fix: auth key size

Author: ovitrif

Cargo.lock

@@ -1,6 +1,6 @@
 [package]
 name = "vss-rust-client-ffi"
-version = "0.5.8"
+version = "0.5.9"
 edition = "2021"
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 

Cargo.toml

@@ -3,4 +3,4 @@ android.useAndroidX=true
 android.nonTransitiveRClass=true
 kotlin.code.style=official
 # project settings:
-version=0.5.8
+version=0.5.9

bindings/android/gradle.properties

@@ -516,19 +516,7 @@ impl VssClient {
     /// Lists all raw keys on the server without any deobfuscation.
     /// Diagnostic function to see exactly what keys exist on the server.
     pub async fn list_all_raw_keys(&self) -> Result<Vec<KeyVersion>, VssError> {
-        let request = ListKeyVersionsRequest {
-            store_id: self.store_id.clone(),
-            key_prefix: None,
-            page_size: None,
-            page_token: None,
-        };
-        let results = self
-            .inner
-            .list_key_versions(&request)
-            .await
-            .map_err(|e| convert_error(e, "list_all_raw_keys"))?
-            .key_versions;
-
+        let results = self.list_all_key_versions_paginated(None).await?;
         Ok(results
             .into_iter()
             .map(|kv| KeyVersion {
@@ -683,19 +671,7 @@ impl VssClient {
         prefix: Option<String>,
         key_obfuscator: &Option<Arc<KeyObfuscator>>,
     ) -> Result<Vec<KeyVersion>, VssError> {
-        let request = ListKeyVersionsRequest {
-            store_id: self.store_id.clone(),
-            key_prefix: prefix,
-            page_size: None,
-            page_token: None,
-        };
-        let results = self
-            .inner
-            .list_key_versions(&request)
-            .await
-            .map_err(|e| convert_error(e, "list_key_versions"))?
-            .key_versions;
-
+        let results = self.list_all_key_versions_paginated(prefix).await?;
         let mut result = Vec::new();
         for kv in results {
             if let Ok(original_key) = Self::deobfuscate_key(key_obfuscator, &kv.key) {
@@ -707,6 +683,38 @@ impl VssClient {
         }
         Ok(result)
     }
+
+    /// Fetches all key versions across pages using pagination.
+    async fn list_all_key_versions_paginated(
+        &self,
+        prefix: Option<String>,
+    ) -> Result<Vec<ExternalKeyValue>, VssError> {
+        let mut all_results = Vec::new();
+        let mut page_token: Option<String> = None;
+
+        loop {
+            let request = ListKeyVersionsRequest {
+                store_id: self.store_id.clone(),
+                key_prefix: prefix.clone(),
+                page_size: Some(100),
+                page_token: page_token.clone(),
+            };
+            let response = self
+                .inner
+                .list_key_versions(&request)
+                .await
+                .map_err(|e| convert_error(e, "list_paginated"))?;
+
+            all_results.extend(response.key_versions);
+
+            match response.next_page_token {
+                Some(ref token) if !token.is_empty() => page_token = Some(token.clone()),
+                _ => break,
+            }
+        }
+
+        Ok(all_results)
+    }
 }
 
 /// Derives data encryption and obfuscation keys from VSS seed

bindings/android/src/main/jniLibs/arm64-v8a/libvss_rust_client_ffi.so

@@ -67,10 +67,9 @@ impl LdkVssClient {
     ) -> Result<Self, VssError> {
         let secp = Secp256k1::new();
 
-        // LNURL-auth: from truncated 32-byte seed path (same server identity as app client)
-        let truncated_seed: [u8; 32] = seed[..32].try_into().unwrap();
+        // LNURL-auth: from full 64-byte seed (same server identity as ldk-node)
         let auth_master_xprv =
-            Xpriv::new_master(Network::Bitcoin, &truncated_seed).map_err(|e| {
+            Xpriv::new_master(Network::Bitcoin, &seed).map_err(|e| {
                 VssError::ConnectionError {
                     error_details: format!("Failed to create auth master key: {}", e),
                 }
@@ -265,19 +264,7 @@ impl LdkVssClient {
     /// Lists all raw keys on the server without any deobfuscation.
     /// Diagnostic function to see exactly what keys exist on the server.
     pub async fn list_all_raw_keys(&self) -> Result<Vec<KeyVersion>, VssError> {
-        let request = ListKeyVersionsRequest {
-            store_id: self.store_id.clone(),
-            key_prefix: None,
-            page_size: None,
-            page_token: None,
-        };
-        let results = self
-            .inner
-            .list_key_versions(&request)
-            .await
-            .map_err(|e| convert_error(e, "ldk_list_all_raw_keys"))?
-            .key_versions;
-
+        let results = self.list_all_key_versions_paginated(None).await?;
         Ok(results
             .into_iter()
             .map(|kv| KeyVersion {
@@ -293,25 +280,16 @@ impl LdkVssClient {
         let obfuscated_key = self.key_obfuscator.obfuscate(&key);
         let primary = namespace.primary();
         let secondary = namespace.secondary();
+        let prefix_str = format!("{}#{}", primary, secondary);
 
-        match (primary, secondary) {
-            ("", "") => {
-                // Default namespace: same for V0 and V1
-                format!("default: {}", obfuscated_key)
-            }
-            _ => {
-                let prefix_str = format!("{}#{}", primary, secondary);
-
-                // V0: plaintext prefix + # + obfuscated key
-                let v0 = format!("{}#{}", prefix_str, obfuscated_key);
+        // V0: plaintext prefix + # + obfuscated key
+        let v0 = format!("{}#{}", prefix_str, obfuscated_key);
 
-                // V1: obfuscated prefix + # + obfuscated key
-                let obfuscated_prefix = self.key_obfuscator.obfuscate(&prefix_str);
-                let v1 = format!("{}#{}", obfuscated_prefix, obfuscated_key);
+        // V1: obfuscated prefix + # + obfuscated key
+        let obfuscated_prefix = self.key_obfuscator.obfuscate(&prefix_str);
+        let v1 = format!("{}#{}", obfuscated_prefix, obfuscated_key);
 
-                format!("v0: {}\nv1: {}", v0, v1)
-            }
-        }
+        format!("v0: {}\nv1: {}", v0, v1)
     }
 
     // --- Internal helpers ---
@@ -320,16 +298,10 @@ impl LdkVssClient {
     fn build_key(&self, key: &str, namespace: &LdkNamespace) -> String {
         let primary = namespace.primary();
         let secondary = namespace.secondary();
-
-        match (primary, secondary) {
-            ("", "") => self.key_obfuscator.obfuscate(key),
-            _ => {
-                let prefix = format!("{}#{}", primary, secondary);
-                let obfuscated_prefix = self.key_obfuscator.obfuscate(&prefix);
-                let obfuscated_key = self.key_obfuscator.obfuscate(key);
-                format!("{}#{}", obfuscated_prefix, obfuscated_key)
-            }
-        }
+        let prefix = format!("{}#{}", primary, secondary);
+        let obfuscated_prefix = self.key_obfuscator.obfuscate(&prefix);
+        let obfuscated_key = self.key_obfuscator.obfuscate(key);
+        format!("{}#{}", obfuscated_prefix, obfuscated_key)
     }
 
     /// Builds the obfuscated namespace prefix for server-side filtering.
@@ -357,19 +329,7 @@ impl LdkVssClient {
         &self,
         prefix: Option<String>,
     ) -> Result<Vec<KeyVersion>, VssError> {
-        let request = ListKeyVersionsRequest {
-            store_id: self.store_id.clone(),
-            key_prefix: prefix,
-            page_size: None,
-            page_token: None,
-        };
-        let results = self
-            .inner
-            .list_key_versions(&request)
-            .await
-            .map_err(|e| convert_error(e, "ldk_list_key_versions"))?
-            .key_versions;
-
+        let results = self.list_all_key_versions_paginated(prefix).await?;
         let mut result = Vec::new();
         for kv in results {
             if let Some(original_key) = self.try_deobfuscate(&kv.key) {
@@ -381,4 +341,36 @@ impl LdkVssClient {
         }
         Ok(result)
     }
+
+    /// Fetches all key versions across pages using pagination.
+    async fn list_all_key_versions_paginated(
+        &self,
+        prefix: Option<String>,
+    ) -> Result<Vec<ExternalKeyValue>, VssError> {
+        let mut all_results = Vec::new();
+        let mut page_token: Option<String> = None;
+
+        loop {
+            let request = ListKeyVersionsRequest {
+                store_id: self.store_id.clone(),
+                key_prefix: prefix.clone(),
+                page_size: Some(100),
+                page_token: page_token.clone(),
+            };
+            let response = self
+                .inner
+                .list_key_versions(&request)
+                .await
+                .map_err(|e| convert_error(e, "ldk_list_paginated"))?;
+
+            all_results.extend(response.key_versions);
+
+            match response.next_page_token {
+                Some(ref token) if !token.is_empty() => page_token = Some(token.clone()),
+                _ => break,
+            }
+        }
+
+        Ok(all_results)
+    }
 }

bindings/android/src/main/jniLibs/armeabi-v7a/libvss_rust_client_ffi.so

@@ -327,14 +327,14 @@ mod tests {
         let (_, obf_master) = derive_data_encryption_and_obfuscation_keys(&vss_seed);
         let obfuscator = KeyObfuscator::new(obf_master);
 
-        // V0/V1 Default namespace: just obf(key)
+        // Obfuscation roundtrip: obfuscate then deobfuscate
         let obfuscated = obfuscator.obfuscate("network_graph");
         assert_eq!(
             obfuscator.deobfuscate(&obfuscated).unwrap(),
             "network_graph"
         );
 
-        // V1 with namespace prefix: obf(prefix)#obf(key)
+        // V1 with namespace prefix (including Default "#"): obf(prefix)#obf(key)
         let prefix = obfuscator.obfuscate("monitors#");
         let key = obfuscator.obfuscate("network_graph");
         let composite = format!("{}#{}", prefix, key);
@@ -378,9 +378,10 @@ mod tests {
         .await
         .unwrap();
 
-        // Default namespace returns single format
+        // Default namespace returns V0 and V1 format (same as all namespaces)
         let default_result = client.debug_obfuscate("network_graph".to_string(), &LdkNamespace::Default);
-        assert!(default_result.starts_with("default: "));
+        assert!(default_result.contains("v0: "));
+        assert!(default_result.contains("v1: "));
 
         // Namespaced returns V0 and V1 formats
         let monitors_result = client.debug_obfuscate("network_graph".to_string(), &LdkNamespace::Monitors);
@@ -413,19 +414,16 @@ mod tests {
         .await
         .unwrap();
 
-        // The shared client incorrectly wraps Default namespace with obf("#")#obf(key)
-        // while ldk-node just uses obf(key) for Default ("", "").
-        // The dedicated LDK client correctly matches ldk-node's behavior.
+        // Both clients now correctly use V1 format: obf("#")#obf(key) for Default namespace
         let shared_key = shared_client.build_key_ldk("network_graph", &LdkNamespace::Default);
         let ldk_debug = ldk_client.debug_obfuscate("network_graph".to_string(), &LdkNamespace::Default);
-        let ldk_key = ldk_debug.strip_prefix("default: ").unwrap();
-
-        // The shared client produces a DIFFERENT key than ldk-node for Default namespace
-        assert_ne!(shared_key, ldk_key, "shared client should differ from ldk-node for Default namespace");
-        // The shared client adds a prefix even for Default namespace (bug)
-        assert!(shared_key.contains('#'), "shared client incorrectly adds prefix for Default namespace");
-        // The dedicated LDK client produces a key WITHOUT prefix (correct, matches ldk-node)
-        assert!(!ldk_key.contains('#'), "LDK client should not add prefix for Default namespace");
+        let v1_line = ldk_debug.lines().find(|l| l.starts_with("v1: ")).unwrap();
+        let ldk_key = v1_line.strip_prefix("v1: ").unwrap();
+
+        // Both clients produce the same V1 key for Default namespace
+        assert_eq!(shared_key, ldk_key, "shared and LDK clients should produce same key for Default namespace");
+        // Default namespace V1 key contains '#' separator (obf("#")#obf(key))
+        assert!(ldk_key.contains('#'), "Default namespace V1 key should contain '#' separator");
     }
 
     #[tokio::test]