deon_protocol 1.3.4

A secure, hybrid (BLE/Wi-Fi) file transfer protocol with SPAKE2 authentication and XChaCha20-Poly1305 encryption.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152

use ed25519_dalek::{Signer, SigningKey, VerifyingKey, Signature, Verifier};
use serde::{Serialize, Deserialize};
use std::collections::HashMap;
use std::sync::{Arc, Mutex};
use crate::error::DeonError;
use log::{info, warn};

/// --- 1. Transaction Structure ---
/// Represents a value transfer or state change in the Deon Protocol.
/// Includes replay protection (nonce) and authenticity (signature).
#[derive(Serialize, Deserialize, Debug, Clone)]
pub struct Transaction {
    pub sender: [u8; 32],   // Ed25519 Public Key
    pub receiver: [u8; 32], // Ed25519 Public Key
    pub amount: u64,
    pub nonce: u64,         // Replay Protection
    pub signature: Option<Vec<u8>>,
}

impl Transaction {
    pub fn new(sender: [u8; 32], receiver: [u8; 32], amount: u64, nonce: u64) -> Self {
        Self {
            sender,
            receiver,
            amount,
            nonce,
            signature: None,
        }
    }

    /// Sign the transaction with the sender's private key.
    pub fn sign(&mut self, key_pair: &SigningKey) {
        let msg = self.get_signable_bytes();
        let signature: Signature = key_pair.sign(&msg);
        self.signature = Some(signature.to_bytes().to_vec());
    }

    /// Verify the transaction signature.
    pub fn verify(&self) -> Result<(), DeonError> {
        let sig_bytes = self.signature.as_ref().ok_or(DeonError::AuthFailed)?;
        if sig_bytes.len() != 64 {
            return Err(DeonError::AuthFailed);
        }
        
        let mut sig_arr = [0u8; 64];
        sig_arr.copy_from_slice(sig_bytes);
        let signature = Signature::from_bytes(&sig_arr);
        
        let public_key = VerifyingKey::from_bytes(&self.sender)
            .map_err(|_| DeonError::Crypto)?;

        let msg = self.get_signable_bytes();
        public_key.verify(&msg, &signature)
            .map_err(|_| DeonError::AuthFailed)
    }

    fn get_signable_bytes(&self) -> Vec<u8> {
        let mut buf = Vec::new();
        buf.extend_from_slice(&self.sender);
        buf.extend_from_slice(&self.receiver);
        buf.extend_from_slice(&self.amount.to_be_bytes());
        buf.extend_from_slice(&self.nonce.to_be_bytes());
        buf
    }
}

/// --- 2. Token State Management (Offline Ledger) ---
/// Tracks "Who has how much" and prevents double-spends via nonces.
pub struct Ledger {
    balances: Arc<Mutex<HashMap<[u8; 32], u64>>>,
    nonces: Arc<Mutex<HashMap<[u8; 32], u64>>>,
}

impl Ledger {
    pub fn new() -> Self {
        Self {
            balances: Arc::new(Mutex::new(HashMap::new())),
            nonces: Arc::new(Mutex::new(HashMap::new())),
        }
    }

    /// Process a transaction: verify signature, check nonce, check balance, update state.
    pub fn process_transaction(&self, tx: &Transaction) -> Result<(), DeonError> {
        // 1. Verify Signature
        tx.verify()?;

        let mut balances = self.balances.lock().unwrap();
        let mut nonces = self.nonces.lock().unwrap();

        // 2. Replay Protection (Nonce Check)
        let current_nonce = nonces.entry(tx.sender).or_insert(0);
        if tx.nonce <= *current_nonce {
            warn!("Replay attack detected! Tx Nonce: {}, Current: {}", tx.nonce, *current_nonce);
            return Err(DeonError::AuthFailed); // Should be specific "ReplayDetected" error
        }

        // 3. Balance Check
        let sender_balance = balances.entry(tx.sender).or_insert(0);
        if *sender_balance < tx.amount {
            warn!("Insufficient funds: Has {}, Needs {}", *sender_balance, tx.amount);
            return Err(DeonError::ProtocolViolation); // InsufficientFunds
        }

        // 4. Update State (Atomically)
        *sender_balance -= tx.amount;
        let receiver_balance = balances.entry(tx.receiver).or_insert(0);
        *receiver_balance += tx.amount;
        
        // Update Nonce
        *current_nonce = tx.nonce;

        info!("Transaction processed: {} transferred", tx.amount);
        Ok(())
    }

    /// Debug helper to set balance (Minting)
    pub fn debug_mint(&self, account: [u8; 32], amount: u64) {
        let mut balances = self.balances.lock().unwrap();
        *balances.entry(account).or_insert(0) += amount;
    }

    pub fn get_balance(&self, account: &[u8; 32]) -> u64 {
        let balances = self.balances.lock().unwrap();
        *balances.get(account).unwrap_or(&0)
    }
}

/// --- 3. Settlement Layer Interface ---
/// Defines how the offline protocol syncs with a blockchain when online.
#[async_trait::async_trait]
pub trait SettlementLayer: Send + Sync {
    /// Submit a batch of offline transactions to the blockchain.
    async fn settle_batch(&self, transactions: Vec<Transaction>) -> Result<[u8; 32], DeonError>;
    
    /// Verify if a transaction is finalized on-chain.
    async fn is_finalized(&self, tx_hash: &[u8]) -> Result<bool, DeonError>;
}

/// Mock implementation for testing/docs
pub struct MockBlockchain;

#[async_trait::async_trait]
impl SettlementLayer for MockBlockchain {
    async fn settle_batch(&self, transactions: Vec<Transaction>) -> Result<[u8; 32], DeonError> {
        info!("Settling {} transactions to MockBlockchain...", transactions.len());
        Ok([0xEE; 32]) // Mock Tx Hash
    }

    async fn is_finalized(&self, _tx_hash: &[u8]) -> Result<bool, DeonError> {
        Ok(true)
    }
}