saorsa_core/identity/
node_identity.rs

1// Copyright (c) 2025 Saorsa Labs Limited
2
3// This file is part of the Saorsa P2P network.
4
5// Licensed under the AGPL-3.0 license:
6// <https://www.gnu.org/licenses/agpl-3.0.html>
7
8// This program is distributed in the hope that it will be useful,
9// but WITHOUT ANY WARRANTY; without even the implied warranty of
10// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11// GNU Affero General Public License for more details.
12
13// You should have received a copy of the GNU Affero General Public License
14// along with this program. If not, see <https://www.gnu.org/licenses/>.
15
16// Copyright 2024 P2P Foundation
17// SPDX-License-Identifier: AGPL-3.0-or-later
18
19//! Node Identity (no embedded word address)
20//!
21//! Implements the core identity system for P2P nodes with:
22//! - ML-DSA-65 post-quantum cryptographic keys
23//! - Four-word human-readable addresses
24//! - Deterministic generation from seeds
25
26use crate::error::IdentityError;
27use crate::{P2PError, Result};
28use serde::{Deserialize, Serialize};
29use sha2::{Digest, Sha256};
30use std::fmt;
31
32// Import PQC types from ant_quic via quantum_crypto module
33use crate::quantum_crypto::ant_quic_integration::{MlDsaPublicKey, MlDsaSecretKey, MlDsaSignature};
34
35// No four-word address tied to identity; addressing is handled elsewhere.
36
37/// Node ID derived from public key (256-bit)
38#[derive(Debug, Clone, PartialEq, Eq, Hash, Serialize, Deserialize)]
39pub struct NodeId(pub [u8; 32]);
40
41impl NodeId {
42    /// Create from ML-DSA public key
43    pub fn from_public_key(public_key: &MlDsaPublicKey) -> Self {
44        let mut hasher = Sha256::new();
45        hasher.update(public_key.as_bytes());
46        let hash = hasher.finalize();
47        let mut id = [0u8; 32];
48        id.copy_from_slice(&hash);
49        Self(id)
50    }
51
52    /// Convert to bytes
53    pub fn to_bytes(&self) -> &[u8; 32] {
54        &self.0
55    }
56
57    /// XOR distance to another node ID (for Kademlia)
58    pub fn xor_distance(&self, other: &NodeId) -> [u8; 32] {
59        let mut distance = [0u8; 32];
60        for (i, out) in distance.iter_mut().enumerate() {
61            *out = self.0[i] ^ other.0[i];
62        }
63        distance
64    }
65
66    /// Create from public key bytes
67    pub fn from_public_key_bytes(bytes: &[u8]) -> Result<Self> {
68        // ML-DSA-65 public key is 1952 bytes
69        if bytes.len() != 1952 {
70            return Err(P2PError::Identity(IdentityError::InvalidFormat(
71                "Invalid ML-DSA public key length".to_string().into(),
72            )));
73        }
74
75        // Create ML-DSA public key from bytes
76        let public_key = MlDsaPublicKey::from_bytes(bytes).map_err(|e| {
77            IdentityError::InvalidFormat(format!("Invalid ML-DSA public key: {:?}", e).into())
78        })?;
79
80        Ok(NodeId::from_public_key(&public_key))
81    }
82
83    /// Helper for tests/backwards-compat: construct from raw bytes
84    pub fn from_bytes(bytes: [u8; 32]) -> Self {
85        Self(bytes)
86    }
87}
88
89impl fmt::Display for NodeId {
90    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
91        write!(f, "{}", hex::encode(&self.0[..8])) // First 8 bytes for brevity
92    }
93}
94
95/// Public node identity information (without secret keys) - safe to clone
96#[derive(Clone)]
97pub struct PublicNodeIdentity {
98    /// ML-DSA public key
99    public_key: MlDsaPublicKey,
100    /// Node ID derived from public key
101    node_id: NodeId,
102}
103
104impl PublicNodeIdentity {
105    /// Get node ID
106    pub fn node_id(&self) -> &NodeId {
107        &self.node_id
108    }
109
110    /// Get public key
111    pub fn public_key(&self) -> &MlDsaPublicKey {
112        &self.public_key
113    }
114
115    // Word addresses are not part of identity; use bootstrap/transport layers
116}
117
118/// Core node identity with cryptographic keys
119pub struct NodeIdentity {
120    /// ML-DSA-65 secret key (private)
121    secret_key: MlDsaSecretKey,
122    /// ML-DSA-65 public key
123    public_key: MlDsaPublicKey,
124    /// Node ID derived from public key
125    node_id: NodeId,
126}
127
128impl NodeIdentity {
129    /// Generate new identity
130    pub fn generate() -> Result<Self> {
131        // Generate ML-DSA-65 key pair (ant-quic integration)
132        let (public_key, secret_key) =
133            crate::quantum_crypto::generate_ml_dsa_keypair().map_err(|e| {
134                P2PError::Identity(IdentityError::InvalidFormat(
135                    format!("Failed to generate ML-DSA key pair: {}", e).into(),
136                ))
137            })?;
138
139        let node_id = NodeId::from_public_key(&public_key);
140
141        crate::quantum_crypto::ant_quic_integration::register_debug_ml_dsa_keypair(
142            &secret_key,
143            &public_key,
144        );
145
146        Ok(Self {
147            secret_key,
148            public_key,
149            node_id,
150        })
151    }
152
153    /// Convert this identity's NodeId to a UserId for use in adaptive modules
154    pub fn to_user_id(&self) -> crate::peer_record::UserId {
155        crate::peer_record::UserId::from_bytes(self.node_id.0)
156    }
157
158    /// Generate from seed (deterministic)
159    pub fn from_seed(seed: &[u8; 32]) -> Result<Self> {
160        // Deterministically derive key material via HKDF-SHA3
161        use saorsa_pqc::{HkdfSha3_256, api::traits::Kdf};
162
163        // ML-DSA-65 public/secret key sizes (bytes)
164        const ML_DSA_PUB_LEN: usize = 1952;
165        const ML_DSA_SEC_LEN: usize = 4032;
166
167        let mut derived = vec![0u8; ML_DSA_PUB_LEN + ML_DSA_SEC_LEN];
168        HkdfSha3_256::derive(seed, None, b"saorsa-node-identity-seed", &mut derived).map_err(
169            |_| P2PError::Identity(IdentityError::InvalidFormat("HKDF expand failed".into())),
170        )?;
171
172        let pub_bytes = &derived[..ML_DSA_PUB_LEN];
173        let sec_bytes = &derived[ML_DSA_PUB_LEN..];
174
175        // Construct keys from bytes; these constructors accept byte slices in our integration
176        let public_key =
177            crate::quantum_crypto::ant_quic_integration::MlDsaPublicKey::from_bytes(pub_bytes)
178                .map_err(|e| {
179                    P2PError::Identity(IdentityError::InvalidFormat(
180                        format!("Invalid ML-DSA public key bytes: {e}").into(),
181                    ))
182                })?;
183        let secret_key =
184            crate::quantum_crypto::ant_quic_integration::MlDsaSecretKey::from_bytes(sec_bytes)
185                .map_err(|e| {
186                    P2PError::Identity(IdentityError::InvalidFormat(
187                        format!("Invalid ML-DSA secret key bytes: {e}").into(),
188                    ))
189                })?;
190
191        let node_id = NodeId::from_public_key(&public_key);
192
193        crate::quantum_crypto::ant_quic_integration::register_debug_ml_dsa_keypair(
194            &secret_key,
195            &public_key,
196        );
197
198        Ok(Self {
199            secret_key,
200            public_key,
201            node_id,
202        })
203    }
204
205    /// Get node ID
206    pub fn node_id(&self) -> &NodeId {
207        &self.node_id
208    }
209
210    /// Get public key
211    pub fn public_key(&self) -> &MlDsaPublicKey {
212        &self.public_key
213    }
214
215    // No Proof-of-Work in this crate
216
217    /// Get secret key bytes (for raw key authentication)
218    pub fn secret_key_bytes(&self) -> &[u8] {
219        self.secret_key.as_bytes()
220    }
221
222    /// Sign a message
223    pub fn sign(&self, message: &[u8]) -> Result<MlDsaSignature> {
224        crate::quantum_crypto::ml_dsa_sign(&self.secret_key, message).map_err(|e| {
225            P2PError::Identity(IdentityError::InvalidFormat(
226                format!("ML-DSA signing failed: {:?}", e).into(),
227            ))
228        })
229    }
230
231    /// Verify a signature
232    pub fn verify(&self, message: &[u8], signature: &MlDsaSignature) -> Result<bool> {
233        crate::quantum_crypto::ml_dsa_verify(&self.public_key, message, signature).map_err(|e| {
234            P2PError::Identity(IdentityError::InvalidFormat(
235                format!("ML-DSA verification failed: {:?}", e).into(),
236            ))
237        })
238    }
239
240    /// Create a public version of this identity (safe to clone)
241    pub fn to_public(&self) -> PublicNodeIdentity {
242        PublicNodeIdentity {
243            public_key: self.public_key.clone(),
244            node_id: self.node_id.clone(),
245        }
246    }
247}
248
249impl NodeIdentity {
250    /// Create an identity from an existing secret key
251    /// Note: Currently not supported as ant-quic doesn't provide public key derivation from secret key
252    /// This would require storing both keys together
253    pub fn from_secret_key(_secret_key: MlDsaSecretKey) -> Result<Self> {
254        Err(P2PError::Identity(IdentityError::InvalidFormat(
255            "Creating identity from secret key alone is not supported"
256                .to_string()
257                .into(),
258        )))
259    }
260}
261
262impl NodeIdentity {
263    /// Save identity to a JSON file (async)
264    pub async fn save_to_file(&self, path: &std::path::Path) -> Result<()> {
265        use tokio::fs;
266        let data = self.export();
267        let json = serde_json::to_string_pretty(&data).map_err(|e| {
268            P2PError::Identity(crate::error::IdentityError::InvalidFormat(
269                format!("Failed to serialize identity: {}", e).into(),
270            ))
271        })?;
272
273        if let Some(parent) = path.parent() {
274            fs::create_dir_all(parent).await.map_err(|e| {
275                P2PError::Identity(crate::error::IdentityError::InvalidFormat(
276                    format!("Failed to create directory: {}", e).into(),
277                ))
278            })?;
279        }
280
281        tokio::fs::write(path, json).await.map_err(|e| {
282            P2PError::Identity(crate::error::IdentityError::InvalidFormat(
283                format!("Failed to write identity file: {}", e).into(),
284            ))
285        })?;
286        Ok(())
287    }
288
289    /// Load identity from a JSON file (async)
290    pub async fn load_from_file(path: &std::path::Path) -> Result<Self> {
291        let json = tokio::fs::read_to_string(path).await.map_err(|e| {
292            P2PError::Identity(crate::error::IdentityError::InvalidFormat(
293                format!("Failed to read identity file: {}", e).into(),
294            ))
295        })?;
296        let data: IdentityData = serde_json::from_str(&json).map_err(|e| {
297            P2PError::Identity(crate::error::IdentityError::InvalidFormat(
298                format!("Failed to deserialize identity: {}", e).into(),
299            ))
300        })?;
301        Self::import(&data)
302    }
303}
304
305/// Serializable identity data for persistence
306#[derive(Serialize, Deserialize)]
307pub struct IdentityData {
308    /// ML-DSA secret key bytes (4032 bytes for ML-DSA-65)
309    pub secret_key: Vec<u8>,
310    /// ML-DSA public key bytes (1952 bytes for ML-DSA-65)
311    pub public_key: Vec<u8>,
312}
313
314impl NodeIdentity {
315    /// Export identity for persistence
316    pub fn export(&self) -> IdentityData {
317        IdentityData {
318            secret_key: self.secret_key.as_bytes().to_vec(),
319            public_key: self.public_key.as_bytes().to_vec(),
320        }
321    }
322
323    /// Import identity from persisted data
324    pub fn import(data: &IdentityData) -> Result<Self> {
325        // Reconstruct keys from bytes
326        let secret_key = crate::quantum_crypto::ant_quic_integration::MlDsaSecretKey::from_bytes(
327            &data.secret_key,
328        )
329        .map_err(|e| {
330            P2PError::Identity(IdentityError::InvalidFormat(
331                format!("Invalid ML-DSA secret key: {e}").into(),
332            ))
333        })?;
334        let public_key = crate::quantum_crypto::ant_quic_integration::MlDsaPublicKey::from_bytes(
335            &data.public_key,
336        )
337        .map_err(|e| {
338            P2PError::Identity(IdentityError::InvalidFormat(
339                format!("Invalid ML-DSA public key: {e}").into(),
340            ))
341        })?;
342
343        let node_id = NodeId::from_public_key(&public_key);
344
345        crate::quantum_crypto::ant_quic_integration::register_debug_ml_dsa_keypair(
346            &secret_key,
347            &public_key,
348        );
349
350        Ok(Self {
351            secret_key,
352            public_key,
353            node_id,
354        })
355    }
356}
357
358#[cfg(test)]
359mod tests {
360    use super::*;
361
362    #[test]
363    fn test_node_id_generation() {
364        let (public_key, _secret_key) = crate::quantum_crypto::generate_ml_dsa_keypair()
365            .expect("ML-DSA key generation should succeed");
366        let node_id = NodeId::from_public_key(&public_key);
367
368        // Should be 32 bytes
369        assert_eq!(node_id.to_bytes().len(), 32);
370
371        // Should be deterministic
372        let node_id2 = NodeId::from_public_key(&public_key);
373        assert_eq!(node_id, node_id2);
374    }
375
376    #[test]
377    fn test_xor_distance() {
378        let id1 = NodeId([0u8; 32]);
379        let mut id2_bytes = [0u8; 32];
380        id2_bytes[0] = 0xFF;
381        let id2 = NodeId(id2_bytes);
382
383        let distance = id1.xor_distance(&id2);
384        assert_eq!(distance[0], 0xFF);
385        for byte in &distance[1..] {
386            assert_eq!(*byte, 0);
387        }
388    }
389
390    #[test]
391    fn test_proof_of_work() {
392        // PoW removed: this test no longer applicable
393    }
394
395    #[test]
396    fn test_identity_generation() {
397        let identity = NodeIdentity::generate().expect("Identity generation should succeed");
398
399        // Test signing and verification
400        let message = b"Hello, P2P!";
401        let signature = identity.sign(message).unwrap();
402        assert!(identity.verify(message, &signature).unwrap());
403
404        // Wrong message should fail with original signature
405        assert!(!identity.verify(b"Wrong message", &signature).unwrap());
406    }
407
408    #[test]
409    fn test_deterministic_generation() {
410        let seed = [0x42; 32];
411        let identity1 = NodeIdentity::from_seed(&seed).expect("Identity from seed should succeed");
412        let identity2 = NodeIdentity::from_seed(&seed).expect("Identity from seed should succeed");
413
414        // Should generate same identity
415        assert_eq!(identity1.node_id, identity2.node_id);
416        assert_eq!(
417            identity1.public_key().as_bytes(),
418            identity2.public_key().as_bytes()
419        );
420    }
421
422    #[test]
423    fn test_identity_persistence() {
424        let identity = NodeIdentity::generate().expect("Identity generation should succeed");
425
426        // Export
427        let data = identity.export();
428
429        // Import
430        let imported = NodeIdentity::import(&data).expect("Import should succeed with valid data");
431
432        // Should be the same
433        assert_eq!(identity.node_id, imported.node_id);
434        assert_eq!(
435            identity.public_key().as_bytes(),
436            imported.public_key().as_bytes()
437        );
438
439        // Should be able to sign with imported identity
440        let message = b"Test message";
441        let signature = imported.sign(message);
442        assert!(identity.verify(message, &signature.unwrap()).unwrap());
443    }
444}