shadow_crypto/

keypair.rs

use crate::encryption::EncryptionKey;
use crate::signature::{SigningKey, VerifyKey};
use serde::{Deserialize, Serialize};

/// Combined keypair for encryption and signing
#[derive(Debug)]
pub struct Keypair {
    /// Encryption key (X25519 public key)
    pub encryption_public: [u8; 32],
    /// Signing key
    pub signing_key: SigningKey,
    /// Verification key (public)
    pub verify_key: VerifyKey,
}

impl Keypair {
    /// Generate new keypair
    pub fn generate() -> Self {
        let signing_key = SigningKey::generate();
        let verify_key = signing_key.verify_key();
        
        // Generate X25519 keypair (we only store public key here)
        use x25519_dalek::{EphemeralSecret, PublicKey};
        let secret = EphemeralSecret::random_from_rng(rand::rngs::OsRng);
        let encryption_public = PublicKey::from(&secret).to_bytes();
        
        Self {
            encryption_public,
            signing_key,
            verify_key,
        }
    }

    /// Get public identity (for sharing with peers)
    pub fn public_identity(&self) -> PublicIdentity {
        PublicIdentity {
            encryption_key: self.encryption_public,
            verify_key: self.verify_key,
        }
    }
}

/// Public identity that can be shared with peers
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct PublicIdentity {
    /// Public key for encryption (X25519)
    pub encryption_key: [u8; 32],
    /// Public key for signature verification (Ed25519)
    pub verify_key: VerifyKey,
}

impl PublicIdentity {
    /// Convert to bytes for network transmission
    pub fn to_bytes(&self) -> Vec<u8> {
        bincode::serialize(self).expect("Serialization should not fail")
    }

    /// Create from bytes
    pub fn from_bytes(bytes: &[u8]) -> anyhow::Result<Self> {
        bincode::deserialize(bytes).map_err(Into::into)
    }
}

/// Generate a new keypair
pub fn generate_keypair() -> Keypair {
    Keypair::generate()
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_keypair_generation() {
        let keypair = generate_keypair();
        assert_eq!(keypair.encryption_public.len(), 32);
    }

    #[test]
    fn test_public_identity_serialization() {
        let keypair = generate_keypair();
        let identity = keypair.public_identity();
        
        let bytes = identity.to_bytes();
        let decoded = PublicIdentity::from_bytes(&bytes).unwrap();
        
        assert_eq!(identity.encryption_key, decoded.encryption_key);
        assert_eq!(identity.verify_key.as_bytes(), decoded.verify_key.as_bytes());
    }
}