volt_client_grpc/

relay.rs

//! Relay protocol implementation for Volt client.
//!
//! This module implements the relay protocol used when connecting to a Volt
//! through a relay server. The relay protocol uses:
//!
//! 1. **X25519 key exchange** - For establishing a shared secret
//! 2. **HKDF key derivation** - For deriving the AES encryption key
//! 3. **AES-CBC encryption** - For encrypting payloads
//! 4. **VoltAPI.Invoke** - The bidirectional streaming RPC method
//!
//! ## Protocol Flow
//!
//! 1. Client opens an `Invoke` stream with the relay
//! 2. Client sends first `InvokeRequest` with:
//!    - JWT token for authentication
//!    - target_did (the Volt DID we want to reach)
//!    - NO payload (key exchange request)
//! 3. Relay responds with `InvokeResponse` containing:
//!    - key_exchange: { encryption_key, nonce, signature }
//! 4. Client verifies the signature using target's public key
//! 5. Client derives shared AES key from X25519 ECDH + HKDF
//! 6. All subsequent requests/responses are AES-CBC encrypted

use prost::Message;
use std::sync::atomic::{AtomicU64, Ordering};
use std::sync::{Arc, OnceLock};
use tokio::sync::{mpsc, Mutex};
use tonic::Streaming;

use crate::crypto::{
    aes_cbc_decrypt, aes_cbc_encrypt, random_iv, to_base64, StaticKeyExchange, AES_CBC_IV_LENGTH,
    AES_KEY_LENGTH,
};
use crate::error::{Result, VoltError};
use crate::proto::volt::{
    invoke_request, invoke_response, method_invoke, method_payload, remote_request,
    remote_response, InvokeRequest, InvokeRequestKeyExchange, InvokeResponse, MethodEnd,
    MethodInvoke, MethodPayload, MethodType, RemoteRequest, RemoteResponse,
};

fn relay_debug_enabled() -> bool {
    static RELAY_DEBUG: OnceLock<bool> = OnceLock::new();
    *RELAY_DEBUG.get_or_init(|| match std::env::var("TDX_RELAY_DEBUG") {
        Ok(val) => val != "0" && !val.is_empty(),
        Err(_) => false,
    })
}

fn log_remote_response(
    stage: &str,
    invoke_id: u64,
    remote_response: &RemoteResponse,
    plaintext_b64: &str,
    plaintext_len: usize,
) {
    if !relay_debug_enabled() {
        return;
    }
    match serde_json::to_string(remote_response) {
        Ok(json) => {
            tracing::info!(
                target = "relay_debug",
                "remote_response[{}]: invoke_id={} plaintext_len={} plaintext_b64={} json={}",
                stage,
                invoke_id,
                plaintext_len,
                plaintext_b64,
                json
            );
        }
        Err(err) => {
            tracing::warn!(
                target = "relay_debug",
                "remote_response[{}]: invoke_id={} failed_to_serialize={} plaintext_len={} plaintext_b64={}",
                stage,
                invoke_id,
                err,
                plaintext_len,
                plaintext_b64
            );
        }
    }
}

fn log_invoke_request(stage: &str, request: &InvokeRequest, plaintext_b64: Option<&str>) {
    if !relay_debug_enabled() {
        return;
    }

    let wire_b64 = to_base64(&request.encode_to_vec());

    let iv_b64 = if request.iv.is_empty() {
        String::new()
    } else {
        to_base64(&request.iv)
    };

    let (payload_type, payload_len, payload_b64) = match &request.request_payload {
        Some(invoke_request::RequestPayload::Payload(bytes)) => {
            ("payload", bytes.len(), Some(to_base64(bytes)))
        }
        Some(invoke_request::RequestPayload::JsonPayload(bytes)) => {
            ("json_payload", bytes.len(), Some(to_base64(bytes)))
        }
        None => ("none", 0, None),
    };

    tracing::info!(
        target = "relay_debug",
        "invoke_request[{}]: id={} token={} target_did={:?} iv_b64={} client_end={} hop_index={} target_service_id={} payload_type={} payload_len={} payload_b64={} plaintext_b64={} wire_b64={}",
        stage,
        request.invoke_id,
        request.token,
        request.target_did,
        iv_b64,
        request.client_end,
        request.hop_index,
        request.target_service_id,
        payload_type,
        payload_len,
        payload_b64.as_deref().unwrap_or(""),
        plaintext_b64.unwrap_or(""),
        wire_b64,
    );
}

/// State of the relay connection
#[derive(Debug, Clone, PartialEq)]
pub enum RelayState {
    /// Not connected
    Disconnected,
    /// Waiting for key exchange response
    KeyExchangePending,
    /// Connected and ready for encrypted communication
    Connected,
    /// Connection closed
    Closed,
}

/// Relay connection context
///
/// This manages the state for a single relay connection, including:
/// - Key exchange state
/// - Encryption key
/// - Invoke ID counter
pub struct RelayContext {
    /// Current state
    state: RelayState,
    /// Our X25519 key exchange
    key_exchange: StaticKeyExchange,
    /// Derived AES encryption key (after key exchange)
    encryption_key: Option<[u8; AES_KEY_LENGTH]>,
    /// Invoke ID counter
    invoke_id_counter: AtomicU64,
    /// Target Volt DID
    target_did: String,
    /// Target public key (for signature verification)
    target_public_key: Option<Vec<u8>>,
}

impl std::fmt::Debug for RelayContext {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        f.debug_struct("RelayContext")
            .field("state", &self.state)
            .field("target_did", &self.target_did)
            .field("has_encryption_key", &self.encryption_key.is_some())
            .finish()
    }
}

impl RelayContext {
    /// Create a new relay context
    pub fn new(target_did: String) -> Self {
        Self {
            state: RelayState::Disconnected,
            key_exchange: StaticKeyExchange::new(),
            encryption_key: None,
            invoke_id_counter: AtomicU64::new(1),
            target_did,
            target_public_key: None,
        }
    }

    /// Set the target's public key for signature verification
    pub fn set_target_public_key(&mut self, public_key: Vec<u8>) {
        self.target_public_key = Some(public_key);
    }

    /// Get the next invoke ID
    pub fn next_invoke_id(&self) -> u64 {
        self.invoke_id_counter.fetch_add(1, Ordering::SeqCst)
    }

    /// Get current state
    pub fn state(&self) -> &RelayState {
        &self.state
    }

    /// Get our public key bytes
    pub fn public_key_bytes(&self) -> [u8; 32] {
        self.key_exchange.public_key_bytes()
    }

    /// Get our public key as base64 (SubjectPublicKeyInfo DER, matching JS client)
    pub fn public_key_base64(&self) -> String {
        const DER_PREFIX: [u8; 12] = [
            0x30, 0x2a, // SEQUENCE, len 42
            0x30, 0x05, // SEQUENCE, len 5
            0x06, 0x03, 0x2b, 0x65, 0x6e, // OID 1.3.101.110 (X25519)
            0x03, 0x21, 0x00, // BIT STRING, len 33, 0 unused bits
        ];

        let mut der = Vec::with_capacity(DER_PREFIX.len() + 32);
        der.extend_from_slice(&DER_PREFIX);
        der.extend_from_slice(&self.key_exchange.public_key_bytes());
        to_base64(&der)
    }

    /// Create the initial key exchange request
    ///
    /// This is the first message sent on the Invoke stream.
    pub fn create_key_exchange_request(&mut self, token: &str) -> InvokeRequest {
        self.state = RelayState::KeyExchangePending;

        let request = InvokeRequest {
            invoke_id: self.next_invoke_id(),
            token: token.to_string(),
            target_did: vec![self.target_did.clone()],
            iv: Vec::new(), // No IV for key exchange request
            client_end: false,
            hop_index: 0,
            target_service_id: String::new(),
            request_payload: None, // No payload for key exchange
        };

        log_invoke_request("key_exchange", &request, None);
        request
    }

    /// Process the key exchange response
    ///
    /// This verifies the signature and derives the shared encryption key.
    pub fn process_key_exchange_response(
        &mut self,
        key_exchange: &InvokeRequestKeyExchange,
    ) -> Result<()> {
        // Extract the server's public key
        let server_public_key: [u8; 32] = key_exchange
            .encryption_key
            .as_slice()
            .try_into()
            .map_err(|_| VoltError::crypto("Invalid encryption key length"))?;

        // Verify the signature if we have the target's public key
        if let Some(target_pk) = &self.target_public_key {
            // The signed message is encryption_key || nonce
            let mut message =
                Vec::with_capacity(key_exchange.encryption_key.len() + key_exchange.nonce.len());
            message.extend_from_slice(&key_exchange.encryption_key);
            message.extend_from_slice(&key_exchange.nonce);

            // Verify using Ed25519
            let target_pk_array: [u8; 32] = target_pk
                .as_slice()
                .try_into()
                .map_err(|_| VoltError::crypto("Invalid target public key length"))?;

            let verifying_key = ed25519_dalek::VerifyingKey::from_bytes(&target_pk_array)
                .map_err(|e| VoltError::crypto(format!("Invalid public key: {}", e)))?;

            let signature_array: [u8; 64] = key_exchange
                .signature
                .as_slice()
                .try_into()
                .map_err(|_| VoltError::crypto("Invalid signature length"))?;

            let signature = ed25519_dalek::Signature::from_bytes(&signature_array);

            verifying_key
                .verify_strict(&message, &signature)
                .map_err(|e| VoltError::crypto(format!("Signature verification failed: {}", e)))?;

            tracing::debug!("Key exchange signature verified successfully");
        } else {
            tracing::warn!("No target public key set, skipping signature verification");
        }

        // Derive the shared encryption key
        let encryption_key = self
            .key_exchange
            .derive_relay_encryption_key(&server_public_key)?;
        self.encryption_key = Some(encryption_key);
        self.state = RelayState::Connected;

        tracing::info!("Relay key exchange completed successfully");
        Ok(())
    }

    /// Encrypt a payload for sending
    pub fn encrypt(&self, plaintext: &[u8]) -> Result<(Vec<u8>, [u8; AES_CBC_IV_LENGTH])> {
        let key = self
            .encryption_key
            .ok_or_else(|| VoltError::crypto("No encryption key established"))?;

        let iv = random_iv();
        let ciphertext = aes_cbc_encrypt(&key, &iv, plaintext)?;

        Ok((ciphertext, iv))
    }

    /// Decrypt a received payload
    pub fn decrypt(&self, ciphertext: &[u8], iv: &[u8]) -> Result<Vec<u8>> {
        let key = self
            .encryption_key
            .ok_or_else(|| VoltError::crypto("No encryption key established"))?;

        let iv_array: [u8; AES_CBC_IV_LENGTH] = iv
            .try_into()
            .map_err(|_| VoltError::crypto("Invalid IV length"))?;

        aes_cbc_decrypt(&key, &iv_array, ciphertext)
    }

    /// Create an encrypted InvokeRequest wrapping a RemoteResponse
    ///
    /// Note: In the relay protocol, the client sends "responses" to the relay
    /// which forwards them to the target Volt (which treats them as requests).
    pub fn create_encrypted_request(
        &self,
        invoke_id: u64,
        remote_response: &RemoteResponse,
    ) -> Result<InvokeRequest> {
        // Serialize the RemoteResponse
        let mut buf = Vec::new();
        remote_response.encode(&mut buf).map_err(|e| {
            VoltError::serialization(format!("Failed to encode RemoteResponse: {}", e))
        })?;

        let plaintext_b64 = if relay_debug_enabled() {
            let b64 = to_base64(&buf);
            log_remote_response("request", invoke_id, remote_response, &b64, buf.len());
            Some(b64)
        } else {
            None
        };

        // Encrypt the serialized payload
        let (encrypted, iv) = self.encrypt(&buf)?;

        let request = InvokeRequest {
            invoke_id,
            token: String::new(), // Token only needed on first request
            target_did: vec![self.target_did.clone()],
            iv: iv.to_vec(),
            client_end: false,
            hop_index: 0,
            target_service_id: String::new(),
            request_payload: Some(invoke_request::RequestPayload::Payload(encrypted)),
        };

        log_invoke_request("encrypted", &request, plaintext_b64.as_deref());

        Ok(request)
    }

    /// Parse an InvokeResponse and extract the RemoteRequest
    ///
    /// Handles both key exchange responses and encrypted payload responses.
    pub fn parse_response(&mut self, response: &InvokeResponse) -> Result<Option<RemoteRequest>> {
        // Check for key exchange response
        if let Some(ref key_exchange) = response.key_exchange {
            self.process_key_exchange_response(key_exchange)?;
            return Ok(None);
        }

        // Check for error status
        if let Some(invoke_response::ResponsePayload::Status(ref status)) =
            response.response_payload
        {
            if status.code != 0 {
                return Err(VoltError::server(status.code, &status.message));
            }
            return Ok(None);
        }

        // Extract and decrypt the payload
        let encrypted_payload = match &response.response_payload {
            Some(invoke_response::ResponsePayload::Payload(data)) => data.as_slice(),
            Some(invoke_response::ResponsePayload::JsonPayload(data)) => data.as_slice(),
            _ => return Ok(None),
        };

        // Decrypt the payload
        let decrypted = self.decrypt(encrypted_payload, &response.iv)?;

        // Deserialize as RemoteRequest
        let remote_request = RemoteRequest::decode(decrypted.as_slice()).map_err(|e| {
            VoltError::serialization(format!("Failed to decode RemoteRequest: {}", e))
        })?;

        Ok(Some(remote_request))
    }

    /// Create a MethodInvoke payload for calling a service method
    pub fn create_method_invoke(
        &self,
        invoke_id: u64,
        service_id: &str,
        method_name: &str,
        method_type: MethodType,
        request_data: Vec<u8>,
    ) -> RemoteResponse {
        let method_invoke = MethodInvoke {
            id: invoke_id,
            service_id: service_id.to_string(),
            method_name: method_name.to_string(),
            method_type: method_type as i32,
            invoke_request: Some(method_invoke::InvokeRequest::Request(request_data)),
        };

        RemoteResponse {
            payload: Some(remote_response::Payload::MethodInvoke(method_invoke)),
        }
    }

    /// Create a MethodPayload for streaming data
    pub fn create_method_payload(&self, invoke_id: u64, payload: Vec<u8>) -> RemoteResponse {
        let method_payload = MethodPayload {
            id: invoke_id,
            method_payload: Some(method_payload::MethodPayload::Payload(payload)),
        };

        RemoteResponse {
            payload: Some(remote_response::Payload::MethodPayload(method_payload)),
        }
    }

    /// Create a MethodEnd to signal end of stream
    pub fn create_method_end(&self, invoke_id: u64) -> RemoteResponse {
        let method_end = MethodEnd {
            id: invoke_id,
            ended: true,
            error: String::new(),
            error_code: 0,
        };

        RemoteResponse {
            payload: Some(remote_response::Payload::MethodEnd(method_end)),
        }
    }
}

/// A relay-wrapped gRPC call
///
/// This wraps the normal gRPC call logic to work through the relay protocol.
pub struct RelayCall {
    /// The relay context for this call
    context: Arc<Mutex<RelayContext>>,
    /// The invoke ID for this call
    invoke_id: u64,
    /// Service ID
    service_id: String,
}

impl RelayCall {
    /// Create a new relay call
    pub fn new(context: Arc<Mutex<RelayContext>>, service_id: String) -> Self {
        // We'll get the invoke_id when we make the call
        Self {
            context,
            invoke_id: 0,
            service_id,
        }
    }

    /// Make a unary call through the relay
    pub async fn unary<Req, Resp>(
        &mut self,
        method_name: &str,
        request: Req,
        invoke_stream_sender: &mpsc::Sender<InvokeRequest>,
        invoke_stream_receiver: &mut Streaming<InvokeResponse>,
    ) -> Result<Resp>
    where
        Req: Message,
        Resp: Message + Default,
    {
        let ctx = self.context.lock().await;

        // Get invoke ID
        self.invoke_id = ctx.next_invoke_id();

        // Serialize the request
        let mut request_bytes = Vec::new();
        request
            .encode(&mut request_bytes)
            .map_err(|e| VoltError::serialization(format!("Failed to encode request: {}", e)))?;

        // Create the method invoke
        let remote_response = ctx.create_method_invoke(
            self.invoke_id,
            &self.service_id,
            method_name,
            MethodType::Unary,
            request_bytes,
        );

        // Encrypt and send
        let invoke_request = ctx.create_encrypted_request(self.invoke_id, &remote_response)?;
        drop(ctx); // Release lock before awaiting

        invoke_stream_sender
            .send(invoke_request)
            .await
            .map_err(|e| VoltError::connection(format!("Failed to send request: {}", e)))?;

        // Receive response
        let response = invoke_stream_receiver
            .message()
            .await
            .map_err(|e| VoltError::grpc(e.code(), e.message()))?
            .ok_or_else(|| VoltError::connection("Stream closed unexpectedly"))?;

        // Parse and decrypt the response
        let mut ctx = self.context.lock().await;
        let remote_request = ctx
            .parse_response(&response)?
            .ok_or_else(|| VoltError::protocol("Expected payload response"))?;

        // Extract the method payload
        match remote_request.payload {
            Some(remote_request::Payload::MethodPayload(mp)) => {
                let payload = match mp.method_payload {
                    Some(method_payload::MethodPayload::Payload(p)) => p,
                    Some(method_payload::MethodPayload::JsonPayload(j)) => j.into_bytes(),
                    None => return Err(VoltError::protocol("Empty method payload")),
                };

                Resp::decode(payload.as_slice()).map_err(|e| {
                    VoltError::serialization(format!("Failed to decode response: {}", e))
                })
            }
            _ => Err(VoltError::protocol("Expected MethodPayload response")),
        }
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_relay_context_creation() {
        let ctx = RelayContext::new("did:tdx:test-volt".to_string());
        assert_eq!(ctx.state(), &RelayState::Disconnected);
        assert!(ctx.encryption_key.is_none());
    }

    #[test]
    fn test_invoke_id_counter() {
        let ctx = RelayContext::new("did:tdx:test-volt".to_string());
        assert_eq!(ctx.next_invoke_id(), 1);
        assert_eq!(ctx.next_invoke_id(), 2);
        assert_eq!(ctx.next_invoke_id(), 3);
    }

    #[test]
    fn test_key_exchange_request_creation() {
        let mut ctx = RelayContext::new("did:tdx:test-volt".to_string());
        let request = ctx.create_key_exchange_request("test-jwt-token");

        assert_eq!(ctx.state(), &RelayState::KeyExchangePending);
        assert_eq!(request.token, "test-jwt-token");
        assert_eq!(request.target_did, vec!["did:tdx:test-volt"]);
        assert!(request.request_payload.is_none());
    }

    #[test]
    fn test_encrypt_decrypt_roundtrip() {
        let mut ctx = RelayContext::new("did:tdx:test-volt".to_string());

        // Manually set an encryption key for testing
        ctx.encryption_key = Some([0u8; AES_KEY_LENGTH]);
        ctx.state = RelayState::Connected;

        let plaintext = b"Hello, relay world!";
        let (ciphertext, iv) = ctx.encrypt(plaintext).unwrap();
        let decrypted = ctx.decrypt(&ciphertext, &iv).unwrap();

        assert_eq!(plaintext.as_slice(), decrypted.as_slice());
    }
}