_ERROR_MEMORY_ALLOCATION, "alloc failed");
@@ -1703,7 +1703,7 @@ pub unsafe extern "C" fn rn_keys_mobile_get_network_public_key(
             set_error(
                 err,
                 RN_ERROR_OPERATION_FAILED,
-                &format!("get_network_public_key failed: {e}"),
+                &format!("has_network_private_key failed: {e}"),
             );
             RN_ERROR_OPERATION_FAILED
         }

runar-keys/src/lib.rs

@@ -56,8 +56,8 @@ pub trait EnvelopeCrypto: Send + Sync {
 
     fn decrypt_envelope_data(&self, env: &EnvelopeEncryptedData) -> Result<Vec<u8>>;
 
-    /// Get network public key by network public key bytes
-    fn get_network_public_key(&self, network_public_key: &[u8]) -> Result<Vec<u8>>;
+    /// Check if we have the private key for this network public key
+    fn has_network_private_key(&self, network_public_key: &[u8]) -> Result<Vec<u8>>;
 
     /// Get network public key by network ID (needed for path resolution)
     fn get_network_public_key_by_id(&self, network_id: &str) -> Result<Vec<u8>>;

runar-keys/src/mobile.rs

@@ -385,13 +385,13 @@ impl MobileKeyManager {
         out
     }
 
-    pub fn get_network_public_key(&self, network_public_key: &[u8]) -> Result<Vec<u8>> {
-        // Direct access - validate we have the key
+    pub fn has_network_private_key(&self, network_public_key: &[u8]) -> Result<Vec<u8>> {
+        // Direct access - validate we have the private key for this public key
         if self.network_data_keys.contains_key(network_public_key) {
             Ok(network_public_key.to_vec())
         } else {
             Err(KeyError::KeyNotFound(format!(
-                "Network key not found for public key: {} bytes",
+                "Network private key not found for public key: {} bytes",
                 network_public_key.len()
             )))
         }
@@ -1038,8 +1038,8 @@ impl EnvelopeCrypto for MobileKeyManager {
         self.decrypt_with_network(env)
     }
 
-    fn get_network_public_key(&self, network_public_key: &[u8]) -> Result<Vec<u8>> {
-        MobileKeyManager::get_network_public_key(self, network_public_key)
+    fn has_network_private_key(&self, network_public_key: &[u8]) -> Result<Vec<u8>> {
+        MobileKeyManager::has_network_private_key(self, network_public_key)
     }
 
     fn get_network_public_key_by_id(&self, network_id: &str) -> Result<Vec<u8>> {

runar-keys/src/node.rs

@@ -677,13 +677,13 @@ impl NodeKeyManager {
             })
     }
 
-    pub fn get_network_public_key(&self, network_public_key: &[u8]) -> Result<Vec<u8>> {
-        // Direct access - validate we have the key
+    pub fn has_network_private_key(&self, network_public_key: &[u8]) -> Result<Vec<u8>> {
+        // Direct access - validate we have the private key for this public key
         if self.network_agreements.contains_key(network_public_key) {
             Ok(network_public_key.to_vec())
         } else {
             Err(KeyError::KeyNotFound(format!(
-                "Network key not found for public key: {} bytes",
+                "Network private key not found for public key: {} bytes",
                 network_public_key.len()
             )))
         }
@@ -949,8 +949,8 @@ impl EnvelopeCrypto for NodeKeyManager {
         NodeKeyManager::decrypt_envelope_data(self, env)
     }
 
-    fn get_network_public_key(&self, network_public_key: &[u8]) -> Result<Vec<u8>> {
-        NodeKeyManager::get_network_public_key(self, network_public_key)
+    fn has_network_private_key(&self, network_public_key: &[u8]) -> Result<Vec<u8>> {
+        NodeKeyManager::has_network_private_key(self, network_public_key)
     }
 
     fn get_network_public_key_by_id(&self, network_id: &str) -> Result<Vec<u8>> {

runar-node/src/node.rs

@@ -65,9 +65,9 @@ impl EnvelopeCrypto for NodeKeyManagerWrapper {
         keys_manager.decrypt_envelope_data(env)
     }
 
-    fn get_network_public_key(&self, network_public_key: &[u8]) -> KeyResult<Vec<u8>> {
+    fn has_network_private_key(&self, network_public_key: &[u8]) -> KeyResult<Vec<u8>> {
         let keys_manager = self.0.read().unwrap();
-        keys_manager.get_network_public_key(network_public_key)
+        keys_manager.has_network_private_key(network_public_key)
     }
 
     fn get_network_public_key_by_id(&self, network_id: &str) -> KeyResult<Vec<u8>> {

runar-nodejs-api/index.d.ts

@@ -63,7 +63,7 @@ export declare class Keys {
   encryptMessageForMobile(message: Uint8Array, mobilePk: Uint8Array): Uint8Array
   decryptMessageFromMobile(encrypted: Uint8Array): Uint8Array
   mobileDeriveUserProfileKey(label: string): Uint8Array
-  mobileGetNetworkPublicKey(networkPublicKey: Uint8Array): Uint8Array
+  mobileHasNetworkPrivateKey(networkPublicKey: Uint8Array): Uint8Array
   mobileCreateNetworkKeyMessage(networkPublicKey: Uint8Array, nodeAgreementPk: Uint8Array): Uint8Array
   ensureSymmetricKey(keyName: string): Uint8Array
   /**

runar-nodejs-api/src/lib.rs

@@ -6,7 +6,7 @@ use napi::threadsafe_function::{ThreadsafeFunction, ThreadsafeFunctionCallMode};
 use napi_derive::napi;
 use once_cell::sync::Lazy;
 use runar_common::logging::{Component, Logger};
-use runar_keys::{MobileKeyManager, NodeKeyManager};
+use runar_keys::{EnvelopeCrypto, MobileKeyManager, NodeKeyManager};
 use runar_schemas::NodeInfo;
 
 use runar_transporter::discovery::{DiscoveryEvent, DiscoveryOptions};
@@ -373,7 +373,7 @@ impl Keys {
             .mobile
             .as_ref()
             .unwrap()
-            .decrypt_with_network(&eed)
+            .decrypt_envelope_data(&eed)
             .map_err(|e| Error::from_reason(e.to_string()))?;
 
         Ok(Uint8Array::from(plain))
@@ -616,7 +616,7 @@ impl Keys {
     }
 
     #[napi]
-    pub fn mobile_get_network_public_key(
+    pub fn mobile_has_network_private_key(
         &self,
         network_public_key: Uint8Array,
     ) -> Result<Uint8Array> {
@@ -631,7 +631,7 @@ impl Keys {
             .mobile
             .as_mut()
             .unwrap()
-            .get_network_public_key(&network_public_key)
+            .has_network_private_key(&network_public_key)
             .map_err(|e| Error::from_reason(e.to_string()))?;
         Ok(Uint8Array::from(pk))
     }

runar-nodejs-api/tests/comprehensive_api_test.ts

@@ -152,7 +152,7 @@ describe('Comprehensive API Tests', () => {
       const testPk = Buffer.alloc(65, 1); // Mock public key
       keys.mobileInstallNetworkPublicKey(testPk);
       const networkPublicKey = keys.mobileGenerateNetworkDataKey();
-      const pk = keys.mobileGetNetworkPublicKey(networkPublicKey);
+      const pk = keys.mobileHasNetworkPrivateKey(networkPublicKey);
       expect(pk instanceof Uint8Array).toBe(true);
       expect(pk.length).toBeGreaterThan(0);
     }, 10000);

runar-nodejs-api/tests/comprehensive_lifecycle_test.ts

@@ -187,7 +187,7 @@ describe('Comprehensive End-to-End Lifecycle Tests', () => {
 
     // 5.1 Mobile encrypts with envelope
     // Get network public key from network ID for envelope encryption
-    const retrievedNetworkPublicKey = mobileKeys.mobileGetNetworkPublicKey(networkPublicKey);
+    const retrievedNetworkPublicKey = mobileKeys.mobileHasNetworkPrivateKey(networkPublicKey);
     expect(retrievedNetworkPublicKey instanceof Uint8Array).toBe(true);
     expect(retrievedNetworkPublicKey.length).toBeGreaterThan(0);